We treat our responsibility to the security of your data seriously. This policy explains what personal data we collect as data controllers, how it’s stored, how it’s used and with who it’s shared. Personal data means information which relates to an identified or an identifiable individual, and a data controller is an organisation which is responsible for deciding what personal data is processed, and how it’s processed.
For information on the personal data processed by us as data processors (on behalf and under the instructions of our customers) in connection with the provision of The Holiday Tracker, please read our article on GDPR and The Holiday Tracker.
When we say we, us or our, we mean Burns Software Development Ltd., trading as The Holiday Tracker, whose principal business address is: 7 Kensington Villas, Westerhope, Newcastle, NE5 5HN
If you have any questions about this privacy notice or your personal data, (including complaints and any requests to exercise your data protection rights) please contact us either by:
We may collect, use, store and transfer various types of personal data relating to your identity, contact details, profile, profession, usage of our website and our products and services, and our professional interactions with you.
|Types of personal data we may collect||Examples|
|Identity data||Name; title;|
|Contact data||Address; email; telephone number;|
|Profile data||Preferences; feedback and survey responses;|
|Professional data||Job title; name of business or organisation; professional credentials; professional contact details;|
|Usage data||Information about your use of our website and The Holiday Tracker;|
|Financial data||Details of your credit or payment card, billing, invoicing and payments;|
|Contractual data||Information related to our contractual relationship with you;|
|Enquiries data||Details of enquiries submitted to us;|
|IT data||Logins and usernames to The Holiday Tracker portals; encrypted passwords;|
|Technical data||Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.|
We also collect data on your behaviour as you use our website and The Holiday Tracker. This data allows us to better understand how our customers and their employees use our product. The data we collect is anonymised statistical data and it is impossible to correlate a particular user’s browsing behaviour with the user themselves.
We collect most of this information from you direct. However, we may also collect information from other sources.
|Type of source||Examples|
|Your use of our website||when you sign up for the free trial of The Holiday Tracker; when you sign up to our mailing list; submit an online enquiry; subscribe to our blogs; complete a survey; or give us your feedback;|
|Direct interactions with you||when you first contact us (e.g. by phone or email); when you give us your business card; when you register interest in our products;|
|From publicly accessible sources||your website; your professional profiles on social media platforms (e.g. LinkedIn, Facebook, Twitter);|
|Directly from a third party||another organisation or professional who told us that you would like to hear from us;|
|Automated technologies or interactions||As you interact with our website or The Holiday Tracker, we may automatically collect technical data about your equipment, usage of The Holiday Tracker, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.|
We primarily use the data we collect to provide and to improve our services to you. We also use your email address to send notifications related to actions within The Holiday Tracker - notification of a holiday request, for example.
We may also use email addresses to provide you with information about updates to the service, other services we feel may be of interest to you and any other information we feel is valuable to you as a customer. You can opt out of these emails by using the Unsubscribe link in the email.
We can only use your personal data if we have a proper reason for doing so. For example, because:
Generally we do not rely on consent as a legal basis for processing your personal data other than:
Where your permission is required, we will ask you for such consent separately and clearly. You have the right to withdraw consent to marketing at any time by emailing us at firstname.lastname@example.org or using the ‘unsubscribe’ link in our marketing emails. Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.
We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We rely on our own, and/or or a third party’s legitimate interests, when we process your data for the following purposes:
We may process your personal data to comply with our legal obligation. For example, to:
The Holiday Tracker make use of a limited number of third party services to provide you with the service we make available. These third parties all comply with the Data Protection and the GDPR. Below is a list of the third parties.
Our email is hosted by Google’s G-Suite, so any emails you exchange with our employees, or with our email@example.com email address is stored and processed on Google’s servers.
The Holiday Tracker makes use of Google Analytics to better understand how our customers and their employees use our product. Google Analytics collects anonymised statistical data about the use of our website and The Holiday Tracker application.
We use Google Analytics to help us identify how users make use of our website and The Holiday Tracker itself. No personal data is passed to Google Analytics and it is impossible to correlate a particular user’s browsing behaviour with any data stored within Google Analytics. Google Analytics simply allows us to view anonymised statistical data about how our users make use of The Holiday Tracker.
Google is based in the US and subscribes to the EU-US and Swiss-US Privacy Shield Framework. Transfers of personal data under the Privacy Shield framework are deemed by the European Commission to provide an appropriate level of protection.
The Holiday Tracker application and all data is hosted by Microsoft in it’s UK data centres. We chose Microsoft as their experience and reputation inspire confidence in their ability to keep your data safe and secure. By using their Azure platform, we’re guaranteed that our servers and firewalls are always up to date. Security patches are applied automatically without the need to shutdown or restart the servers hosting The Holiday Tracker.
You can read more about their specific standards and procedures, and their approach to GDPR compliance at the links below.
Any automated emails sent by The Holiday Tracker, such as holiday request notifications, are sent via our email partner SendGrid, who are based in the US. To ensure the adequate protection of personal data, they have certified to the EU-US and Swiss-US Privacy Shield Framework. More details on this can be found at the links below.
Credit and debit card payments are handled by our partner Stripe Payments Europe Limited. As with all third parties, we provide them with the minimum amount of data required for them to provide the required service. In Stripe’s case, this is limited to the card payment details you provide on the billing page. In addition, we don’t store your card details ourselves at all, other than the last four digits of your card and the expiry date.
Stripe’s parent company are based in the US and in order to process payments, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. To ensure the adequate protection of personal data, they have certified to the EU-US and Swiss-US Privacy Shield Framework. More details on this can be found at the link below.
As a customer you may also be subscribed to our mailing list. We send a monthly newsletter to our mailing list using MailChimp. We only provide MailChimp with names and email addresses in order to facilitate them sending our newsletter.
The Rocket Science Group, the company behind Mailchimp, is based in the US and participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
The Holiday Tracker application and all data is hosted by Microsoft in its UK data centres. We chose Microsoft as their experience and reputation inspire confidence in their ability to keep your data safe and secure.
We use industry standard SSL encryption to encrypt all data transferred between you and our servers – look for the padlock in your browser. We also employ encryption-at-rest on the data stored on the servers.
Backups of the data are taken every 10 minutes and are retained for two weeks.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. For example, if you:
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).
|Access||This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.|
|Rectification||The right to require us to correct any inaccuracies in your personal data.|
|Erasure (to be forgotten)||The right to require us to delete your personal data in certain situations.|
|Restriction of processing||The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).|
|Data portability||The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.|
|To object||The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).|
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you.|
If you would like to exercise any of those rights, please contact us at firstname.lastname@example.org. Please let us know what right you want to exercise and the information to which your request relates.
We hope that we can resolve any query or concern you may raise about our use of your information. However, if you are not happy with our handling of your complaint, you have a right to lodge a complaint with a supervisory authority, in particular in the European Union (or the European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted at https://ico.org.uk/concerns or by telephone on: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.