Cornish Cottages Ltd (“We”) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Cornish Cottages Ltd of Mullion Meadows, Mullion, Helston, Cornwall, TR12 7HB, United Kingdom.
Information you provide to us
When using the the forms on our site, whilst emailing us or over the phone you will typically provide us with the following information:
- Name & billing address
- Email address
- Email marketing preferences ( opt in )
- Party members for the holiday
- Optional holiday preferences, such as extras
- Card summary information, eg last 4 digits, type and expiry, SagePay provide these to us when you enter your card details via their site when paying by card.
Information we may passively collect
We may collect your IP address and browser user agent string ( eg “Chrome” ) when you submit forms on the site, this is used for anti-fraud purposes and to identify and block abusive users of the site ( anti-abuse, eg form spam ).
Information we may pass on to third parties
When you pay by card online, we need to supply your billing address to the card processing company ( we use a service called SagePay ), as your bank requires it for anti-fraud checks during processing as part of their address verification system ( to prove that we know your correct address ). SagePay store the details of the transaction which includes your name and address and summary card details ( brand, last 4 digits, expiry date ) as well as optionally a “continuous authority token” if you have opted to remember your card. If you subscribe to our mailing list/s we will need to pass on your name and email to our mailing list service provider ( we use a service called MailChimp ). They use those details to deliver our email as well as track delivery failures so we can prune no longer functional addresses from our list.
If the need arises, we may pass your details ( address, telephone and email ) on to an owner, caretaker or housekeeper, eg. for returning property left behind after a stay, for legal proceedings, customer support or any other justifiable case.
Information third parties may collect
We use a traffic analysis service called Google Analytics, they report aggregate stats about site usage to us, so we do not have the ability to inspect the activity of single “session”, only for instance the number of views a page has had throughout the day with numbers by hour, they may also collect your ip address and browser information to populate network and browser level stats. We also use a service called Tawk.to, which provides online support ( chat ), their “widget” is loaded on most public pages of the site, they may passively collect your ip address and browser information for their own anti-abuse programme as well as showing the support agent where the user may be from ( to country level resolution ).
Information you provide to third parties
When paying by card online or over the phone, those details are entered directly on our payment processors site, so they have access to that data for the purposes of processing your payment. Our card processor is SagePay.
Where and how your information is stored
The information you provide to us is stored primarily in the United Kingdom and as such within the European Economic Area (EEA). If you have subscribed to our newsletter your name and email address may be stored in the USA ( at present, but potentially elsewhere ) via our mailing service provider MailChimp. If you pay online via card, data held by our chosen card processor SagePay may be transferred to or stored outside of the EEA by them or their upstream providers as well as your bank.
Our site as well as that of all of our chosen service providers use SSL/TLS enforced/encrypted connections to protect your information during transit over the Internet.
On our servers your personal details are partially encrypted ( the high resolution components of your address, telephone numbers and email address ) using currently deemed secure methods ( primarily AES 256 with both site and account level keying ).
Your password, if provided is not stored in a recoverable format, a representation of it is stored hashed using a high workload key derivation function, which includes site and per-account level salting, the method we use is currently ( at the time of writing, early 2018 ) deemed secure for password storage by current industry standards.
What do we use your information for?
We use your information for processing your bookings and sending you booking related as well as requested material, such as emails, letters and possibly brochures. If you have opted in to our special offers or news mailing, your name and email will be used to send you occasional special offers or property news via email. Any information we may collect passively as indicated in the section/s above are used to maintain a smooth operation of the site and to track errors as well as performance.
Cookie in use: SID_CC15, ANYA_CC15, propShortList, propPrefs, and 2-3 tawk prefixed variables.
You may disable cookies by following the instructions for your chosen web browser, however the site will cease to fully function for you.
Your access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of up to £10 to meet our costs in providing you with details of the information we hold about you. All of the information that you have provided to us is also visible to you within your online account if you created one during registration ( if not you may ask us to set up an account login free of charge ).
Right to be forgotten
If you wish to have us remove any information that we may have related to you, you may request that we remove that information from our systems where possible. Please note that if you have made financial transactions with us we are required to keep detailed records of those and will not be able to remove information related to those. We can remove your email address, telephone numbers along with anything that may be used for email or online marketing purposes upon request.
Updated 16/05/2018 ( R4 )