About this policy
England Originals is brought to you by England’s Historic Cities, a partnership of destinations brought together by common product and interests. Its purpose is to exchange knowledge, find solutions to shared challenges, benchmark performance, raise the profile of England’s heritage product and facilitate joint activity, all with the intention of maximising the potential of the cities’ visitor economies.
The Data Controller (the organisation responsible for looking after your data) is England’s Historic Cities. When we say “we”, “our”, “us”, etc., that’s who we’re talking about. Please see our website to find out more about us.
We are grateful for the trust you place in us, to use us to help you to arrange your visit to our cities and to use your personal information responsibly. We are committed to protecting your information and we believe you have a right to know how we will use it. This policy sets out the data protection principles we follow.
This policy covers our dealings with customers – people who have booked tickets or accommodation or are looking for things to do and places to visit in the England Originals cities. Please note that our customers and owners must be over the age of 18 and we do not therefore collect personal information from children.
We will update our Privacy and Cookies Policy as data protection law or business practice changes. You can always find the latest version of this policy here. This version of the policy is effective from May 2018.
We process personal information for certain legitimate business purposes, which means that we have genuine and legitimate reason to contact you and are using your data in a way you should reasonably expect us to as part of your relationship with us.
This may include some of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our cities
- to better understand how people interact with our websites
- to determine the effectiveness of our marketing campaigns, advertising and promotional campaigns
Whenever we process data for these purposes we will ensure that we always keep your data rights in high regard and take account of these rights. You have the right to object to this processing if you wish and if you wish to do so please email email@example.com
Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.
We generally use your data either on the basis of your consent, or based on a contract between us (e.g. when you book accommodation or tickets). You have the right to withdraw your consent. All our marketing communications include an unsubscribe link, to make it easy to withdraw consent.
If you withdraw your consent (e.g. by opting out of marketing communications), we will stop processing your data as requested. Bear in mind if you have tickets or accommodation booked and you have not yet visited, we’ll still need to hold onto your data so we can process the booking. That’s because the contract between us is the basis for using your data (rather than consent). For more information, see the “Legal basis of processing” section below.
If you are concerned about the processing of your data, please contact us – 07812 037006 or firstname.lastname@example.org. If you are unhappy with our use of your data, you also have the right to make a complaint to the Information Commissioner’s Office, which supervises data protection in the UK.
You have the right to receive a copy of your personal data. You also have the right to request that we remove your data, when there remains no legal basis for keeping it. Please note that when these rights are exercised, we will conduct identification checks in order to ensure your privacy is safeguarded. You will need to contact us by email or post, to exercise these rights.
Personal information we collect
In order to provide you with the best possible service, we collect the following information:
Marketing: name and email address only, with gender and post code optional.
Contact details: Name, postal addresses (main and billing), phone numbers, email addresses.
Accommodation Bookings: Name, postal addresses (main and billing), phone numbers, email addresses, property booked, visit start/end dates, cost of stay, amounts paid.
Tickets: Name, postal addresses (main and billing), phone numbers, email addresses, attraction booked, date of visit, cost of visit, amounts paid, opt in/out to receive marketing from us.
Payment: method, payment card expiry date, amounts collected. Please note that we do not capture or store your full card details: payment is handled by our payment service providers.
Browsing: historical searches, how you use our website, the devices and IP addresses you use to access our services (operating system, browser, …), We collect this information so that we can continuously improve our website and our service to you.
Through our partnerships, we may receive some of the above information from other companies you might use to book accommodation via our website (e.g. other online accommodation booking providers (booking.com, laterooms.com, Expedia etc..) In such cases, those companies must also inform you about their use of your data.
How we use your personal information
We use your personal information to:
- Manage your accommodation booking
- Manage your ticket booking
- Understand how to improve our services and provide the best information and offers
- Detect and prevent fraud or abuse of our services
- Personalise your online experience
- Enable the display of the most appropriate adverts on our websites and on other websites and services where we place advertising
- Communicate with you, including for example, responding to your emails, messages on social media, handling customer service matters and so on
- Process your payments
- With your permission, send you relevant marketing information such as details of competitions, special offers and things to do we think will be of interest to you
- Manage competitions and special offers in which you participate
- Make sure our servers and websites are operating correctly
How we collect personal information
We receive personal information from:
- You, as you provide it to us (e.g. when booking accommodation or attraction/event tickets)
- Your use of our websites
- Third party holiday providers you may book accommodation with, who advertise on our website
- Your interaction with our marketing activities (provided you have not unsubscribed)
Legal basis of processing
There are several grounds on which we will store and use your data. As follows:
Consent: for certain types of processing (e.g. marketing activities), we rely on your consent to use your data. You may withdraw your consent at any time (see “Your rights”, above).
Contract: much of the time, our use of your data will be because of the contract between us – that is, in relation to your accommodation or ticket booking. We will usually retain relevant data for up to six years from the date the contract completes.
Legal obligations: we are under certain binding legal obligations, such as accounting to the government for tax and making financial records available for audit. In such cases, we are typically obliged to retain data for up to seven years from the date of the transaction.
Legitimate interests: we use data to manage our operations and to make business process improvements. Rest assured, our legitimate interests will never override your right to privacy.
How we share your personal information
We give some of your contact information to accommodation providers and attractions, so they can get in touch about your booking. (We also give you their contact details, for the same reason.)
If you permit us to send you marketing information, we will not share it with any 3rd parties and it will be used solely by us for the reasons stated above.
1. We store your data in cloud services provided by third parties. Those third parties do not however have access to your data.
2. We do not transfer your data outside the UK or the European Union.
Security of your data
We protect your data with various technological measures. We also regularly test and evaluate the security of our systems, updating safeguards as appropriate. Our staff are trained in the importance of security and privacy and we treat breaches of confidentiality and privacy as disciplinary matters.