Privacy Policie
We, Premier Villas Florida.com
Ltd, on behalf of the owner(s) of the properties featured
on this site need to collect certain personal details from
you in order to process your booking. These details will include,
where applicable, the names and addresses (including email
addresses) of party members, credit/ debit card or other payment
details and perhaps special requirements such as those relating
to any disability or medical condition which may affect your
chosen arrangements.
We need to pass on your personal details to the companies
and organisations who need to know them so that your holiday
can be provided (for example the Owner of accommodation you
choose, and your/our credit/debit card company or bank). Such
companies and organisations may be outside the European Union,
Norway, Iceland or Liechtenstein if your holiday is to take
place or to Owner(s) outside these countries. [We would also
like to store and use your personal details for future marketing
purposes (for example, sending you a brochure or details of
a promotion)]. All details you give us in connection with
your booking will be kept [but we will use only names and
contact details for marketing purposes]. [Occasionally, we
may sell clients names and addresses to other companies or
organisations who offer goods or services which we feel may
interest you. If you do not want us to do any or all of these
things, please let us know as soon as possible]. We are entitled
to assume you do not object to our doing any of the things
mentioned in this statement unless you tell us otherwise in
writing.
Except where expressly permitted by the Data Protection Act,
we will only deal with the personal details you give us as
set out above unless you agree otherwise. We have appropriate
security measures in place to protect this information.
If you believe that any of your personal details which we
are processing are inaccurate or incorrect please contact
us immediately.
Notes
1.. The Data Protection Act applies to virtually all information
concerning any individual which is capable (if only in theory)
of identifying that individual. It applies to information
you just store (even if this is only because your systems
do not allow you to delete the information without a massive
amount of work) as well as information you actually use or
pass on. The word “process” in the following includes
simple storing.
2. The Data Protection Act draws a distinction between personal
data and sensitive personal data. The later comprises a list
of information of which only that relating to physical or
mental health or condition is likely to be relevant to holidays
unless you start collecting data relating to political opinions,
racial/ethnic origins or similar!
3. In order to “process” non sensitive personal
data, you need to demonstrate consent or that doing so is
necessary for the performance of a contract to which the “data
subject” is a party (there are other possibilities but
these are not likely to be relevant).
4. In order to “process” sensitive personal data,
you need to demonstrate “explicit” consent (again,
there are other possibilities but these are not likely to
be relevant).
5. What is meant by “consent”, explicit or otherwise
is not defined in the Act. Logically, “explicit”
consent must involve specific and, to prove this has genuinely
been given, written agreement from the individual concerned.
Ideally you should certainly work on this basis. Such “explicit”
consent could be obtained via, for example, appropriate wording
and a box to tick on the booking form. This is definitely
the preferable approach but I appreciate this process involves
extra work and potential hassle. I am aware many if not most
operators take the view that this is not a practical option.
If you are of this opinion, I would hope it will be possible
to successfully argue that going to such lengths is not necessary
given the sensitive data is only being used to enable the
Owners to provide appropriate holiday arrangements and assistance.
As the majority of clients we deal with do not want to have
to seek express written consent to deal with “sensitive”
personal data, the above statement has been worded on the
basis that such consent will be assumed unless you are told
otherwise in writing. Unfortunately, I cannot promise that
this approach will be acceptable to the Information Commissioner.
If you prefer to be cautious and obtain express consent, please
let us know and alternative wording can be provided.
6. So far as “non-sensitive” personal information
necessary to provide the holiday is concerned, giving the
above statement should be sufficient without obtaining express
agreement given you can rely on the “contract performance”
justification.
7. The above wording in italics assumes you will use the
information you collect from clients for your own future marketing
purposes and to pass on to third parties. If this is not the
case, the wording needs amending. To be entitled to do so,
the Act requires you to obtain consent. It is not clear what
this requires in practice. As you cannot rely on the “performance
of the contract justification” in this context, you
should, in our view, at least give clients a simple mechanism
for opting out of future marketing by you and/or third parties.
An “opt in” (i.e. the client will not be marketed
unless they expressly agree) is definitely a safer, if rather
less practical approach. If you decide to use an “opt
in”, the above statement will need slightly amending.
8. Whilst not spelt out in the Act itself, however, the Act
appears to require that such a statement should be communicated
prior to the collection of any data. Accordingly, the logical
position for this statement is on the booking form/page and
anywhere else personal details are given pre booking. If you
have no space for it on such documents, you could alternatively
include it in a prominent position on your website and add
a clear cross reference to this wherever information is actually
requested.
9. If you have any queries or would like to amend the above
or are not entirely clear as to the extent of your responsibilities
under the Data Protection Act, please do not hesitate to contact
us.
|