The Tasty Ski Company needs to gather and use certain information about individuals. This data protection policy describes how this personal data is collected, handled and stored to meet the company’s data protection standards in compliance with GDPR legislation.
How your data is used and why consent
We require your consent for all personal data to be collected through this website. All forms will require an opt-in field to be checked to ensure you’re happy for us to collect your data. By selecting this option and submitting a form, you’re agreeing to the policies outlined on this page.
Personal details are collected in a contact form so that The Tasty Ski Company can make contact with a response.
The required fields on the contact form are:
- First Name
- Email address
The optional field on the contact form is:
This information is stored on The Tasty Ski Company’s email server. The email account is protected by a secure password which follows best practice password protection. Two members of staff have access to this information. Form entries from the website are deleted every 30 days.
If a client does not proceed with a holiday booking then their personal details and all email correspondence will be deleted on 30 April each year.
If a client proceeds with a holiday booking then The Tasty Ski Company will request details for each group member:
- Date of Birth
- Dietary Requirements
When the holiday is finished the above data is stored on two computers. The data is stored so that in the case of a repeat booking The Tasty Ski Company does not need to request these details again from the client. Access to these two computers is restricted to two member so staff. Login to these computers is protected by a secure password which follows best practice password protection.
What are my rights?
When your personal data is collected on this website, you have the following rights:
1. Right to be informed – individuals have the right to be informed about the collection and use of their personal data.
2. Right of access – individuals have the right to obtain confirmation that their data is being processed and access to their personal data.
3. Right to rectification – a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete
4. Right to be forgotten – individuals can make a request for erasure verbally or in writing.
5. Right to restrict processing – individuals have the right to request the restriction or suppression of their personal data.
6. Right to data portability – the right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
7. Right to object – an individual has the right to object to processing personal data and direct marketing.
8. Rights related to automated decision-making including profiling – the right of subject access allows a user access to information about the reasoning behind any decisions taken by automated individual decision-making and for profiling.
Personal data of children
The Tasty Ski Company collects the details for both adults and children aged under 13. Consent for children aged under 13 is required from whoever holds parental responsibility for the child.
Access to the data
As covered in the ‘right to access’, individuals have the right to obtain confirmation that their data is being processed and access to their personal data.
Access to data can be requested by email or telephone:
The user will receive the requested data within 5 working days.
How can you request that your data is removed
Under the ‘right to be forgotten’ a user has the right to make a request for erasure of their personal data.
Removal of data can be requested by email or telephone:
The data will be removed within 5 working days.
Our Data Breach policy
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
While we do everything in our power to prevent this, if a data breach was to occur, we would endeavour to inform the supervisory authority (ICO) within 72 hours. We would also endeavour to inform all affected users about any potential risks which may come as a result of the breach.
If a data breach was to occur, we will document all relevant information and be completely transparent with any users who may be affected. All breaches shall be recorded, including facts relating to the breach, its effects and the remedial action taken. Following a breach, we will ensure to investigate whether the breach occurred as a result of human error or a systemic issue.