Privacy and Security Policy

Summary

At Burradon Farm Houses & Cottages we take the security of our guests’ personal data very seriously and are committed to operating in an open and transparent manner and in compliance with applicable laws and regulations, including providing our guests with up-to-date information about our collection and use of personal data. We follow robust procedures to ensure that any personal information can only be accessed by authorised personnel, is kept in a secure environment and retained only for as long as it is needed, after which time it is disposed of securely.

Data Controller

Lucy Docherty.

Types of data collected

Personal data may be collected in the form of: name, address, telephone number, email address and credit/debit card details. This data may be collected during the course of the enquiry, reservation or booking process. We do not actively or deliberately collect personal sensitive information e.g. age, sexual orientation or ethnicity, and we would never require these for any aspect of our business.

The use of data collected

Data is used for the following purposes: setting up a reservation, handling payments, contacting guests regarding their stay and advertising. We may use the data provided by you to periodically inform you by email of any news, special offers, cancellations or last minute availability. Data collected is used exclusively by Burradon Farm Houses & Cottages and its authorised partners. Data collected will not be passed on or sold to any other third parties.

Storage of data

Personal information will not be retained for longer than is necessary to satisfy the enquiry or booking.  Credit/debit card details given over the telephone or in person are kept for the time required to process a transaction or reservation and are securely destroyed immediately. Customer data can only be accessed by authorised personnel who are familiar with our security policy and practices. Personally Identifiable Information is only accessible to a limited number of qualified employees who are given a password in order to gain access to the information held electronically. Paper records are retained in locked cabinets and within secured office premises. All data stored is kept in accordance with the Data Protection Act 1988 and we audit our security systems and processes on a regular basis.

anti virus protection

Our computer systems are continually protected and monitored by anti-virus software.

pci compliance

Payment Card Industry (PCI) compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions.  At Burradon Farm Houses & Cottages we ensure our PCI compliance by collaborating with SecurityMetrics who provide training and advise on best security practices and processes to protect Burradon Farm Houses & Cottages from data theft and to achieve compliance with the PCI data security standard.

ON-LINE PAYMENTS

Our online booking system is provided by SuperControl, the UK’s leading booking and property management system.  SuperControl is PCI compliant and data is protected by state-of-the-art encryption.  Their systems are scanned frequently for thousands of vulnerabilities and their security experts carry out regular tests.  SuperControl’s strict security standards are designed to prevent card fraud.

SuperControl partners with HolidayRentPayment powered by Yapstone, the leading online payment solution for holiday rental properties.  Online payments are processed by HolidayRentPayment and their payment platform is SSAE16/SOC1 certified and Level One PCI compliant.

Your payment details are not made known to or are accessible by us.

CARD payments

Card payments over the telephone or in person are processed using a Barclaycard PDQ Terminal.  Credit/debit card details given over the telephone or in person are kept for the time required to process a transaction or reservation and are securely destroyed immediately after use.  Access to this information is restricted.

INCIDENT HANDLING PROCEDURE

In the event of there being a security breach of data we will follow our Incident Handling Procedure:

The Data Controller will conduct an initial investigation of the suspected compromise immediately.  If compromise of information is confirmed we will:

  • Ensure where possible that no further payment can be made through the affected channel.
  • Inform parties that may be affected (customer, merchant bank, third party booking/payment providers, credit card issuer, fraud control, law enforcement).
  • Document every decision and action taken.

COOKIES

Cookies are small parcels of data stored temporarily on your hard drive while you are browsing a website. These are a standard mechanism used by most websites. By continuing to use this website with cookies enabled, you consent to our use of cookies. Our website uses cookies to keep track of individual users as they progress through the on-line booking process. This is necessary in order to distinguish between users to keep your booking separate from other bookings. However, no personal information that would enable us to identify individuals is either obtained or stored in these cookies. We use a third party service provided by Google Analytics to provide us with further general information about the performance of our website. The data collected by Google is aggregated to show general trends and does not identify individual users. From time to time we may also use other third party services such as Facebook, Twitter and other social media, the presence of which will be readily apparent from their on-screen icons. In each case, any cookies set by the providers of these services are set by them directly. They are not set by our website and we have no control over them. Please refer to these services’ own privacy policies if you wish to check how they use cookies. Should you wish to disable cookies, please refer to your browser’s Help function. Please note however that disabling cookies will affect your ability to use our website, as the on-line booking system may not operate correctly without them. Many websites will not run correctly with cookies disabled, especially ones that require you to log in or that offer any form of checkout or booking process, as cookies are usually needed to keep track of individual transactions.

Accessing your data

You have the right to access your personal data and can opt out of receiving unsolicited information from us, or to update Personally Identifiable Information. You can do this by contacting the Data Controller in writing along with proof of ID.

Disclosure of Personally Identifiable Information to comply with the law

We will disclose Personally Identifiable Information in order to comply with a court order or summons or a request from a law enforcement agency to release information. We will also disclose Personally Identifiable Information when reasonably necessary to protect the safety of our guests.

Links

Our website contains links to other websites. Please note that when you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.

Changes to our Privacy AND SECURITY Policy

Any changes to our Privacy and Security Policy will be posted on our website.

June 2024 Burradon Farm Houses & Cottages. All rights reserved.
Unauthorised duplication or publication of any materials from this Site is expressly prohibited.