Data protection law
The General Data Protection Regulation May (2018) describes how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically or on paper. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. The GCPR is underpinned by eight important principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Lawful processing
Speyside Wildlife needs to gather and use certain information about individuals, so that we can ensure students have a safe, secure and successful course. These individuals can include guests, customers, suppliers, business contacts, employees and others our organisation has a relationship with, or needs to contact.
This data protection policy ensures Speyside Wildlife:
- Complies with data protection law and follows good practice
- Protects the rights of staff, guests and associates
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
By using our website or contacting us for information, or completing a Booking Form, either in writing or online, you understand and agree that personal information you provide will be held on a database created by us and will be stored for the purpose of providing you with information now and in the future and, where necessary, transferring this information to future SW bookings and providing it as necessary to associated third parties. This website is held on a server based in the UK.
How we use personal information
Personal information provided to us will be used for the purposes outlined at the time of collection in accordance with the preferences you express. Personal data collected and processed by us is treated as strictly private and confidential and we shall never share your data with other third parties. Your data may be used for the following purposes:
- Preparing documentation and disseminating information
- Booking of accommodation; this may include providing health/dietary information.
- Booking of travel elements; this may include providing age/passport information
- Booking of activities; this may include providing height/weight information
- Processing of payments where necessary (we do not store anyone’s financial/banking details)
- Insurance information provided to appropriate persons in the event of an incident on your course
- Communication of SW Marketing information
How long we retain your information
Enquirers’ contact details, including names/addresses/emails/telephone numbers and other incidental information provided to us, are held for three years and then deleted, unless you have gone on to make a booking with us, or you have contacted us to update your information, when a further three years will elapse from the time the contact was made, or course attended, before deletion. If you do not wish us to keep your data once you have completed your course with us, please inform us.
Right to access of information held
You have the right to ask us, in writing, for a copy of all the personal data held about you. This will be sent to you as soon as possible and certainly no later than 30 days after your request.
Our computers all comply with recommended security levels; all databases are password protected and PC screens are locked when unattended. Where printed matter is required, this is stored in locked drawers/cabinets. Paper and printouts are not left where unauthorised people can see them. Any paperwork no longer required is shredded.
When ‘out in the field’ or away on trips, any guests’ personal data the guides require to have with them in order to carry out their instructor duties efficiently and effectively, will be kept with them at all times and is deleted from their possession when the course is completed. Any information provided to our partners to enable your course or experience to be provided successfully, in the majority of circumstances, is only ever names and dietary requirements. Where safety or internal requirements require further information to be provided, our partners are charged with deleting that information from their own records as soon as the course has been completed.
Needless to say we’re very happy you ask us questions at any time about the personal information we hold for you, by emailing us.
Policy prepared by: Speyside Wildlife
Approved by: Suzanne Dowden
Policy became operational on: 25 May 2018
Next review date: 24 May 2020