Privacy Policy

Privacy Policy & Statement of Fearann Eilean Iarmain, comprising:

  • Hotel Eilean Iarmain
  • The Inn @ Àird a’ Bhàsair
  • Fearann Eilean Iarmain
  • Pràban na Linne Ltd; The Gaelic Whiskies & The Gaelic Gins
  • Talla Duisdale Events

This privacy policy statement covers all joint and severally.

Privacy Policy

Hotel Eilean Iarmain is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with the GDPR, the types of personal data that we collect and process about our guests and web-site visitors. It also sets out how we use that information, how long we keep it for and other relevant information about your data.

Who we are

Hotel Eilean Iarmain is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:

Hotel Eilean Iarmain, Sleat, Isleornsay, Isle of Skye, IV43 8QR, Scotland

Email: hotel@eileaniarmain.co.uk

Data protection principles

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for specified and specific purposes
  • only collect the minimum information we need to meet the purpose
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as we need it
  • process it securely, reducing the risk of it being lost or stolen

 

What data we collect about you

Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:

Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.

Contact Data may include your billing address, email address and telephone numbers.

Financial Data may include your bank account and payment card details.

Transaction Data may include details about payments between us and other details of purchases made by you.

Technical Data may include, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access our website.

Profile Data may include bookings you have made with us in the past, your dietary requirements, preferences, feedback and survey responses.

Usage Data may include information about how you use our website.

Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.

We may also process Aggregated Data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.

Where we are required to collect personal data by law, or under the terms of the contract between us and you, if you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver the Services to you). If you don’t provide us with the requested data, we may have to cancel your order of the Services. If we do, we will notify you at that time.

Why we process your data

Under the GDPR, there are 6 lawful reasons for processing personal data, which are:

  • You give consent for us to process your data
  • It is necessary to fulfil a contractual obligation with you
  • There is a regulatory obligation on us to do so
  • It is in the legitimate interest of the company to do so
  • It is in the public interest to do so
  • It is in your vital interest to do so.

 

How we collect your data

We collect personal data about you through a variety of different methods including:

Direct Interactions: You may provide data when filling in forms on the website (or otherwise) by communicating with us by post, phone, email, or otherwise, including when you:

Make a booking

Request marketing material be sent to you

Give us feedback

Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies. Please see our cookie policy / the cookie section of this policy for further details.

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

Analytics providers such as Google based outside the EU;

Identity and Contact Data from publicly available sources such as LinkedIn.

We do not collect sensitive data.

Child Data

It is not our intent to process data from anyone under the age of 16. If we become aware of having been provided data relating to an individual under the age of 16 (without parental consent) we will immediately stop processing and delete any personal data relating to that individual.

Sharing your data

We do not sell or otherwise disclose personal data, except as described here.

We may share your personal data with service providers, employees or contractors that we have retained to perform services or work on our behalf. These parties are provided only with the personal data they need to perform their functions and can only use and disclose such personal data as is necessary to perform services on our behalf or to comply with legal requirements.

In addition, we may disclose your personal data if (a) we are required to do so by law or legal process, (b) to law enforcement authorities or other government officials, or (c) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

We also reserve the right to disclose and transfer your personal data to our new business partners or owners in the event we enter a joint venture with or is sold to or merged with another business entity.

We will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.

Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

How long we keep your data for

In line with data protection principles, we only keep your data for as long as necessary.

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the data we hold on you. These are:

The right to be informed

This means that we must tell you how we use your data, and this is the purpose of this privacy notice

The right of access

You have the right to access the data that we hold on you. To do so, you should make a subject access request.

The right for any inaccuracies to be corrected

If any data that we hold about you is incomplete or inaccurate, you can require us to correct it

The right to have information deleted

If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it

The right to restrict the processing of the data

For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct

The right to portability

You may transfer the data that we hold on you for your own purposes

The right to object to the inclusion of any information

You have the right to object to the way we use your data where we are using it for our legitimate interests

The right to regulate any automated decision-making and profiling of personal data

You have a right not to be subject to automated decision making in way that adversely affects you.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases we may continue to use the data where so permitted by having a legitimate reason for doing so.

Cookies

Like many companies, we use “cookies” or similar objects on our website.

A cookie is a piece of data stored on the users’ hard drive while they are visiting certain websites. It contains simple information about the users’ identity but no personal information. The benefit of using cookies is that it allows us to monitor website traffic and record user’s preferences. They tell us, for example, whether you have visited our website before or if you are a new visitor and to help us identify site features in which you may have the greatest interest. Specifically, we use Google Analytics on our site to do this. Importantly, Google, acting on our behalf, subscribe to the same “best practice” rules of data protection in processing personal data. Cookies may also enhance your online experience, for example, by remembering your passwords and viewing preferences, whilst you are visiting a particular site.

We acknowledge and comply with changes to the rules and regulations in regards to using cookies and similar technologies for storing information. We will ensure that the use of cookies is managed in accordance with national and legal guidelines, such as those that require the consent of website visitors for their use.

By using our website, you agree that we can place these types of cookies on your device.

Most browsers accept cookies automatically, but can be configured not to do so or to notify the user when a cookie is being sent. If you wish to disable cookies, refer to your browser help menu to learn how to disable cookies. Please note that if you disable cookies, you may be unable to access some customised features on our website.

How to complain

We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention.

To do so please write to:

The Data Protection Officer – Hotel Eilean Iarmain, Sleat, Isleornsay, Isle of Skye, IV43 8QR, Scotland

The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been abused or breached in any way by us, you are able to make a complaint to the ICO at https://ico.org.uk/concerns/.

Or by post, telephone or email:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Email: casework@ico.org.uk.

Last updated August 2022