Last updated 21 July 2022.
We do not collect sensitive information, and we do not knowingly collect information from people less than 18 years old. The information that we do collect is as follows:
Identity data: first name, last name, marital status, date of birth, gender and images.
Contact data: postal and billing addresses, email addresses and telephone numbers.
CCTV data; data gathered by closed circuit television, automatic number plate recognition and other surveillance technologies installed at the property and operated purely for security purposes.
Transaction data: details about services you have purchased from us or your visits to our premises.
Financial data: includes bank account and payment card details.
Technical data: includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile data: includes purchases or orders made by you, your interests, preferences (including details about your personal likes and dislikes as identified during your visits to our premises), feedback and survey responses.
Marketing data: includes your preferences in receiving marketing from us.
In all cases, the data collected is only the minimum required to conduct our business in a way that has a valid legal basis (see below).
We process your information to provide, improve, and administer our services, communicate with you, to arrange payment for our services, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
Technical data that is automatically collected may be used by us to analyse how the website is being found and used, and to evaluate the effectiveness of our marketing campaigns. It is not used by us to build a personal profile.
Although we do not use automatically collected visitor data to build a personal profile on you or identify you personally, Google, which provides the analytics service that collects the data, will do this. If you are logged into a Google account on your device, it will associate your data with the identity details that you have given to Google. What is done with that data will depend on the preferences you have expressed in the privacy settings of your Google account. If you are not logged into a Google account, the data will be associated with a unique identifier given to your browser or device.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we will always rely on one of the following legal bases to collect and process your personal information:
Consent. We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
Performance of a contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our services or at your request prior to entering into a contract with you.
Legitimate interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
Analyse how our services are used so we can improve them to engage and retain users
Evaluate our marketing activities
Legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
We may share your data with third-party vendors, service providers, contractors, or agents ('third parties') who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. They commit to protect the data they hold on our behalf. The categories of third parties we may share personal information with are as follows:
Data Analytics Services
We do not sell your data to third parties or allow third parties to contact you without your permission.
We may also need to share your personal information in the following situations:
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
The following table indicates which cookies we are using and what they do.
|These cookies are used to collect information about how visitors find and use our site, which we use to help improve it.|
|Cookie warning||hasConsent||This simply stores your acceptance of the warning about cookies on the website home page.|
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to reject cookies or install a browser extension to reject cookies. Your browser will also have a tool to remove cookies that have already been set. If you choose to remove cookies or reject cookies, this could affect the functionality of parts of our website. To opt out of interest-based advertising by Google, see the privacy preferences in the settings of your Google account.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We are legally obliged to ensure that the information we have on record is accurate and up to date. If your details have changed since we were last in touch with you, you are kindly requested to notify us of the new details so we can update our records.
We have implemented appropriate and reasonable technical and organisational security measures to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.
If we hold records of your personal data and we become aware of a data breach, we will endeavour to inform you of this within 72 hours.
In the European Economic Area (EEA) and the United Kingdom (UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by using the contact details provided below to contact us. We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the UK and you believe we are unlawfully processing your personal information, you also have the right to complain to the Information Commissioner's Office. You can find their contact details here: https://ico.org.uk/make-a-complaint/.
If you are located in the EU and want to make a complaint, see this list of European Data Protection Supervisors.
If you are located in Switzerland, here are the contact details of the Data Protection Commissioner.
Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details provided below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information where there are lawful grounds other than consent.
If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO), David Graham, who can be contacted via email at ku.oc.ssenrevni-nagevnud@yats , or by writing to: Dunvegan, 3 Culduthel Road, Inverness, IV2 4AB, Scotland, UK.