As part of running our business, Footpath Holidays sometimes needs to collect, maintain and use personal data about you. That will normally be if you are current, past or prospective customer, a supplier, an employee , or an individual that’s contacted us and needs a response.
Just so you know, the legal basis that we have to process your data falls into one or more of the following areas: Firstly, if have a contract with us – for example if you are an existing customer or supplier. Secondly, if you’ve provided consent – for example, if you’ve consented to receive a newsletter from us. And finally, if we have a legitimate reason – for example, you have contacted us with a query that needs responding to.
Any personal information you give us, either on this website (for example, via a contact form), via email or direct mail, phone contact or direct contact with the company in person will never be sold, rented or made public without your consent.
We take your privacy seriously. We’ll only use your information for the legal basis with which we hold it. Sometimes, to do that we might need to pass information on to a third party (for example your email into a newsletter sending system). When we do, we’ll use safe, reliable, GDPR compliant services who won’t pass your personal details anywhere else.
Information we collect
1. Contact information
We hold contact information on the individuals and companies that we do business with, employ, and/or market to. Whenever we hold such information we only hold that which is necessary for purposes we need. To find out more about what we hold for individual purposes please contact us using the methods described below.
2. Site visits tracking
We collect visitor behaviour on our website. This tells us which pages are visited, the sorts of searches that are used to find us, what people do on the site when they are there. It doesn’t tell us anything personal about the people visiting the site, just what they do.
We use the data to make changes on our website based on what we see visitors are doing.
3. Contact by form, email link and telephone
If you email us, either using a website contact form or by sending a direct email, we’ll get that information in an email. That data isn’t stored on our website.
If you phone us and we need to store your details for any of the legal bases explained we’ll store it safely on company computers that are regularly maintained and safely kept . If you are signed up to receive newsletters from us, we’ll store some information on the secure servers of the company that we use to send our newsletters.
We may keep a record of contacts (such as emails that have been sent and received), but again we won’t use the details for anything other than the relevant legal reasons stated.
On occasion, we’ll send marketing and information emails. We’ll only send these emails if you fall into one of the two following categories:
- You’re an existing customer or supplier who we do current business with.
- You’ve asked to get emails via a newsletter signup form / documented social media request .
If you’ve asked to receive our marketing, you may opt out any time. There’ll be an unsubscribe link in each newsletter or you can contact us (see below).
Under 16? Legally you must obtain parental consent before joining email newsletters.
What we do with that information
Where appropriate, we’ll use the information we keep about you to:
- To send you information on products or services that you’ve asked for.
- To send you information on products or services, which we think will interest you.
- To carry out our obligations arising from any contracts entered into between you and us.
- To notify you about changes to our services or products.
- To inform business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- To send you email newsletters that you have opted in to receive.
Access to your information and correction
You have a number of rights including the right to request a copy of the information that is held about you. If you’d like to know what information is held, please contact us, using the form below on this website and we'll reply to you by email. Legally that’s within one working month, but we’ll aim to reply as soon as we can. We want to make sure that your personal information is accurate and up to date. So, once you have any information, you can ask us to correct or remove anything you think is wrong. For a full list of your rights, have a look at the ICO Website.
We’ll normally be happy to help at no charge, however where requests are manifestly unfounded, excessive, or repetitive after an initial, responded to, request, we’ll potentially charge an admin fee to cover the time taken to fulfil the request.
Designated Data Controller
As a small company processing small amounts of data we are not obliged to appoint a DPO. If you have a data query, send it to us using the form below and we will be delighted to help.
Third Party Processors
We use a number of third parties to process personal data for us. These third parties have been carefully chosen and, to the best of our knowledge, all of them comply with current legislation where applicable for their country. We may need to share your information with them in order to process products or services. This may be within the UK or outside including the United States and countries outside of Europe.
• For our newsletter system we use E-shot. You can read their GDPR compliance policy here: https://e-shot.net/TrustCentre#gdpr
• When you make an online payment to us it arrives as an email on a secure, encrypted server administrated by www.pcoms.co.uk . Your payment is not processed online. The payment information is used to process the relevant payment. The email is then deleted from the server. Payments are taken through ‘Worldpay’ and any ‘hard copy’ information is securely destroyed by a licensed practitioner and certificates of destruction obtained. We comply with the ‘Trustwave’ safeguarding system and hold a current certificate.
We will report any unlawful data breaches of data held by us to the ICO as required (https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/) within 72 hours of becoming aware of a breach taking place if it is apparent that personal data stored in an identifiable manner has been stolen.
All traffic (transferral of files) between this website and your web browser is encrypted and delivered over HTTPS.
"I really appreciated my vacation with Footpath Holidays! Thank you very much for the excellent organisation!"
Marianne D , Germany