This privacy policy governs the collection, storage and use of personal data collected by North Highfield, a trading name of Philip Edward Murray. The information may be gathered through our website at https://northhighfield.com, through one of our affiliate partner websites, via a telephone conversation or through our normal business activities supporting the provision of holiday let or other accommodation, and associated services.
Specifically, this privacy policy provides you with details about the personal data we collect and hold about you, how we use your personal data, and your rights regarding the personal data we hold about you.
Please read this privacy policy carefully – by continuing to access or browse our websites, or by requesting the provision of services from us, you confirm that you have read and understood this privacy policy in its entirety.
This Privacy Policy supplements other notices and terms published on our website (including our terms of use) and is not intended to override them.
Overview
We absolutely respect your right to privacy. Our overall aim is to ensure that our collection and use of personal data is appropriate to the provision of services to you and our clients and is in accordance with applicable data protection laws.
Who we are
North Highfield is the data controller of the personal data that we collect from you. It is a trading name of an individual, Philip Edward Murray.
You can contact us in relation to this privacy policy by email at northhighfield@gmail.com
The personal data we collect about you
If you (either as an individual or as part of a group booking) are seeking to rent North Highfield we will usually collect the minimum information required to fulfil your needs. This will likely include your name, contact details, payment details, date of birth, details of other members of your party plus information on your specific requirements in order to customise your holiday and deliver your specific requirements.
If you sign up to join our mailing list we will collect your name and email address, together with your consent to receive communications from us. This consent can be removed at any time simply by sending a request to unsubscribe to northhighfield@gmail.com.
How we store, use and share your personal data
We collect, store and use your personal details as outlined above for our legitimate business interests, so that we can fulfil both your immediate and any potential future holiday booking or enquiry needs. This storage and use of your personal data allows you to be contacted about both your current booking or enquiry.
Should you request that we pass on supplementary information that you wish to provide to our affiliated service partners then we will do so and will only hold that information on your behalf as part of your booking record.
Where you are completing a booking on behalf of other people, this Privacy Policy will apply to all personal data provided and you are required to bring this Privacy Policy to their attention so that they are also informed of how we will process their personal data.
Individuals who join our mailing list
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, you have not opted out of receiving that marketing. You will also receive marketing communications from us if you have provided us with your details when you entered a competition or registered for a promotion and gave us your consent as part of that process. As such, we may contact you with details of our properties, services, offers and other marketing items which we believe will be of interest or potential benefit. We do not believe that this storage and use of your personal data will unduly prejudice your rights or freedoms. You can remove your consent at any time sending an unsubscribe request to northhighfield.com.
Anonymous data
We also collect anonymised details about visitors to our websites for the purposes of generating site statistics, reporting purposes or improving our website and marketing effectiveness. However, no single individual will be identifiable from the anonymised details we collect for these purposes.
How we might otherwise share your personal data and who we share it with
We will disclose information under the following circumstances:
• Third-party service providers: When we share information with third-party service companies for them to facilitate or to provide certain services on our behalf. This will include:
• IT support service providers;
• third-party service providers who track our customers’ use of the sites and our services for us.
• other third-parties who we may need to work with to deliver services and/or facilitate your booking and holiday (including any holiday extras), for example, providers of property management services (including, but not limited to, housekeeping, property maintenance etc).
These third-parties are contracted to use your personal data only as necessary to provide the relevant services to us and are required to maintain full security and confidentiality.
Compliance with laws and legal proceedings: When we respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. When we believe it is necessary to share information in order to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.
In some, relatively limited, circumstances we need to handle your personal data in a certain way to be able to comply with our legal obligations – for example: if we are requested to disclose your personal data to regulatory bodies or if we need to demonstrate our compliance with applicable law such as any tax and national insurance legislation relating to the payment of personal service company contractors and immigration law.
International transfers
We store and process data within the United Kingdom or European Economic Area (EEA). However, some of our internal management systems use international service providers who may carry out processing outside of the UK or EEA. If this processing is carried out in the USA your data is protected, with additional safeguards in place as required by the GDPR, by the use of Standard Contractual Clauses for each of the service providers concerned. If you would like more details on this, please contact us using northhighfield@gmail.com
Cookies
Technologies such as cookies, beacons, tags and scripts are used by us and our affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the sites, tracking users’ movements around the sites and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We use cookies, for example, to remember users’ settings (e.g. language preference) and for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our sites, but your ability to use some features or areas of our sites may be limited.
Please read more about how we use cookies and what information is collected using cookies in our Cookies Policy.
Security
We employ comprehensive, reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal data we process. This includes organisational security (passwords and access controls), physical security (data centre protection) and IT security (encryption). Please note that no transmission over the Internet can ever be guaranteed secure and as a consequence please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
Data Retention
We retain information (including personal data) for the minimum reasonable time period to allow us to provide our services and to comply with legal requirements which require us to retain transactional records for six years following the end of the tax year in which you last interact with us. The only exceptions are in cases where we need to keep limited personal data to resolve ongoing disputes, or enforce our agreements.
Should you require more detail about our retention timescales for a specific category of data or information please contact us at northhighfield@gmail.com.
Your rights
You have certain rights in relation to your personal data. If you would like further information in relation to these or would like to exercise any of them, please contact us at northhighfield@gmail.com at any time. You have the right to request that we:
• provide access to any personal data we hold about you;
• update any of your personal data which is out of date or incorrect;
• delete any personal data which we are holding about you;
• restrict the way that we process your personal data;
• prevent the processing of your personal data for direct-marketing purposes;
• provide your personal data to a third-party provider of services;
• provide you with a copy of any personal data which we hold about you; or
• consider any valid objections which you have to our use of your personal data.
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal data may be exempt from such requests in certain circumstances.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
Third party sites
Our websites contain links to other websites operated by third parties. Please note that this privacy policy applies only to the personal data that we collect through our site or services, and we cannot be responsible for personal data that third parties may collect, store and use through their website. You should always read the privacy policy of each website you visit carefully.
Supporting the NHS Test and Trace system
The lawful basis for processing your personal data for NHS Test and Trace has changed from legitimate interest to legal obligation.
You no longer have the right to opt out of sharing your details for the purpose of NHS Test and Trace.
What information do we collect?
We may record your contact information when you visit any of our properties including:
• Name
• Telephone number or email address
• Date of visit, arrival time and departure time
You should use the option, where available, to ‘check-in’ using the official NHS QR code in order to provide your contact details. If you are using the NHS app then we will not be directly processing your data and you should consult the NHS app privacy policy for further information.
How will your information be used?
We will only use this information for the purpose for which it has been collected. Where it is necessary for us to collect information which we would not normally collect in our usual course of business it will only be used for the purposes of NHS Test and Trace. We will not use this information for any other purpose such as marketing.
The legal basis for using your information
Processing your personal data for the purposes of NHS Test and Trace is necessary for us to comply with our legal obligation as set out in the Health Protection (Coronavirus, Collection of Contact Details etc and Related Requirements) Regulations 2020.
Who will your information be shared with?
NHS Test and Trace will only ask us for this information where it is necessary, either because someone who has tested positive for COVID-19 has listed North HIghfield as a place they visited recently, or because North Highfield has been identified as the location of a potential local outbreak of COVID-19.
We will only share this information when it is requested by NHS Test and Trace. We will ensure that this information is shared in a safe and secure way.
Where information is shared with NHS Test and Trace the Department of Health and Social Care (DHSC) will be the data controller for the information at the point it receives the data from us. The DHSC Privacy notice for maintaining records to support NHS Test and Trace is available at https://www.gov.uk/government/publications/privacy-notice-for-maintaining-records-of-staff-customers-and-visitors-to-support-nhs-test-and-trace/privacy-notice-for-maintaining-records-of-staff-customers-and-visitors-to-support-nhs-test-and-trace
How long will we keep your information?
Information that is collected solely for the purposes of NHS Test and Trace will be retained for 21 days from the departure date of your visit after which time it will be automatically and securely deleted.
Your rights
The NHS Test and Trace Scheme helps us to keep you safe. We are required by law to record and share your data if it is requested by the NHS, in order to participate in this scheme.
Changes to this Privacy Policy
This privacy policy was last updated in December 2021.
Please check back regularly to keep informed of updates to this privacy policy. Where we make significant changes to this privacy policy, and we have your email address, we will send you notification of the changes.
Complaints, questions and suggestions
UK Data Protection
All queries regarding our processing of personal data should be directed to northhighfield@gmail.com
Article 27 Representative
Article 27 of the EU GDPR requires organisations that process EEA residents’ data, and that are based outside the European Economic Area (EEA), to appoint a EEA Representative. This is Philip Edward Murray, who may be contacted via northhighfield@gmail.com.
You may also make a complaint to your supervisory body for data protection matters (the Information Commissioner’s Office in the UK) or seek a remedy through local courts if you believe your rights have been breached.
If you have any complaints, questions and suggestions about our sites or services, please contact us using our contact form.