This notice describes how we at Dream Apartments collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (Data Protection Legislation).
For the purpose of the Data Protection Legislation, we are the data controller. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Information that we collect from you:
– When you visit, register or order products or services on this website you may be asked to provide certain information about yourself including your name, contact details, passport/ID number, car registration number, and credit or debit card information.
– We may also collect information about your usage of our website, details of transactions you carry out through our site and of the fulfilment of your orders, information about you from messages you post to the website and e-mails or letters you send to Us.
Use of your Information:
– By completing a booking or submitting an enquiry through this website You agree that we have the following lawful reasons for processing your personal data:
(a) consent: you have given clear consent for us to process your personal data for completing your booking, although generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you, and you may withdraw your consent in those circumstances.
(b) legal obligation: the processing is necessary for Us to comply with the law by providing a Vendor with Your personal data for security and/or anti-terrorism legislation.
(c) the processing is necessary in order to perform any contract We may have with you, or for the performance of your contract with a vendor where we act as agent.
(d) We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for business development, statistical and management purposes.
– Where you have consented, we will use your information to let you know by email about products and services We offer. If You change your mind about being contacted in the future, you will be able to withdraw your consent by unsubscribing.
Disclosure of your Information:
– Neither we nor any vendor or partner will retain or have access to any of your credit or debit card information.
– We will not pass your other information to any third parties other than the vendor which you book with, parties who fulfil and deliver your bookings, process credit card payments and provide support services on our behalf and, the owner of the website you book through.
– The information you provide to us may be accessed by us, the vendor which you book with, parties who process information, fulfil and deliver orders, process credit card payments and provide support services on our behalf and, the owner of the website you book through.
– Some Vendors, partners, or other third parties who act for us for the purposes set out in this policy may be located outside the European Economic Area (EEA). Wherever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(a) We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
(c) Where we transfer your personal data to the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
– We may also pass aggregate information on the usage of our website to third parties but this will not include information that can be used to identify you.
– If Our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
– Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to Us without your consent.
Where we store your personal data:
– All information you provide to us is stored on our secure servers or the secure servers of our trusted third party software and service providers (including credit or debit card information which we do not store). Any payment transactions, user logins and passwords are encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
– Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to prevent unauthorised access.
Security and Data Retention:
– We employ commercially reasonable and appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. In addition, where we share your personal data with a “data processor” for the purposes of the Data Protection Legislation, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
– We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
– For customers who have booked through Our websites, We will retain your information on Our secure servers for an unlimited period (this is because you may wish to login to Our websites at any time to make another booking, update your personal data, or access your historic booking data) unless you request deletion in line with your Rights (see below).
– For customer communications, we will retain your data and communications for up to three years for the purposes of an audit trail in case of future disputes, but you will not be added to a distribution list for marketing purposes unless you have opted in to such communications.
– If you are a Vendor and no longer wish for your personal details to be stored on our servers, you can delete your name, personal email address and phone number via our admin system.
– If you are a Vendor and wish your profile to be removed from our websites, this will be done according to the terms of our Agreement. If you have no outstanding bookings, we will delete your personal data within 30 days.
– If We approach you because We believe you may be interested in Our services, We will not store any of your personal data until such time that you opt-in.
– You have the right to object to us processing or retaining your personal data for any purpose. To do this, please e-mail firstname.lastname@example.org. In this case, we will be unable to process any future bookings for you unless you re-enter your personal data. On receiving your instruction we will request any additional proof of identification then permanently delete your personal data from our live systems within a maximum of 30 days. Your personal data will be retained in Back Up files for up to one year beyond this point in line with our data retention policy: this data is retained for business continuity and diagnostic purposes only. Your diagnostics data which does not contain personal data will retained for up to two years in line with Our data retention policy.
– You have the right to request access information held about you. On receiving Your instruction We will request any additional proof of identification then permanently delete your personal data from Our live systems within a maximum of 30 days. Any initial request is free of charge; any subsequent request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. Alternatively we may refuse to comply with the request in the circumstances where the request for access is clearly unfounded or excessive.
– You have the right to request correction of the personal data We hold about you.
– You have the right to object to Us processing your personal information specifically for direct marketing purposes. This can be done by clicking the unsubscribe link on any email, or contacting us.
– If you are booking on behalf of a child aged under 16, You must have permission of a person with parental responsibility for them to process their data. We will not send direct marketing communications to children, but their rights under this notice are otherwise the same.