Mansefield House
near Fort William

Privacy Policy

Here at Mansefield Guest House we understand that customers care about the use and storage of their personal information and data. This document sets out our policy on how we collect, use and protect your personal information in accordance with the General Data Protection Regulations ("GDPR") and Data Protection Act 2018. Please be assured that your personal data will be treated as strictly confidential. We do not use any form of automated decision making in our business.
For the purpose of the GDPR, Bev & Toby Richardson are the "data controllers" and any enquiry regarding the collection, processing, storage or amendment of your information should be addressed to:
Bev & Toby Richardson, Mansefield Guest House, Corpach, Fort William PH33 7LS

Contents of this policy:

  • How we collect data
  • Information we collect
  • How we store your data
  • How we use your personal information
  • Data Security
  • Data Retention and Disclosure
  • Our Web Site (third party links & widgets, cookies, Google Analytics)
  • International Data Transfers
  • Your Rights
  • Changes to Our Privacy Policy

How we collect data

The data we collect is provided to us in advance by you (or a travel agent or booking representative acting on your behalf), as well as when you arrive at our premises to check in. It is collected when:

  • you use our online booking system (Freetobook) and/or send us a deposit via Paypal
  • you provide information to us in an email or a letter
  • you provide information to us by telephone
  • you provide information via Facebook
  • you tell us in person.

Information we collect

We collect this information when you make an enquiry and/or a reservation. This personal information includes the following:

  • Information required to complete a booking:
    • The full name and address of the person making the booking
    • The email address of the person making the booking
  • The following information can also be provided but is not mandatory:
    • The telephone numbers of the person making the booking
    • The names of all guests staying as part of the booking
    • Any additional information you wish to provide that you feel is important for us to cater to your requirements during your stay (e.g. food or other allergies, dietary requirements, special needs, etc.)

How we store your data

We take all reasonable technical and organisational precautions to store your information in a secure manner and prevent its loss or misuse.

Your data is stored on a secure database operated by our booking manager Freetobook. This database is fully compliant with the GDPR data rules. This Freetobook database does not store or capture any personal data other than as detailed above (see the Information we collect). Neither Mansefield Guest House nor Freetobook will transfer any personal data to any other party if it is not part of the booking and review process.

If you choose to pay the deposit via Paypal, your email address will be stored in our Paypal account.

If you pay us on arrival by credit or debit card using our processing terminal, we will have a printed receipt slip that contains details of the amount paid and some card details. This receipt slip is kept in a secure location and can only be accessed by authorised personnel. The slip is kept separately from any other information that could identify the card as belonging to an individual. Card payment slips are only kept for as long as is reasonable and destroyed using a shredder.

On arrival, we require you to verify your identity and booking details by completing and signing a registration form. We are required by UK law to retain this registration form for at least 12 months and keep it available for inspection by a police officer or duly authorised person. This registration form is kept in a secure location and can only be accessed by authorised personnel. After one year this form is destroyed using a shredder.

How we use your personal information

The personal information provided to us will only be used in connection with the services we are providing to you with regard to your stay at Mansefield Guest House. We will only use your personal data when legally permitted to do so under the following lawful bases.

To process your personal data for purposes A and B, we use the lawful basis of contract because we need to fulfill the contract between us (i.e. your booking to stay at Mansefield Guest House). We may also need to comply with a legal or regulatory obligation (accounting, taxation, law enforcement). To use your personal data for purpose C, we use the basis of consent because you have asked us for information. You may withdraw your consent at any time. When using personal data to serve our legitimate interests such as purpose D, we will always balance your rights and interests in the protection of your information against our rights and interests.

We may use your personal information to:

  • Process your booking and provide confirmation details
  • Obtain payments for our services.
  • Respond to your questions or comments via e-mail, telephone or post, and provide information that may be useful to you.
  • Request feedback about your stay with us, the booking experience and our website. This is sometimes done in conjunction with TripAdvisor and/or Freetobook.

Data Security

The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our email address (any such transmission is at your own risk). Once we have received your personal information, we have appropriate security measures to prevent your personal data from being accidentally lost or accessed in an unauthorised way.

Data Retention and Disclosure

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may have to share your personal data with our accountant, and if requested with HM Revenue & Customs and the Police or Immigration services.

By law we have to keep basic information about our customers (including contact details and financial/transaction data) for six years for tax purposes. We are also required by law to retain for 12 months the registration form you complete on arrival. After one year this registration form is destroyed using a shredder.

Our Web Site

Third Party Sites / Widgets
Our website may include links to third-party web sites and widgets such as Freetobook, Paypal and TripAdvisor. Clicking on those links or enabling those connections may allow third parties to collect data about you. We do not control these third-party web sites or widgets.

Cookies & Google Analytics
Cookies are small text files which are placed on your computer or mobile device when you visit a web site. This information is used by Google Analytics to track visitor use of our web site and to compile statistical reports on web site activity, such as what countries our visitors are browsing from, and which pages are the most popular. The data gathered is anonymous and cannot be used to identify individual users.
We do not use cookies to gather personal data such as names or email addresses. Cookies are used by nearly all websites and do not harm your system. You can set your Internet browser to block Google Analytics and/or not to accept cookies. See www.aboutcookies.org for more information or visit the official ICO site: https://ico.org.uk/for-the-public/online/cookies/

International Data Transfers

We do not transfer any of your personal data outside the European Economic Area (EEA). However you should be aware that anonymous data from our web site statistics is collated and analysed by US-based Google Analytics software.

Your Rights

In accordance with UK and European law under the General Data Protection Regulation (GDPR), you may request that we provide you with a copy of the personal information we hold about you. Provision of such information will be subject to the supply of appropriate evidence of your identity. You also have the right to request that we delete and destroy your personal data. You can view full details about all of your rights under GDPR on this external web site: knowyourprivacyrights.org

Where we are using your personal data on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Where we process your personal data based on our legitimate interest, you have the right to object at any time to that use of your personal data subject to applicable law.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK regulatory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

It is very important that the information we hold about you is accurate and up-to-date. Please let us know if at any time your personal information changes.

If any breach of personal data occurs, we are obliged to notify the ICO within 72 hours of becoming aware of the breach.

Changes to Our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page. This document will reviewed by us every 12 months.

Date: 3 July 2018