Privacy Policy for Grampian Eco Tours
Grampian Eco Tours (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, process, and store your personal data when you visit and interact with our website at grampiansecotours.com (the “Site”). We are fully dedicated to ensuring that your personal information is collected and used in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), with a fundamentally privacy-first approach across all our operations.
1. Commitment to Privacy and Data Protection
Your privacy is of paramount importance to us. This Privacy Policy ensures transparency regarding the personal data we collect and your rights under applicable privacy regulations. We recognize the responsibility of securing your personal information with the highest level of integrity, and we commit to handling all data with care, confidentiality, and in accordance with current legal standards.
2. Scope of Policy and Data Controller
This Privacy Policy applies to personal data we collect through your interactions with grampiansecotours.com including when you browse our website, make bookings, contact us for support, subscribe to our mailing list, or engage in any other services offered. For GDPR purposes, the data controller of your personal data is Grampian Eco Tours. Any queries relating to data protection may be directed to [email protected].
3. Categories of Data We Process
We collect and process the following categories of personal data:
– Usage Data: Information about your interactions with our website, including IP address, browser type, session durations, pages visited, and referral URLs.
– Account Data: Information you provide during the creation of an account or booking, such as your full name, email address, phone number, and postal address.
– Profile Data: Details about your preferences, past bookings, behavioral data such as tour interests, feedback, and user-generated content.
– Communication Data: Any data exchanged in communications including emails, inquiries, support messages, or surveyed feedback. This includes a record of communications for audit and service improvement.
– Technical Data: Data about the device you use to access our website, including operating system, system configurations, and device identifiers.
– Transaction Data: Data related to payment and purchases, such as billing details, transaction history, card type (through secure third-party payment processors), and delivery logistics.
– Preference Data: Marketing and communication preferences, consent for promotional emails, wishlists, and indicated interests for tailor-made tour experiences.
4. Legal Bases for Processing Personal Data
In compliance with GDPR, we rely on the following legal bases to process your personal information:
– Consent: Where you have given clear consent for us to process your personal data for specific purposes (e.g., subscription to newsletters or marketing communications).
– Contractual Necessity: To fulfill an agreement with you, such as facilitating a booking or responding to your requests.
– Legal Obligation: Where processing is necessary to comply with legal or regulatory obligations.
– Legitimate Interests: Where the processing is necessary for our legitimate interests, including improving our services, user experience, marketing our offerings, or preventing fraud, provided these are not overridden by your rights and freedoms.
5. Your Rights
You have the following rights under data protection laws:
– Right of Access: You may request access to the personal data we hold about you and information about how we process it.
– Right to Rectification: You may request corrections to any inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal data, subject to legal obligations.
– Right to Restrict Processing: You may request limitation of data processing under certain conditions.
– Right to Data Portability: You may request your data in a structured, commonly used format for transfer to another organization.
To exercise any of your rights, please contact us at [email protected]. We will respond to your requests under the timeframes required by applicable law.
6. Security Measures
We implement appropriate technical and organizational safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include:
– End-to-end encryption for data automatically transferred via our Site and services
– Multi-level user access controls
– Regular data backups and secure storage environments
– Staff training on data privacy obligations and internal policy adherence
7. International Transfers
Where personal data is transferred outside the United Kingdom, the European Economic Area, or other jurisdictions with equivalent privacy regulations, we ensure such transfers are compliant with applicable data protection laws through the use of appropriate safeguards, including Standard Contractual Clauses (SCCs), privacy shield mechanisms, or other lawful bases.
8. Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected or as required under relevant legal or regulatory obligations. The general retention periods are:
– Account and Transaction Data: retained for up to seven (7) years, to meet accounting and legal obligations.
– Communication and Support Data: retained for up to three (3) years from the last interaction.
– Preference and Marketing Data: retained until consent is withdrawn or the data subject unsubscribes.
– Usage and Technical Data: retained for up to twenty-four (24) months for analytics and operational improvements.
Upon expiration of retention periods, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies to operate and improve our website. Cookies are small data files stored on your device that help us understand how you navigate grampiansecotours.com and enhance your user experience. The categories of cookies used include:
– Essential Cookies: Necessary for website functionality, including session management and security.
– Functional Cookies: Enable enhanced features such as remembering user preferences and selected language.
– Analytics Cookies: Help us analyze user activity to improve performance and understand usage trends (e.g., Google Analytics).
– Performance Cookies: Monitor loading speed and other performance indicators to provide a consistent user experience.
10. Cookie Management & Compliance
You have control over your cookie preferences. On your first visit to grampiansecotours.com, you will be prompted with a banner to accept or manage your cookie preferences in accordance with GDPR and CCPA regulations. You may withdraw your consent or modify preferences at any time by accessing cookie settings on our website. You may also manage cookies through your browser settings, although disabling some may affect the functionality of our Site.
California consumers have the right to opt out of the sale or sharing of their personal information. While we do not monetize your personal data, we respect opt-out requests in accordance with CCPA requirements.
11. Children’s Privacy
We do not knowingly collect or process personal information from children under the age of 13 years. If you believe that a minor has provided personal information through grampiansecotours.com, please contact us at [email protected] and we will initiate prompt deletion of the information in accordance with applicable laws.
12. Policy Updates and Notifications
We may periodically update this Privacy Policy to reflect changes in the law, our data processing practices, or website functionality. We encourage you to review this policy regularly. Where significant changes are made, we will provide appropriate notification on the website or via email where applicable.
13. Contact Information
If you have any questions, requests, or concerns about this Privacy Policy or the way your data is handled, please contact us at:
For all communications regarding your data privacy rights or this policy, please indicate “Privacy Inquiry” in the subject line of your correspondence.
—
Grampian Eco Tours is committed to full compliance with data protection regulations and best practices. If you have any concerns regarding privacy, we welcome you to contact us at [email protected].