Privacy Policy
Like all businesses, we may hold some information about you on file. We take great care of all personal data we hold and have high standards of security and comply with regulations regarding the protection of your data.
This privacy statement explains how and why we collect and process your personal data. This relates to personal data you share directly with us – as our guests, our suppliers and our booking partners. It also relates to personal data you share with third party introducers, booking sites and group travel partners who share your data to provide you with the services that you have requested. Where a third party has shared your data with us, we expect that they have informed you about the processing and sharing of your data.
For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we collect and process personal data about you. Personal data is defined as any information relating to an identified or identifiable natural living person – a ‘data subject’. This privacy notice also provides information about your rights as a ‘data subject’.
Off Grid Travel will always be transparent with you and make sure this privacy notice is available to you on our website or in paper format where required, prior to collecting and processing your personal data.
Who are we?
When we say ‘we’ or ‘us’ or ‘our’, we are generally referring to Off Grid Travel Ltd.
Off Grid Travel is a company registered in Scotland. Company No. SC645591. Our Registered Office is 11 Dudhope Terrace, Dundee, DD3 6TS.
How do we collect your personal data?
We currently collect your personal data through a number of sources, such as:
- When you contact us by phone, email, live chat and social media platforms such as Facebook and Instagram.
- When you complete forms, surveys and enter competitions on our website or on social media platforms.
- When you subscribe to receive our newsletter and receive information about our special offers and services.
- When you book and register as a guest in our accommodation.
- When third party partners, booking sites or travel groups share your data with us in order to book accommodation and facilities on your behalf.
- When you make any complaints regarding our facilities or the service you have received.
- Where you have been involved in any accidents or incidents in our premises or facilities.
- When we call or visit you to progress any agreements or contracts to supply us with goods or services.
- When we arrange a contract with you or when we agree to purchase products or services from each other.
- In the administration of our relationship with you.
- Through the fulfilment of our contractual obligations.
The means of collecting data evolves along with our business and to ensure you are kept informed of our usage, this policy will be reviewed annually unless there is a change in legislation requiring us to review the policy sooner. We are committed to ensuring that the data we collect and process is accurate, is up to date, is appropriate, is not excessive, is not retained for longer than required and does not constitute an unwarranted invasion of your privacy.
We may process your personal data for the performance of any booking, contract or agreement we have in place with you. We may also process your personal data for legitimate interest – provided that those interests do not override any of your own rights and freedoms which we will consider carefully. This includes processing for marketing, provision of future services, business development, statistical and management purposes.
What personal data do we collect and process?
The data we hold and process for you will depend on our relationship with you, the enquiries you have made with us, the bookings and services you have requested from us, along with the products or services we may request from you.
Typically, we may hold:
- Names, addresses and your birthdate if you have given us this – personal or business.
- Email address and telephone contact numbers – personal or business.
- Your company name and nature of your business where applicable.
- Details of the events, services, products or facilities you may have enquired about.
- Details of any future and previous booking(s) you may have made with us.
- Details of the events, services, products or facilities you may have taken part in or used when you visited us.
- Details of any special requirements you have informed us of.
- Details of the services and products you currently provide or have previously provided to us.
- Records of correspondence and communications with you.
- Records and details regarding any complaints or enquiries you make to us.
- Your requests and preferences regarding marketing information and how you would wish to receive this information.
- A record of marketing emails sent to you and whether you have opened, read or clicked through to our website from them.
- Information from other sources, such as publicly available information, industry networking information, national industry portals and records.
How do we use the personal data we hold about you?
We may collect and store personal data for a number of reasons:
- To fulfil our booking or contractual obligations and to meet agreements we have put in place with you.
- To provide you with information about products or services you have requested from us.
- To provide you with information about services, events and products we feel may be of interest to you.
- To maintain customer and administration records.
- To respond to your feedback and ideas.
- To notify you of any changes to our services.
- To verify identification where required.
- To communicate with you by post, email or phone.
- To analyse the suitability and relevance of the services we provide.
- To plan and manage our properties and facilities.
- To investigate and respond to any complaints you may make.
- To process financial transactions, invoicing and maintain group arrangements.
- To prevent and detect crime, fraud or corruption.
- To meet legal, regulatory, statutory and ethical responsibilities.
- To help with staff training and to improve our internal processes.
- For customer profiling, to help us understand what people want to do when they stay with us and to keep our services as relevant as possible.
How long will we keep your personal data?
Off Grid Travel Ltd. will only keep your personal data for as long as is necessary to fulfil the purposes for which it was collected, and in accordance with legal requirements under UK Company Law.
We do want to keep in touch with you, however if you have not done business with us or interacted with any of our email communications in 4 years, we will remove your details from our marketing mailing lists. You are free to remove yourself from our lists at any time by using the unsubscribe option.
Who will we share your personal data with?
We may share your personal data with third parties or other organisations and individuals where:
- There is a legal obligation to do so.
- Where it is requested by a public or regulatory authority and we consider it is required by law – such as police or HMRC.
- Where we are bound by any code of practice.
- Relevant data may be shared with our booking partners or service providers in conjunction with the delivery of our services to you.
- Relevant data may be shared with our booking partners or service should a complaint be made by you.
We may require the services of third party service providers – such as trainers, consultants, auditors and accountants, banking services, administration or HR services, I.T systems maintenance. We will share your data with them in order to allow us to provide the services you have requested. In these circumstances we will have an appropriate contract in place which sets out requirements that the third party can only process your data on our instruction and that they will not use it for their own purposes. They will hold it securely and delete it or return it to us once the contract has ended.
We will also share your personal data within Off Grid Travel Ltd where it is in our legitimate interests to do so, for the fulfilment of your booking and our contract or agreement with you.
International Transfers
If we intend to transfer your personal data to a third country or share with an international organisation, we will put measures in place to do so securely and with appropriate safeguards in place.
Data Security
Off Grid Travel Ltd is serious about taking the appropriate measures to protect your personal data.
The transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of the data you transmit to our site and we need to make you aware that any transmission is at your own risk. Where passwords are required or chosen by you to access our site or secure platforms as part of the service we provide, it is your responsibility to keep these passwords secure and confidential.
Once we have received your data, we use strict procedures and security features to prevent unauthorised access to your data.
We limit access to our properties and facilities to those who require access and have a right to be there – using passes, keys and other technology. We also have a risk framework in place including the appropriate policies and procedures required to keep your data secure. All information provided by you is held on secure servers and any payment transactions will be encrypted. We apply controls and access restrictions across all of our technology platforms and review and test these at regular intervals.
Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use this data only to fulfil the service they provide to you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures. If we pass any special category personal data onto a third party we will only do so once we have obtained your explicit consent or for the fulfilment of a contract we hold with you, unless we are legally required to do otherwise.
Can I find out what personal data Off Grid Travel Ltd hold about me?
If you submit a Subject Access Request, Off Grid Travel Ltd can confirm the data and information held about you and how we process it. If we process your personal data, you can request the following information from us:
- Who is the person or organisation that decided how and why to process your data.
- Where applicable, the contact details of their Data Protection Officer.
- The contact details of our Data Protection Officer.
Your rights as a “data subject”:
Whilst we are processing your personal data at Off Grid Travel Ltd, as a ‘data subject’, you have the following rights:
- Right to be informed: You have the right to be informed about our data processing through this Privacy Notice.
- Right of Access: By submitting a ‘Subject Access Request’, you have the right to request information about and access to a copy of the personal data held by us as a Data Controller.
- Right of Rectification: Where you feel that the information we hold about you is inaccurate or incomplete, you have the right to request that we correct your personal data.
- Right to be forgotten: When you feel we no longer need your personal data for the purpose it was obtained for or where you have withdrawn your consent to us processing your data, you have the right to ask us to delete and erase your personal data. We can refuse to do this in certain circumstances.
- Right to restrict processing: Where you feel the personal data we are processing is inaccurate or where you feel your personal data is no longer needed but you want us to retain it for any possible future reference, you have the right to restrict our processing of your personal data.
- Right to data portability: Where we hold data electronically about you, in certain circumstances, you have the right to ask us to provide that data in an easy to read format and to transfer this data to another organisation.
- Right to object: You have the right to object to certain types of processing of personal data in certain circumstances although you have an absolute right to ask us to stop using your contact details to send you direct marketing.
- Where personal data is being processed based on our legitimate interests or the legitimate interests of a third party, we need to be able to confirm what these interests are.
- Which categories of personal data are collected and processed.
- Who we share your data with or disclose your data to.
- If we intend to transfer your personal data to a third country or share with an international organisation.
- How long we will store your data.
- Confirmation of your Data Subject Rights to ask us to correct, erase, restrict, transfer or object to processing your personal data.
- Details regarding your right to withdraw your consent at any time.
- The process to lodge a complaint with the ICO as the UK’s data protection supervisory authority.
- We will clarify if the provision of your personal data is due to a statutory or a contractual requirement.
- Where it is required to enter into a contract between us, if you are obliged to provide the personal data and any consequences possible if you fail to provide the personal data required.
- Where your data was not collected directly from you, confirmation of where your personal data was sourced from.
We will normally respond to your request to access your personal data within one month from the date it is received. However, in some cases, we may need to extend this to three months. We will always write to you within one month of receiving your original request to tell you if this is the case.
A copy of your personal data is usually provided free of charge. However, we can charge a ‘reasonable fee’ where we find that the data requested is manifestly excessive or manifestly unfounded and in particular if the request is a repetitive one. We can also charge for additional copies of the personal data.
Contacting us and your right to making a complaint
If you wish to speak to us or question anything in this notice relating to how we collect, store or process your personal data, please email us at info@offgrid-travel.com or write to our Data Protection Officer at Off Grid Travel, 11 Dudhope Terrace, Dundee, DD3 6TS.
We hope you don’t need to make a complaint about how we process your personal data or how a complaint has been handled. If you feel you do wish to complain, you have the right to complain through our Data Protection Officer as detailed above and the supervisory authority at the contact details below:
UK Data Protection Regulator, The Information Commissioner’s Office (‘ICO’), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or email ico.org.uk/concerns/.
Credit cards
We do not store or handle credit card details nor do we share customer details with any third parties. Card details are submitted to our payment partners using encrypted (SSL) connections.
Policy Change
This policy was last updated on 5th September 2024.
Cookies