- Hotel Eilean Iarmain
- The Inn @ Àird a’ Bhàsair
- Fearann Eilean Iarmain
- Pràban na Linne Ltd; The Gaelic Whiskies & The Gaelic Gins
- Talla Duisdale Events
Hotel Eilean Iarmain is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with the GDPR, the types of personal data that we collect and process about our guests and web-site visitors. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
Who we are
Hotel Eilean Iarmain is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:
Hotel Eilean Iarmain, Sleat, Isleornsay, Isle of Skye, IV43 8QR, Scotland
Data protection principles
In relation to your personal data, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for specified and specific purposes
- only collect the minimum information we need to meet the purpose
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it securely, reducing the risk of it being lost or stolen
What data we collect about you
Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:
Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
Contact Data may include your billing address, email address and telephone numbers.
Financial Data may include your bank account and payment card details.
Transaction Data may include details about payments between us and other details of purchases made by you.
Technical Data may include, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access our website.
Profile Data may include bookings you have made with us in the past, your dietary requirements, preferences, feedback and survey responses.
Usage Data may include information about how you use our website.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We may also process Aggregated Data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
Where we are required to collect personal data by law, or under the terms of the contract between us and you, if you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver the Services to you). If you don’t provide us with the requested data, we may have to cancel your order of the Services. If we do, we will notify you at that time.
Why we process your data
Under the GDPR, there are 6 lawful reasons for processing personal data, which are:
- You give consent for us to process your data
- It is necessary to fulfil a contractual obligation with you
- There is a regulatory obligation on us to do so
- It is in the legitimate interest of the company to do so
- It is in the public interest to do so
- It is in your vital interest to do so.
How we collect your data
We collect personal data about you through a variety of different methods including:
Direct Interactions: You may provide data when filling in forms on the website (or otherwise) by communicating with us by post, phone, email, or otherwise, including when you:
Make a booking
Request marketing material be sent to you
Give us feedback
Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
Analytics providers such as Google based outside the EU;
Identity and Contact Data from publicly available sources such as LinkedIn.
We do not collect sensitive data.
It is not our intent to process data from anyone under the age of 16. If we become aware of having been provided data relating to an individual under the age of 16 (without parental consent) we will immediately stop processing and delete any personal data relating to that individual.
Sharing your data
We do not sell or otherwise disclose personal data, except as described here.
We may share your personal data with service providers, employees or contractors that we have retained to perform services or work on our behalf. These parties are provided only with the personal data they need to perform their functions and can only use and disclose such personal data as is necessary to perform services on our behalf or to comply with legal requirements.
In addition, we may disclose your personal data if (a) we are required to do so by law or legal process, (b) to law enforcement authorities or other government officials, or (c) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We also reserve the right to disclose and transfer your personal data to our new business partners or owners in the event we enter a joint venture with or is sold to or merged with another business entity.
We will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
How long we keep your data for
In line with data protection principles, we only keep your data for as long as necessary.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
The right to be informed
This means that we must tell you how we use your data, and this is the purpose of this privacy notice
The right of access
You have the right to access the data that we hold on you. To do so, you should make a subject access request.
The right for any inaccuracies to be corrected
If any data that we hold about you is incomplete or inaccurate, you can require us to correct it
The right to have information deleted
If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
The right to restrict the processing of the data
For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
The right to portability
You may transfer the data that we hold on you for your own purposes
The right to object to the inclusion of any information
You have the right to object to the way we use your data where we are using it for our legitimate interests
The right to regulate any automated decision-making and profiling of personal data
You have a right not to be subject to automated decision making in way that adversely affects you.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases we may continue to use the data where so permitted by having a legitimate reason for doing so.
Like many companies, we use “cookies” or similar objects on our website.
A cookie is a piece of data stored on the users’ hard drive while they are visiting certain websites. It contains simple information about the users’ identity but no personal information. The benefit of using cookies is that it allows us to monitor website traffic and record user’s preferences. They tell us, for example, whether you have visited our website before or if you are a new visitor and to help us identify site features in which you may have the greatest interest. Specifically, we use Google Analytics on our site to do this. Importantly, Google, acting on our behalf, subscribe to the same “best practice” rules of data protection in processing personal data. Cookies may also enhance your online experience, for example, by remembering your passwords and viewing preferences, whilst you are visiting a particular site.
By using our website, you agree that we can place these types of cookies on your device.
Most browsers accept cookies automatically, but can be configured not to do so or to notify the user when a cookie is being sent. If you wish to disable cookies, refer to your browser help menu to learn how to disable cookies. Please note that if you disable cookies, you may be unable to access some customised features on our website.
How to complain
We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention.
To do so please write to:
The Data Protection Officer – Hotel Eilean Iarmain, Sleat, Isleornsay, Isle of Skye, IV43 8QR, Scotland
The supervisory authority in the UK for data protection matters is the Information Commissioner’s Office (ICO). If you think your data protection rights have been abused or breached in any way by us, you are able to make a complaint to the ICO at https://ico.org.uk/concerns/.
Or by post, telephone or email:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Last updated August 2022