St. George’s Holiday is committed to safeguarding your privacy. Our Privacy Notice answers who, what, why, when, where and how we treat your personal information.
In this Privacy Notice the terms “we” and “our” means St. George’s Holiday. Online activity refers to any electronic communication or engagement (such as visiting our website), offline activity refers to non-electronic (such as visiting our event stand).
Who has access to your data
Your personal data will only be available to St. George’s Holiday staff who have authority and need access to it for the performance of their work. In addition, we select data processors who provide sufficient technical and organisational security.
What information do we collect?
Online we may collect, store and process the following kinds of personal data:
a) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit, and number of page views;
b) information relating to any transactions carried out between you and us on or in relation to this website;
c) information that you provide to us for the purpose of registering with us e.g. your email address and other personal information when you sign up;
d) information that you provide to us for the purpose of subscribing to our website services, email notifications, and/or newsletters; and
e) any other information that you choose to send to us or data we collect using ‘legitimate interest’.
Offline we may collect, store, and process the following kinds of personal data:
a) information about your visit(s) to us at an event or meeting, etc.;
b) information that you provide to event or meeting organisers, e.g. your email address and other personal information when you sign up and agree to share; and
c) any other information you choose to give us or data we collect using ‘legitimate interest’.
Why we use ‘consent’ and ‘legitimate interest’
In some circumstances, St. George’s Holiday may rely on ‘Legitimate Interest’ for marketing – which eliminates the need for consent. We have completed Legitimate Interest Assessments for online and offline activity, balancing our right to process personal data against your to privacy. The General Data Protection Regulation 2016 states:
Processing will be lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
In other circumstances, we may ask for marketing consent at the point of contact or rely on a contract to communicate with you. We will ensure consent is freely given, specific, informed, in plain English and agreed by affirmative action. You can withdraw consent at any time.
When do we delete your data
We perform a ‘cull’ of redundant personal data every year. We remove records that have not been updated for 7 years. However, you can ask for your personal data to be removed sooner by making a Right to Erasure request.
Where is your data stored and processed?
We store and process your data on secure servers that are based in the United Kingdom.
How do we use your personal data?
Personal data obtained online will be used for the purposes specified at the point of contact. We may use your personal information to:
a) administer the website;
b) improve your browsing experience by personalising the website;
c) enable your use of the services available on the website;
d) send you general (non-marketing) communications, e.g. dealing with enquiries or complaints;
e) send you email notifications that you have specifically requested;
f) send you marketing communications, e.g. messages relating to St. George’s Holiday, such as relevant events, news about bank holidays, or reminders to book the day off work; and
g) provide third parties with statistical information about our customers – but this information will not be used to identify any individual customer.
Personal data obtained offline will be used for the purposes specified at the point of contact. We may use your personal information to:
a) continue conversations started offline;
b) enable your use of our services;
c) send you general (non-marketing) communications, e.g. dealing with enquiries or complaints;
d) send you email notifications that you have specifically requested; and
e) send you marketing communications, e.g. messages relating to St. George’s Holiday, such as relevant events, news about bank holidays or reminders to book the day off work.
If you wish to unsubscribe from our marketing communications, you can click a link provided at the bottom of each marketing email or send a request to email@example.com. We will keep your data on our system to record that you have unsubscribed. If you want your personal data completely removed you will need to make a Right to Erasure request.
The St. George’s Holiday website uses ‘cookies’ to help personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise St. George’s Holiday pages, or register with the StGeorgesHoliday.com site or services, a cookie helps us to recall your specific information on subsequent visits. This simplifies the process of recording your personal information.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the St. George’s Holiday services or other websites you visit.
More information about our cookies is available at www.stgeorgesholiday.com/cookies.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide while visiting such sites, and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable on the website in question.
Your activity on social media platforms is governed by the terms & conditions and privacy policies of each social media platform, and such sites are not governed by this Privacy Notice. You are advised to use social media wisely and communicate/engage with them with due care and caution regarding your own privacy and personal details.
St. George’s Holiday marketing emails may contain tracking facilities within the email. Your activity is tracked and stored for future analysis and evaluation. This activity may include; the opening of emails, forwarding of emails, the clicking of links within the email, times, dates, and frequency of activity.
This information is used to refine future email marketing so we can provide you with more relevant content based on your activity. You can unsubscribe at any time by clicking a link at the bottom of each marketing email, or following the instructions to unsubscribe if no link is present.
Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. You are responsible for keeping your user details confidential.
Privacy Impact Assessments
The introduction of new technology or changes to the fields/structure of the personal data we hold may be necessary to ensure our systems are secure, to improve our service to customers, and to give St. George’s Holiday a competitive advantage. Before making any changes, we will complete a Privacy Impact Assessment to ensure we meet customers’ expectations of privacy.
Right to Access and Right to Erasure
You may request details of personal information that we hold about you under the General Data Protection Regulation 2016. On receipt of proof of identity, you may have a copy of any information we hold about you (Right to Access), and it will be provided within one month of a verified written request. You can also ask to have your information deleted from our database (Right to Erasure) after submitting proof of identity and an authenticated written request.
If you want to exercise your Right to Access or Right to Erasure, please email our Chairman at firstname.lastname@example.org.
We will not sell, rent or share your personal data with third-party organisations unless required to do so by law. In the future, we may sell, buy, merge, or partner with other organisations. In such transactions, or in the event of bankruptcy, we may include your information among the transferred assets.
We may update this Privacy Notice from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. We may also notify you of changes to our Privacy Notice by email. If you believe that any information we are holding about you is incorrect or incomplete, please contact us as soon as possible. We will amend any information found to be incorrect.
A copy of our Data Protection Policy is available on request. Please email our Chairman at email@example.com.
St. George’s Holiday
The Unofficial Bank Holiday
Last updated: 13 April 2019