1.1 At Haven we are committed to protecting and respecting your privacy, whilst striving to provide the very best guest experience. We work very hard to keep your information safe and we want our services to be safe and enjoyable for everyone. We follow strict security procedures on how personal information is stored and used and who sees it to help stop any un-authorised person getting hold of it.
2.Identity and Contact Details
2.1 We have a legal duty to protect personal information that we collect under the Data Protection Act 1998, (the “DPA”) and the General Data Protection Regulation (EU) 2016/679, (the “GDPR”).
2.2 For the purpose of the DPA and GDPR, we are the data controller and are located at One Park Lane, Hemel Hempstead, HP2 4YL. If you have any queries relating to this policy you may also contact us at firstname.lastname@example.org.
3.Personal information we collect from you and how we use it
3.1 We may collect and use various types of personal information about visitors to our websites, guests who book a holiday with us and our holiday homeowners. Details of this information are set out below:
a) When you make an enquiry, confirm a booking or buy a holiday home we will collect your name, contact information and details about the places you are interested in so that we can provide you with the information that is of interest to you. This information can include the following:
- Date of Birth
- Telephone contact details
- Email address
- Postal Address
- Ferry booking information (when we arrange this for you)
b) We may collect and use certain other personal information when we correspond with you (whether by telephone, e-mail, social media, web chat or otherwise). This will normally be limited to:
- Email address
- Booking Number/Account Number
- Other information you provide during the course of the correspondence
c) Where there are additional members of your party, we will ask you for their name and age. These are used to allow us to manage your booking.
d) If you take part in a competition we will collect and process information about your entry.
e) We collect information about your credit or debit card where you use it to pay for our services.
We use this information for the following purposes:
a) Providing the products, services and information that you ask us for and performing our obligations to manage your holiday booking or holiday home ownership services.
b) Responding to messages from and corresponding with you regarding your booking or holiday home ownership services and recording any communications.
c) To administer your Haven website account (s)
d) Allowing you to participate in interactive features of our website and other services.
e) Administering competitions that you may enter.
The legal basis for our use of this information is to fulfil our contract(s) with you.
f) We may also use this information for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes.
g) If you request a brochure from us we may call you to check that you have received the information you asked for.
h) To protect our guests and premises from crime, we operate CCTV and Automated Number Plate Recognition (ANPR) systems in our hotels and car parks which record images for security.
i) If we discover any criminal activity or alleged criminal activity through our use of CCTV, we will process this data for the purposes of preventing or detecting unlawful acts. Our aim is to protect our guests and business from criminal activities.
The legal basis for our use of this information is our legitimate interest to protect our guests and business and to develop and improve our services.
3.2 We will collect and use certain technical information about you and your visit when you visit our website. This may include:
- The IP address of the device you use
- The pages you visit on our website, whether the page load was successful and the order in which you visit them
- The browser which you are using
We collect this for the following purposes:
a) Improving our website and ensuring that content is presented effectively.
c) To proactively offer you advertising which we believe will be of interest when you visit other websites
d) Administering our website and other systems and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
The legal basis for our use of this information is our legitimate interest in developing and improving our services.
3.3 We may collect details of your marketing preferences and whether or not you want to receive certain marketing messages (e.g. marketing e-mails or direct marketing via post) from us.
We combine this with your personal information detailed in 3.1 & 3.2 and we use this information for the following purposes:
a) Providing you with marketing information about our services that we feel may interest you if you have agreed to receive these (you can unsubscribe at any time using links provided in our e-mails or through the return address provided). Email marketing information may also be provided through advertising on websites.
b) Providing information about changes to our services.
Where you have booked or received a quotation for a holiday with us, received a quotation for a holiday home purchase with us or own a holiday home with us.
The legal basis for our use of this information is our legitimate interests in promoting and selling our services. You have the right to object to us processing this data at any time and our right to process data is not overridden by your interests, fundamental rights and freedoms.
If you have not booked or received a quotation for a holiday or holiday home purchase with us, the legal basis for our use of this information is your consent. You have the right to withdraw your consent at any time
c) We may collect certain other information that you give us, for example, if you take part in discussion boards or other social media functions on our website, participate in a web chat, register with us for and/or enter into competitions or promotions, complete surveys, or report problems with our website.
d) If you are involved in a reportable accident or incident while you are with us, we will record your details and the incident details in our accident book The legal basis for our use of this information is our legitimate interests in managing our business and developing our services.
3.4 We combine the information you provide with certain information we obtain from other sources. This can include:
- Electoral roll
- Credit reference agencies
- Demographic information
We process this information to:
a) improve our ability to present you with offers which may be of interest to you Where you have booked or received a quotation for a holiday with us, received a quotation for a holiday home purchase with us or own a holiday home with us. The legal basis for our use of this information is our legitimate interests in promoting and selling our services. You have the right to object to us processing this data at any time and our right to process data is not overridden by your interests, fundamental rights and freedoms. If you have not booked or received a quotation for a holiday or holiday home purchase with us, the legal basis for our use of this information is your consent. You have the right to withdraw your consent at any time
b) validate your identity so that we can accept your booking or purchase
c) protect our business and you from fraud and other illegal activities The legal basis for our use of this information is our legitimate interests in managing our business and promoting our services.
4.How we use Sensitive Personal Information
4.1 We do not normally collect sensitive personal information from you. However, if you make us aware of any special requests for your booking including anything due to specific medical, dietary or religious requirements, we will note these so that we can do our best to meet your request. We will not process this data for any other purpose. The legal basis for our use of this data is your consent and to fulfil our contract with you. You have the right to object to us processing this data at any time and our right to process data is not overridden by your interests, fundamental rights and freedoms.
5.How We Share Personal Information
5.1 We do not share website visitor and guest personal information with third parties for the purposes of the third party sending you marketing information.
5.2 We share our website visitor and guest personal information, as necessary, with the following third parties:
a) Any member of our group, which includes our subsidiaries
b) Selected third parties, such as business partners and service providers where we ask them to fulfil services which enhance your holiday experience or provide other services such as fulfilment of marketing activities or maintenance of your holiday home. In these cases, the third parties act as Data Processors for us and your information remains in our care and under our control.
c) Prospective buyers of our business or assets.
d) Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our guests, staff and assets or when obliged to by court order or similar legal obligation.
e) Third parties, such as law firms and law courts, to enforce or apply any contract with you.
6.Where We Transfer and Store Personal Information
6.1 The personal information that we collect from our website visitors and guests will be transferred to and stored at, destinations outside the European Economic Area, (the "EEA”). To safeguard your personal information and to make sure that it is properly protected we have put in place contractual safeguards with our Data Processors.
7.Retention of Personal Information
7.1 We will keep your personal information for limited and appropriate periods of time only.
8. Your Rights in Your Personal Information
8.1 You have certain rights in respect of the personal information that we hold about you. Details of these rights are set out below. To exercise any of these rights, please contact us at email@example.com.
8.2 We will process all personal data in line with your rights, in each case to the extent required by and in accordance with applicable law only (including in accordance with any applicable time limits and any requirements regarding fees and charges). We will respect your personal information rights in respect of:
We will confirm to you whether or not we are processing and using personal information about you, at your request and, if so, provide you with access to and a copy of such personal information and the other details to which you are entitled.
We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about you.
c) Prevention of processing likely to cause damage or distress.
We will respect your rights under the DPA to require us to cease or not to begin processing your personal information for a specific purpose, or in a specific way, that is likely to cause you or any third parties unwarranted damage or distress.
We will erase your personal information at your request without undue delay.
We will restrict the processing of your personal information in certain circumstances if you ask us to do so.
f) Data portability.
We will provide you or third parties on your behalf with a copy of any personal information that we hold about you which you have provided to us in a structured, commonly used and machine-readable format.
g) Objection (including objection to direct marketing).
We will respect your general rights to object to the processing of your personal information in certain circumstances, including for direct marketing purposes. We will usually inform you (before collecting your information) if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes.
h) Automated decisions and profiling.
We will not make decisions based on automated processing, including profiling
10. How we look after your information
10.1 We treat your information with the utmost care and take all appropriate steps to protect it.
10.2 We secure access to all transactional areas of our websites and apps using ‘https’ technology.
10.3 Access to your personal information is password-protected, and sensitive data is secured and tokenised to ensure it is protected.
10.4 We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
12. Contact and Complaints