Some key terms are defined as follows, and throughout this document:
- Crofty Towers ("Crofty Towers”), "www.croftytowers.co.uk", "we", "us", or "our") is the company that collects and processes Personal Data for the purposes described in this Policy.
- Our Services are detailed in the 'About Crofty Towers section.
- Personal Data is any information relating to an identified or identifiable natural person ("Data Subject")
The way in which we store data, process data and run our business is done in a GDPR compliant manner. Upon request we can provide details of data flow, a data inventory, a data breach policy, an employee dismissal log, details on the employee security training we have in place and more. Please follow the instructions in the contact section below to request any information not present in this policy.
In short, we only gather Personal Data we need, we only keep it for as long as is needed, we only use it for what we state below, you can request to correct/edit/remove it, we store it securely, we do not pass it to third parties unless otherwise stated and we aim to be transparent with how we use Personal Data.
About Crofty Towers
Crofty Towers is a vacation rental business. We advertise vacation rental properties, take enquiries about these properties, take bookings at properties, take payments towards bookings and provide other booking related services.
Crofty Towers uses WordPress, an online website management & booking system to produce our website, keep track of bookings, enquiries, payments and more.
Crofty Towers is committed to the protection of Personal Data, including data that we use for our own purposes, and that we maintain on behalf of any property owners we may work with.
Collection and Use of Personal Data
Crofty Towers collects information, including Personal Data, for the following purposes:
- Improving our website's content and user experience
- Internal business purposes
- Facilitating and storing the details of online & offline bookings/payments
Your consent to this policy (where requested) is tracked.
This Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable individual (Data Subject).
The services of Crofty Towers are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.
The use of our website by an individual classes them as a 'legitimate interest', visiting the site is enough to identify this, data associated with an individual's visit needs to be processed for efficient site operation. Any data collected will be used in a conservative way to help maintain the individual's rights & freedoms.
Improving our website's content and user experience
In the course of providing the website hosting services, Crofty Tower may receive, access, analyse, process and maintain Personal Data on behalf of us.
We determine the types of Personal Data that will be collected and used within Crofty Tower, how it will be used and disclosed, and how long it will be stored. For any questions relating to how your Personal Data is used by Crofty Tower which are not covered in this policy, please contact Crofty Tower directly via email: email@example.com.
Crofty Tower's Usage Information is collected, including information about how you are accessing and using our site. Crofty Tower directly uses information to understand and improve their services and exposes it to us so that we able to do the same for our business. Usage information may also be used to investigate and prevent security issues, abuse and fraud.
Internal Business Purposes
We may collect personal data from you through our Website (https://www.croftytowers.co.uk), social media, over the phone, and other channels for the following purposes:
Responding to your enquiries: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and offerings.
Informing you about offerings: We may use your contact information for our own marketing or advertising purposes. We do not sell or rent your Personal Data to third parties. You can opt out of these at any time by following the steps outlined below.
To Understand and Improve our Services and Website Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
Facilitating and storing the details of online & offline bookings/payments
We collect Personal Data via our online booking form, over the telephone or via other channels to be able to store a record of who has (attempted to, confirmed, cancelled, etc) booked a property we may be or have been advertising.
Third Party Links
Third Party Tools/Services
We use a number of third party tools & services (sub-processors) that Personal Data may be sent to, including:
- Google Analytics: To help us gain an insight into the performance and usage of our website.
- FullStory: To help improve the user experience of our website by recording a sample of user sessions.
We have different timeframes on various elements of Personal Data that we hold dependent on its purpose. Once we no longer need to retain your Personal Data, we will make sure that it is deleted or anonymised.
We retain Personal Data provided for bookings indefinitely as these records form important financial evidence for tax purposes. We can at request de-personalise booking data, we may not be able to do this if we still need said Personal Data for tax or other legal purposes.
Disclosure of your Personal Data
As a matter of practice, Crofty Towers does not disclose, trade, rent, sell or otherwise transfer Personal Data, except as set out in this policy.
We may transfer or disclose Personal Data as follows:
Service Provider Arrangements
We may transfer (or otherwise make available) Personal Data to third parties who process it on our behalf for the purposes noted above. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
As of the date hereof, these third party providers include technical operations such as database monitoring, data storage, hosting services and customer support software tools.
Changes to our Business Structure
Crofty Towers may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of Crofty Towers assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
Compliance with Laws
Crofty Towers and the providers we use may share or disclose Personal Data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
Enforcing Our Rights, Preventing Fraud, and Safety
Crofty Towers may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.
In short, the personal data you provide to us can be provided upon access, we protect it to the best of our ability, we can amend it for you upon request and remove it from our systems upon request.
If you have any complaints, concerns or queries about how we manage Personal Data, please contact us by emailing firstname.lastname@example.org. If you are in the European Union you have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
Access and Correction of Personal Data
If we receive a request from an individual to access or update Personal Data we have collected we will endevour to respond to said request.
If you submit Personal Data via our Website or otherwise provide us with your Personal Data, you may request access, updating or correction and removal of your Personal Data by submitting a request to us via our contact form. We may request certain Personal Data for the purposes of verifying your identity.
How We Protect Personal Data
Crofty Towers takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Personal Data and other information, please see the Security Practices section; we keep that section updated as these practices evolve over time.
As a business both we and the third parties we trust, follow good security practices to help keep Personal Data secure.
Access to Personal Data is limited via a user management system controlled within Crofty Tower. We ensure that anyone with access to Personal Data at Crofty Towers has an awareness of GDPR & good security practices.
In the event of a Personal Data breach we will endevour to notify the relevant legal authorities and inform the effected individuals within 72 hours of identifying said breach. If you believe you have discovered a personal data breach please contact us using the details below immediately.
Please contact us if:
- you wish to access, remove, update, and/or correct inaccuracies in your Personal Data; or
- you otherwise have a question or complaint about the manner in which we or our service providers treat your Personal Data.
Crofty Towers the Croft Upper Goosehill Broughton Green Hanbury Droitwich Worcestershire WR9 7ED