Privacy Policie

     We, Premier Villas Florida.com Ltd, on behalf of the owner(s) of the properties featured on this site need to collect certain personal details from you in order to process your booking. These details will include, where applicable, the names and addresses (including email addresses) of party members, credit/ debit card or other payment details and perhaps special requirements such as those relating to any disability or medical condition which may affect your chosen arrangements.

We need to pass on your personal details to the companies and organisations who need to know them so that your holiday can be provided (for example the Owner of accommodation you choose, and your/our credit/debit card company or bank). Such companies and organisations may be outside the European Union, Norway, Iceland or Liechtenstein if your holiday is to take place or to Owner(s) outside these countries. [We would also like to store and use your personal details for future marketing purposes (for example, sending you a brochure or details of a promotion)]. All details you give us in connection with your booking will be kept [but we will use only names and contact details for marketing purposes]. [Occasionally, we may sell clients names and addresses to other companies or organisations who offer goods or services which we feel may interest you. If you do not want us to do any or all of these things, please let us know as soon as possible]. We are entitled to assume you do not object to our doing any of the things mentioned in this statement unless you tell us otherwise in writing.

Except where expressly permitted by the Data Protection Act, we will only deal with the personal details you give us as set out above unless you agree otherwise. We have appropriate security measures in place to protect this information.

If you believe that any of your personal details which we are processing are inaccurate or incorrect please contact us immediately.

Notes

1.. The Data Protection Act applies to virtually all information concerning any individual which is capable (if only in theory) of identifying that individual. It applies to information you just store (even if this is only because your systems do not allow you to delete the information without a massive amount of work) as well as information you actually use or pass on. The word “process” in the following includes simple storing.

2. The Data Protection Act draws a distinction between personal data and sensitive personal data. The later comprises a list of information of which only that relating to physical or mental health or condition is likely to be relevant to holidays unless you start collecting data relating to political opinions, racial/ethnic origins or similar!

3. In order to “process” non sensitive personal data, you need to demonstrate consent or that doing so is necessary for the performance of a contract to which the “data subject” is a party (there are other possibilities but these are not likely to be relevant).

4. In order to “process” sensitive personal data, you need to demonstrate “explicit” consent (again, there are other possibilities but these are not likely to be relevant).

5. What is meant by “consent”, explicit or otherwise is not defined in the Act. Logically, “explicit” consent must involve specific and, to prove this has genuinely been given, written agreement from the individual concerned. Ideally you should certainly work on this basis. Such “explicit” consent could be obtained via, for example, appropriate wording and a box to tick on the booking form. This is definitely the preferable approach but I appreciate this process involves extra work and potential hassle. I am aware many if not most operators take the view that this is not a practical option. If you are of this opinion, I would hope it will be possible to successfully argue that going to such lengths is not necessary given the sensitive data is only being used to enable the Owners to provide appropriate holiday arrangements and assistance. As the majority of clients we deal with do not want to have to seek express written consent to deal with “sensitive” personal data, the above statement has been worded on the basis that such consent will be assumed unless you are told otherwise in writing. Unfortunately, I cannot promise that this approach will be acceptable to the Information Commissioner. If you prefer to be cautious and obtain express consent, please let us know and alternative wording can be provided.

6. So far as “non-sensitive” personal information necessary to provide the holiday is concerned, giving the above statement should be sufficient without obtaining express agreement given you can rely on the “contract performance” justification.

7. The above wording in italics assumes you will use the information you collect from clients for your own future marketing purposes and to pass on to third parties. If this is not the case, the wording needs amending. To be entitled to do so, the Act requires you to obtain consent. It is not clear what this requires in practice. As you cannot rely on the “performance of the contract justification” in this context, you should, in our view, at least give clients a simple mechanism for opting out of future marketing by you and/or third parties. An “opt in” (i.e. the client will not be marketed unless they expressly agree) is definitely a safer, if rather less practical approach. If you decide to use an “opt in”, the above statement will need slightly amending.

8. Whilst not spelt out in the Act itself, however, the Act appears to require that such a statement should be communicated prior to the collection of any data. Accordingly, the logical position for this statement is on the booking form/page and anywhere else personal details are given pre booking. If you have no space for it on such documents, you could alternatively include it in a prominent position on your website and add a clear cross reference to this wherever information is actually requested.

9. If you have any queries or would like to amend the above or are not entirely clear as to the extent of your responsibilities under the Data Protection Act, please do not hesitate to contact us.