Privacy Statement
Web Privacy
This website uses three web analytics tools - Google Analytics.
These tools use cookies - text files kept on your computer to collect standard internet log info and movement on the website in an anonymous form. The info generated by the cookie (including IP address) is transmitted to the respective provider (who are all GDPR compliant).
This info is used to give us a better understanding of how people use the website.
We use Google Analytics & AdWords remarketing codes to log when people view specific pages on this website. This enables us to provide targeted advertising - if you do not wish to receive targeted advertising you can opt out using the DoubleClick opt-out page or the Network Advertising Initiative opt-out page.
We're always looking at ways to improve ULH - if there's any aspect of the website or our policies that causes you concern, please tell us and we'll investigate.
Email Newsletters
Email addresses provided for order processing, are used to send info relating to enquiries or bookings; in addition we occasionally send company news, updates, related products, etc. If at any time you wish to stop receiving emails from us there's an unsubscribe link in each email.
We do not sell, trade, or otherwise transfer personal details to outside parties.
Unique Properties is a registered member of ICO.
ICO - Application confirmation ICO:00013085465
Introduction
Welcome to Unique Properties Limited’s (“Owner”) privacy policy.
The Owner respects your privacy and is committed to protecting your personal data. This privacy policy will inform you how we look after your personal data when you visit our Site (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.
Purpose of this privacy policy
This privacy policy aims to give you information on how the Owner collects and processes your personal data through your use of this Site, including any data you may provide through this website when you purchase a product or service.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your Data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Controller
The Owner is made up of different legal entities, details of which can be found here: [LINK TO COMPANIES HOUSE] (“Owner’s Group”). This privacy policy is issued on behalf of the Owner’s Group so when we mention the Owner, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Owner’s Group responsible for processing your data. The Owner is the controller and responsible for this Site.
If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details set out below.
Contact details
Unique Properties Ltd.
Cardiff House, Cardiff Road
Barry, Vale of Glamorgan
CF63 2AW
Wales
United Kingdom
Owner contact email: privacy@uniqueluxuryholidays.com
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Types of Data collected
Personal Data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data)
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
· Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
· Contact Data includes billing address, delivery address, email address and telephone numbers.
· Financial Data includes bank account and payment card details.
· Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
· Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
· Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
· Usage Data includes information about how you use our website, products and services.
· Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect and Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Site.
Unless specified otherwise, all Data requested on this Site is mandatory and failure to provide this Data may make it impossible for us to provide our Services. In cases where this Site specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact us.
Any use of Cookies – or of other tracking tools – by this Site or by the owners of third-party services used by this Site serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in our Cookie Policy, if available.
Users are responsible for any third-party Personal Data obtained, published or shared through this Site and confirm that they have the third party's consent to provide the Data to the Owner.
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How is your Personal Data collected?
We use different methods to collect Data from and about you including through:
· Direct interactions. You give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
o purchase our goods and/or services;
o create an account on our website;
o request marketing to be sent to you;
o enter a competition, promotion or survey; or
o give us feedback or contact us.
· Automated technologies or interactions. As you interact with our Site, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using Cookies and other similar technologies. Please see our cookie policy for further details.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
· Users have given their consent for one or more specific purposes. Note: Under some legislation the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
· provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
· processing is necessary for compliance with a legal obligation to which the Owner is subject;
· processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
· processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
The Data concerning the User is collected to allow the Owner to provide its Service, as well as for the following purposes: backup saving and management, contacting the User, Data transfer outside the EU, device permissions for Personal Data access, analytics, displaying content from external platforms, tag management, interaction with external social networks and platforms, managing contacts and sending messages and location-based interactions
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your Data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out in the table below.
Purpose/Activity
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
(a) Identity
(b) Contact
Performance of a contract with you
To process and deliver our Services including:
(a) manage payments, fees and charges
(b) collect and recover money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
(a) Technical
(b) Usage
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
Place
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Marketing
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want to or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing messages sent to you
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, product/service experience or other transactions.
Cookies
You can set your browser to refuse all or some browser Cookies, or to alert you when websites set or access Cookies. If you disable or refuse Cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the Cookies we use, please see Cookie Policy.
Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of your Personal Data
We may share your Personal Data with the parties set out below for the purposes set out in the table above:
· Internal Third Parties (as set out in the Glossary).
· External Third Parties (as set out in the Glossary).
· Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
· To comply with legal processes, to establish or exercise our legal rights, to defend against legal claims or as otherwise required by law.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Data Security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention time
Personal Data shall be processed and stored for as long as required by the purpose it has been collected for.
Therefore:
Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Device permissions for Personal Data access
Depending on the User's specific device, this Site may request certain permissions that allow it to access the User's device Data as described below.
By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in this privacy policy.
The exact procedure for controlling application permissions may be dependent on the User's device and software.
Please note that the revoking of such permissions might impact the proper functioning of this Site.
If the User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Site.
Approximate location permission (non-continuous)
Used for accessing the User's approximate device location. This Site may collect, use, and share User location Data in order to provide location-based services.
The geographic location of the User is determined in a manner that isn't continuous. This means that it is impossible for this Site to derive the approximate position of the User on a continuous basis.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Analytics
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behaviour.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Site, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out. Privacy Shield participant.
Backup saving and management
This type of service allows the Owner to save and manage backups of this Site on external servers managed by the service provider itself. The backups may include the source code and content as well as the Data that the User provides to this Site.
Backup on Google Drive (Google Inc.)
Google Drive is a service to save and manage backups provided by Google Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Contacting the User
Contact form (this Site)
By filling in the contact form with their Data, the User authorizes this Site to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
Personal Data collected: Identity; Contact; various types of Data.
Mailing list or newsletter (this Site)
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Site. Your email address might also be added to this list as a result of signing up to this Site or after making a purchase.
Personal Data collected: Identity; Contact; Usage Data; website; ZIP/Postal code.
Phone contact (this Site)
Users that provided their phone number might be contacted for commercial or promotional purposes related to this Site, as well as for fulfilling support requests.
Personal Data collected: Contact.
Data transfer outside the EU
The Owner is allowed to transfer Personal Data collected within the EU to third countries (i.e. any country outside the European Economic Area (“EEA”)) only pursuant to a specific legal basis. Any such Data transfer is based on one of the legal bases described below.
Users can enquire with the Owner to learn which legal basis applies to which specific service.
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
· We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
· Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
· Where we use providers based in the US, we may transfer Data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us f you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
Data transfer abroad based on consent (this Site)
If this is the legal basis, Personal Data of Users shall be transferred from the EU to third countries only if the User has explicitly consented to such transfer, after having been informed of the possible risks due to the absence of an adequacy decision and appropriate safeguards.
In such cases, the Owner shall inform Users appropriately and collect their explicit consent via this Site.
Personal Data collected: various types of Data.
Data transfer abroad based on standard contractual clauses (this Site)
If this is the legal basis, the transfer of Personal Data from the EU to third countries is carried out by the Owner according to “standard contractual clauses” provided by the European Commission.
This means that Data recipients have committed to process Personal Data in compliance with the data protection standards set forth by EU data protection legislation. For further information, Users are requested to contact the Owner through the contact details provided in the present document.
Personal Data collected: various types of Data.
Data transfer from the EU and/or Switzerland to the U.S based on Privacy Shield (this Site)
If this is the legal basis, the transfer of Personal Data from the EU or Switzerland to the US is carried out according to the EU - U.S. and Swiss - U.S. Privacy Shield.
In particular, Personal Data is transferred to services that self-certify under the Privacy Shield framework and therefore guarantee an adequate level of protection of such transferred Data. All services are listed within the relevant section of this document and those that adhere to Privacy Shield can be singled out by checking their privacy policy and possibly also by specifically checking for Privacy Shield adherence in the official Privacy Shield List. Privacy Shield also specifically guarantees rights to Users which can be found in its most current form on the website run by the US Department of Commerce.
Personal Data may be transferred from within the EU or Switzerland to the U.S. to services that are not, or not anymore, part of Privacy Shield, only based on other valid legal grounds. Users can ask the Owner to learn about such legal grounds.
Personal Data collected: various types of Data.
Data transfer to countries that guarantee European standards (this Site)
If this is the legal basis, the transfer of Personal Data from the EU to third countries is carried out according to an adequacy decision of the European Commission.
The European Commission adopts adequacy decisions for specific countries whenever it considers that country to possess and provide Personal Data protection standards comparable to those set forth by EU data protection legislation. Users can find an updated list of all adequacy decisions issued on the European Commission's website.
Personal Data collected: various types of Data.
Other legal basis for Data transfer abroad (this Site)
If no other legal basis applies, Personal Data shall be transferred from the EU to third countries only if at least one of the following conditions is met:
· the transfer is necessary for the performance of a contract between the User and the Owner or of pre-contractual measures taken at the User’s request;
· the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the User between the Owner and another natural or legal person;
· the transfer is necessary for important reasons of public interest;
· the transfer is necessary for establishment, exercise or defence of legal claims;
· the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent. In such cases, the Owner shall inform the User about the legal bases the transfer is based on via this Site.
Personal Data collected: various types of Data.
Device permissions for Personal Data access
This Site requests certain permissions from Users that allow it to access the User's device Data as described below.
Device permissions for Personal Data access (this Site)
This Site requests certain permissions from Users that allow it to access the User's device Data as summarized here and described within this document.
Personal Data collected: Approximate location permission (non-continuous).
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Site and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc. that allows this Site to incorporate content of this kind on its pages.
Personal Data collected: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Google Maps widget (Google Inc.)
Google Maps is a maps visualization service provided by Google Inc. that allows this Site to incorporate content of this kind on its pages.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
YouTube video widget (Google Inc.)
YouTube is a video content visualization service provided by Google Inc. that allows this Site to incorporate content of this kind on its pages.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
YouTube video widget without cookies (Google Inc.)
YouTube is a video content visualization service provided by Google Inc. that allows this Site to incorporate content of this kind on its pages.
This widget is set up in a way that ensures that YouTube won't store information and cookies about Users on this Site unless they play the video.
Personal Data collected: Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Site.
The interaction and information obtained through this Site are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Site isn’t being connected back to the User’s profile.
Google+ +1 button and social widgets (Google Inc.)
The Google+ +1 button and social widgets are services allowing interaction with the Google+ social network provided by Google Inc.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
YouTube button and social widgets (Google Inc.)
The YouTube button and social widgets are services allowing interaction with the YouTube social network provided by Google Inc.
Personal Data collected: Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Location-based interactions
Non-continuous geolocation (this Site)
This Site may collect, use, and share User location Data in order to provide location-based services.
Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Site.
The geographic location of the User is determined in a manner that isn't continuous, either at the specific request of the User or when the User doesn't point out its current location in the appropriate field and allows the application to detect the position automatically.
Personal Data collected: geographic position.
Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
Mailchimp (The Rocket Science Group, LLC.)
Mailchimp is an email address management and message sending service provided by The Rocket Science Group, LLC.
Personal Data collected: Identity; Contact; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Tag Management
This type of service helps the Owner to manage the tags or scripts needed on this Site in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data collected: Cookies; Usage Data.
Place of processing: United States – Privacy Policy. Privacy Shield participant.
Further information about Personal Data
Web Hosting (Tilaa BV)
Processing Agreement
Iperium Real Estate
Privacy
Analysis and predictions based on the User’s Data (“profiling”)
The Owner may use the Personal and Usage Data collected through this Site to create or update User profiles. This type of Data processing allows the Owner to evaluate User choices, preferences and behaviour for the purposes outlined in the respective section of this document.
User profiles can also be created through the use of automated tools like algorithms, which can also be provided by third parties. To find out more, about the profiling activities performed, Users can check the relevant sections of this privacy policy.
The User always has a right to object to this kind of profiling activity. To find out more about the User's rights and how to exercise them, the User is invited to consult the section of this document outlining the rights of the User.
Automated decision-making
Automated decision-making means that a decision which is likely to have legal effects or similarly significant effects on the User, is taken solely by technological means, without any human intervention. This Site may use the User's Personal Data to make decisions entirely or partially based on automated processes according to the purposes outlined in this document. This Site adopts automated decision-making processes as far as necessary to enter into or perform a contract between User and Owner, or on the basis of the User’s explicit consent, where such consent is required by the law.
Automated decisions are made by technological means – mostly based on algorithms subject to predefined criteria – which may also be provided by third parties.
The rationale behind the automated decision making is:
· to enable or otherwise improve the decision-making process;
· to grant Users fair and unbiased treatment based on consistent and uniform criteria;
· to reduce the potential harm derived from human error, personal bias and the like which may potentially lead to discrimination or imbalance in the treatment of individuals etc.;
· to reduce the risk of User's failure to meet their obligation under a contract. To find out more about the purposes, the third-party services, if any, and any specific rationale for automated decisions used within this Site, Users can check the relevant sections in this document.
Consequences of automated decision-making processes for Users and rights of Users subjected to it
As a consequence, Users subject to such processing, are entitled to exercise specific rights aimed at preventing or otherwise limiting the potential effects of the automated decisions taken.
In particular, Users have the right to:
· obtain an explanation about any decision taken as a result of automated decision-making and express their point of view regarding this decision;
· challenge a decision by asking the Owner to reconsider it or take a new decision on a different basis;
· request and obtain from the Owner human intervention on such processing. To learn more about the User’s rights and the means to exercise them, the User is invited to consult the section of this document relating to the rights of the User.
Personal Data collected through sources other than the User
The Owner of this Site may have legitimately collected Personal Data relating to Users without their knowledge by reusing or sourcing them from third parties on the grounds mentioned in the section specifying the legal basis of processing.
Where the Owner has collected Personal Data in such a manner, Users may find specific information regarding the source within the relevant sections of this privacy policy or by contacting the Owner.
Selling goods and services online
The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Site depends on the payment system used.
The rights of Users
Under certain circumstances, you have rights under data protection laws in relation to your Personal Data.
In particular, Users have the right to do the following:
· Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
· Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
· Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
· Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
· Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
· Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
· Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
· Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this privacy policy. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month. We may charge a reasonable fee if your request if clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Additional information about Data collection and processing
Legal action
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Site or the related Services.
The User acknowledges that the Owner may be required to reveal Personal Data upon request of public authorities.
Additional information about User's Personal Data
In addition to the information contained in this privacy policy, this Site may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this Site and any third-party services may collect files that record interaction with this Site (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
This Site does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Changes to this privacy policy and your duty to inform us of changes
The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within this Site and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
This version was last updated on [Jan 08th 2020].
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Glossary
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification of a natural person.
Usage Data
Information collected automatically through this Site (or third-party services employed in this Site), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Site) and the details about the path followed within the Site with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
User
The individual using this Site who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Site. The Data Controller, unless otherwise specified, is the Owner of this Site.
Site
This website owned by the Owner.
Service
The service provided by this Site as described in the relative terms (if available) on this Site.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies
Small sets of data stored in the User's device.
Internal Third Parties
Other companies in the Owner’s Group acting as joint controllers or processors and who are based in the United Kingdom and Portugal and provide IT and system administration services and undertake leadership reporting.
External Third Parties
· Services providers acting as processors based in the United Kingdom who provide IT and system administration services.
· Suppliers including but not limited to property managers or owners who fulfil travel reservations, and third-party providers of other services such as photography (if such services are made available from time to time, and you choose to avail of them). Please note that these suppliers may also contact you as necessary to obtain additional information about you or your travel plans, to facilitate travel reservations or bookings or for other purposes consistent with the practices described in their privacy policies and terms of use.
· Payment solution providers, whereby you agree that we may share data about you with the payment solution provider and vice versa in order to facilitate or assess your use of the online payment platform or for other internal purposes. Such data may include details of enquiries, bookings, transactions, refunds, chargebacks or other claims or events relating to advertisements and/or payments.
· Third-party vendors who provide services or functions on our behalf, including business analytics, payment processing, customer service, marketing, public relations, distribution of surveys or promotions and fraud prevention, We may also authorise third party vendors to collect information on our behalf, including for example, as necessary to operate features of our Site or to facilitate the delivery of online advertising tailored to your interests. Third party vendors have access to and may collect information only as needed to perform their functions and are not permitted to share or use the information for any other purpose.
· Professional advisers acting as processors or joint controllers including lawyers, banks, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
· HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
Legal information
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Site, if not stated otherwise within this document.
Latest update: 08-01-2020