Amatours LLP (“We”) takes steps to protect and respect your privacy.
This policy (together with any other documents referred to in it, sets out the basis on which any personal data we collect from you or that you provide to us will be used by us. By visiting www.amatours.co.uk you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Amatours LLP; The Stables, Bears Head Farm, Newcastle Rd, Smallwood, CW11 2GB.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- Information you give us.You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, request samples of our products, place an order on our site, participate in social media functions on our site, enter a competition, promotion or survey, sign up to an email programme and when you report a problem with our site. The information you give us may include your name, address, e-mail address and telephone number, financial and credit card information, personal description and photograph.
- Information we collect about you.With regard to each of your visits to our site we may collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- Information we receive from other sources.We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We also work with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
· to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services that may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those that were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data;· to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
- Information we collect about you.We will use this information:
- to administer our site and for internal operations including data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
- Information we receive from other sources.We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Analytics and search engine providers that assist us in the improvement of our site.
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Amatours or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of our website use [link] or our terms and conditions of trading [link] and other agreements; or to protect the rights, property, or safety of Amatours, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
Amatours (the “Company”) uses Personal Information in the day-to-day operations of its business operations including HR administration and personnel management as well as developing innovating products and services for its customers. The Company respects the privacy rights of any person whose Personal Information it collects and processes and complies with laws and regulations protecting Personal Information.
This Policy explains the relevant data privacy principles for the protection of Personal Information and how such principles are to be implemented.
Scope and Applicability
This Policy covers all Personal Information collected, processed, shared, or used by the Company. It applies to all directors, officers, managers and employees of the Company (collectively referred to as “Employees”), including its affiliates around the world. This Policy enters into force as of January 1, 2018 and must be adopted by all Company affiliates.
Compliance with Law
The Company strives to be a market leader in amateur golfing events, related services, as well as a good corporate citizen. We recognize the privacy rights and commitment to the protection of Personal Information of our Employees and other persons, notably customers and suppliers, who confide their Personal Information with us. Our Employees have a specific responsibility to respect this commitment, as described in this Policy and expressed in relevant data privacy laws.
This Policy sets forth the principles and objectives to which the company will strive to comply. However, it will not create any legal obligation or expectation on the company beyond the requirements of applicable law. In addition, exceptions may be applied on a case by case basis, if allowed by applicable law.
Our Employees are expected to recognise if they are collecting, processing, sharing or using Personal Information. They must be aware of the general privacy requirements and principles that govern Personal Information and know when to escalate issues to their local Compliance Officer, Legal Counsel or Data Privacy Officer.
Collect and use Personal Information fairly and lawfully
Principles and Rules
Fundamental Data Privacy principle requires that the Company process Personal Information fairly and lawfully. When collecting and using Personal Information, the Company must consider relevant laws and regulations in addition to this Policy.
- Collect and use Personal Information only with a legal justification which may include the legitimate business interests of the Company. For example, some Company guidelines or local laws may require explicit consent of the data subject prior to collecting Personal Information (e.g., background checks for customers/employees).
- Notify persons about how their Personal Information will be used prior to collecting the information.
- Collect only the Personal Information needed for a specific business purpose.
- Use Personal Information only for the specific business purpose described in the Privacy Notice or Consent form or in a way that the person would reasonably expect.
- Use Personal Information in ways that do not have an adverse effect on the person concerned unless such use is justified by law.
- Anonymise or Pseudonymise Personal Information when possible or appropriate.
Manage and maintain Personal Information responsibly
Principles and Rules
Responsible management of Personal Information is required to protect privacy rights and comply with Data Privacy laws. Each Employee is accountable for compliance with Data Privacy obligations related to Personal Information. Employees who collect, use and/or maintain Personal Information must take the appropriate steps to:
- Comply with the Company’s Information Security Policy when processing Personal Information.
- Prevent the misuse of Personal Information for a purpose that is not compatible with the original purpose for which it was collected.
- Keep Personal Information accurate and up-to-date throughout the information lifecycle (i.e., from collection to destruction).
- Safeguard Personal Information so that it is not shared with others who do not have a valid business reason to access the information.
- Ensure Traceability of Personal Information throughout its lifecycle.
- Keep Personal Information only as long as necessary for the specific purpose or as required by law. Consult your records retention schedules for specific timeframes for maintaining Personal Information.
- Report any Data Privacy Breach to the Information Security Office, Information Commissioners Officer (ICO).
Know how to disclose Personal Information to Third Parties and other Company affiliates.
Principles and Rules
Personal Information may be shared with other Company affiliates, government agencies and Third Parties for legitimate business reasons or as otherwise allowed or required by law.
Employees who share Personal Information with Third Parties must obtain assurance that the Third Party has the ability and intention to protect Personal Information, consistent with the standards and principles contained in this Policy. This may be done through Third Party due diligence, risk assessments, and/or a contract.
A processing agreement is required whenever a Third Party is provided access to Personal Information in order to Process such Personal Information on behalf of the Company. In addition, a similar agreement is required when one Company Affiliate Processes Personal Information on behalf of another Company affiliate. These agreements may take the form of contracts between Company affiliates, or standard contracts with Third Parties.
All agreements must include the Data Privacy principles and processing instructions.
Based on risk assessments conducted on Third Parties, appropriate technical safeguards (e.g., encryption) or other remedial measures need to be provided for by contract to ensure adequate protection of Personal Information.
Know how to transfer Personal Information across borders
Principles and Rules
In many instances, the use of Third Parties will also involve the Transfer of Personal Information across country borders. Also, many business processes require the Transfer of data within the Company internationally.
When you Transfer Personal Information across borders to Third Parties you need to:
- Determine if you have a legitimate justification for the Transfer of Personal Information (e.g., valid business reason);
- Follow local legal requirements (e.g., notice to the individual, notification to data protection authorities, use of contractual safeguards such as, e.g., EU model clauses).
The Transfer of Personal Information from the Company operating as Controllers in the EEA or to other Company entities established outside the EEA and Switzerland are permitted under individual Model Contractual Clauses.
Right of Access, Rectification, Cancellation and Objection
Principles and Rules
Company affiliates need to implement processes in applicable SOPs to ensure an appropriate and lawful response to persons who exercise their individual rights to:
1) know what Personal Information is being Processed about them,
2) object to processing, and/or
3) request correction, erasure or blocking of their Personal Information. Employees who collect Personal Information or develop systems that hold Personal Information must ensure that these rights can be executed within a reasonable timeframe or as required by local law (usually within 6 weeks).
Training and Awareness
Employees must familiarise themselves with this Policy and any other privacy related Company documents.
Reporting Potential Misconduct/Non-Retaliation
Any Employee who learns of a potential violation of applicable laws and/or this Policy is required to promptly report his or her suspicion. Employees who report potential misconduct or who provide information or otherwise assist in any inquiry or investigation of potential misconduct will be protected against retaliation.
Breach of this Policy
Breaches of this Policy may lead to disciplinary and other actions up to and including termination of employment or contract (for Third Parties).
Standard Operating Procedures
.Responsibilities and Implementation
It is the responsibility of every Company manager to adhere to this Policy within his or her area of functional responsibility, to lead by example, and to provide guidance to those Employees reporting to him or her. All Employees are responsible for adhering to the principles and rules set out in this Policy. As such, the Policy should be presented works councils as relevant and adopted by Employee representative bodies or as part of the internal code of conduct of the Company entity within a given jurisdiction.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO INFORMATION
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.