PRIVACY POLICY

westharristrust.org and tallanamara.co.uk and www.thewestharristrust.org (Camping page) is provided by West Harris Trust Limited and its affiliated businesses (“we”, “our”, or “us”). Our registered office is at Talla na Mara, Pairc Niseaboist, Isle of Harris, HS3 3AE.

Introduction

This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that relates to you (“personal data”). In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on personal data. It tells you about your privacy rights and how the law protects you.

We are committed to protecting your privacy and the confidentiality of your personal data. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal data. Our policy complies with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

Except as set out below, we do not share, or sell, or disclose to a third party, any personal data collected through our website.

  1. Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for ensuring that our policy is followed.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our DPO at admin@westharristrust.org.

    2. Data we process

We may collect, use, store and transfer different kinds of personal data about you. We have collated these into groups as follows:

  • Your identity includes information such as first name, last name, title, date of birth, and other identifiers that you may have provided at some time.

  • Your contact information includes information such as billing address, delivery address, email address, telephone numbers and any other information you have given to us for the purpose of communication or meeting.

  • Your financial data includes information such as your bank account and payment card details.

  • Transaction data includes details about payments or communications to and from you and information about products and services you have purchased from us.

  • Technical data includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website (see section: “cookies” below).

  • Your profile includes information such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

  • Marketing data includes your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.

We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal data in law because it does not reveal your identity.

For example, we may aggregate profile data to assess interest in a product or service.

However, if we combine or connect aggregated data with your personal data so that it can identify you in any way, we treat the combined data as personal data and it will be used in accordance with this privacy notice.

If you do not provide personal data when requested, we may not be able to provide our services, or allow you to use all features of our website. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.

3. How we collect your personal data

We collect personal data from you:

  • directly, when you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, purchase products or services via our website, post material to our website and complete customer surveys or participate in competitions via our website,

  • If you are a business partner or affiliate, directly when you make referrals to us, and

  • indirectly, such as your browsing activity while on our website; we will usually collect information indirectly using the technologies explain in the section on ‘Cookies’ below.

4. How and why we process your personal data

The law only allows us to use your personal data if we have a proper reason eg:

  • Where you have given consent

  • To comply with our legal and regulatory obligations

  • For the performance of a contract with you or to take steps at your request before entering in to a contract, or

  • For our legitimate interest or those of a third party

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see above: “Data Protection Officer”).

The table below explains what we use your personal data for and why:

What we use your personal data for:
Our reasons:
provide you with our products or services To perform our contract with you or to take steps at your request before entering into a contract
verify your identity for security purposes For our legitimate interests or those of a third party
provide you with suggestions and advice on how to obtain the most from using our website For our legitimate interests or those of a third party
To create and manage your account with us To perform our contract with you or to take steps at your request before entering into a contract
record-keeping for the proper and necessary administration of our business For our legitimate interests or those of a third party
responding to unsolicited communication from you to which we believe you would expect a response For our legitimate interests or those of a third party
protecting and asserting our legal rights or the rights of another party For our legitimate interests or those of a third party
insuring against or obtaining professional advice that is required to manage business risk For our legitimate interests or those of a third party
Sharing data with authorities if they so request or if they have the proper authorisation such as a search warrant or court order. To comply with a legal obligation

Carrying out credit checks to protect against fraud

As a business partner/affiliate, to account for referrals and process commissions for referrals you make

For our legitimate interests or those of a third party

To perform our contract with you or to take steps at your request before entering into a contract

8. Sharing personal data

We routinely share personal data with:

  • third parties we use to help deliver our products services to you, eg payment service providers including Stripe, Paypal, GoCardless and others. Be aware that we are not the data controller of the websites or plugins used by our payment providers and you should contact them directly with any queries on how they use of your data.

  • other third parties we use to help us run our business, eg marketing agencies or website hosts and website analytics providers.

We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above may occasionally also need to share personal data with:

  • external auditors, eg in relation to the audit of our accounts, in which case the recipient of the personal data will be bound by confidentiality obligations

  • professional advisors (such as lawyers and other advisors), in which case the recipient of the personal data will be bound by confidentiality obligations

  • law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations

  • other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, personal data will be anonymised but this may not always be possible, however, the recipient of the personal data will be bound by confidentiality obligations

If you would like more information about who we share our data with and why, please contact us (see ‘Data Protection Officer’ above).

Our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people. Examples include:

  • posting a message on a forum

  • tagging an image

  • clicking on an icon next to another visitor’s message to convey your agreement, disagreement or thanks

In posting personal data, it is up to you to consider who might use it. We have no control over what any third party may do with it and it is your responsibility to decide what information you make publicly available via our website. We will not use this personal data except to allow it to be displayed or shared.

At our discretion we may agree to your request to delete personal data that you have publicly posted. You can make a request by contacting us (see above: “Data Protection Officer”).

 16. Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. We use cookies in the following ways:

  • to track how you use our website

  • to record whether you have seen specific messages we display on our website

  • to keep you signed in our site

  • to record your answers to surveys and questionnaires on our site while you complete them

  • to record the conversation thread during a live chat with our support team

For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published by the UK Information Commissioner’s Office, www.aboutcookies.org or www.allaboutcookies.org.

We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (e.g. to make sure your user account works properly if you use one).

You can withdraw any consent to the use of cookies or manage any other cookie preferences. It may be necessary to refresh the page for the updated settings to take effect.

The table below provides more information about the cookies we use and why:

Cookie
Domain
Type
Description
Duration
tk_or .westharristrust.org Analytics The tk_or is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack 5 years
tk_r3d .westharristrust.org Analytics JetPack installs this cookie to collect internal metrics for user activity and in turn improve user experience. 3 days
tk_lr .westharristrust.org Analytics The tk_lr is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack 1 year
PHPSESSID www.westharristrust.org Necessary This cookie is native to PHP applications. The cookie is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. Session
cookielawinfo-checkbox-necessary www.westharristrust.org Necessary Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Necessary” category 1 year
pdb-sess www.westharristrust.org Other No description Session

If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.

We provide more information about the cookies we use in our cookie policy.

17. Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed into our website.

18. Marketing

We may use a third party to provide us with re-marketing services from time to time. If you have consented to our use of marketing cookies, you may see advertisements for our products and services on other websites.

Occasionally, third parties may advertise on our website. We do not have control over the data that these parties obtain when you interact with their advertisements. You should contact the advertiser directly with any questions on how they use your data.

22. International transfers of personal data

Our websites are hosted in Europe. It is sometimes necessary to use outsourced services in countries outside the UK from time to time in other aspects of our business which could involve sharing your personal data.

Accordingly, we use the following safeguards with respect to data transferred outside the UK:

  • Where the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR.

  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or

  • a specific exception applies under relevant data protection law

You can obtain more information on these safeguards by contacting us (see above: “Data Protection Officer”).

23. Keeping us informed of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

27. Use of site by children

Our website is not designed for children.

If you are under 13, you may use our website only with consent from a parent or guardian

If you are aware that any personal data of anyone under 13 years old has been shared with our website, please let us know so that we can delete that data.

28. Encryption of data sent between us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

29. Your rights

You generally have the following rights:

  • Right of access – you have the right to request a copy of the personal data that we hold about you.

  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.

  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.

  • Right to object – you have the right to object to certain types of processing such as direct marketing.

  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

To exercise your rights, please be aware that we will need sufficient information to handle your request, and sometimes proof of identification may be required. Not all rights apply in every circumstance and we will explain to you if there is a reason that we cannot comply with any request.

All requests should be made to our DPO (see above: “Data Protection Officer”).

30. How you can complain

If you are not happy with how we process your data, then you should tell us by contacting our DPO (see above: “Data Protection Officer”).

If you remain dissatisfied, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO). This can be done at https://ico.org.uk/make-a-complaint/.

30. Retention period for personal data

Except as otherwise mentioned in this privacy notice, we keep your personal data only for as long as required for the purpose it was collected. Specific details are available in our retention schedule which you can request a copy of from the DPO (see above: “Data Protection Officer”).

32. Review of this privacy policy

We may update this privacy notice from time to time as necessary. If we make significant changes, we will take steps to inform you, for example by placing a prominent link to these changes on our website.