You are here: Home > Information > Data Protection Policy
Outer Hebrides Tourism is strongly committed to protecting and respecting your personal information and privacy. This Privacy Policy explains our policy for the collection and use of information about you and your transactions with us. We may change this policy from time to time. Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time.
Outer Hebrides Tourism is the data controller in connection with any personal information collected or received by us arising from your use of any of our products, services, applications, websites and customer support communications.
We will process your personal data in accordance with the GDPR (General Data Protection Regulation). We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, fire walls and server authentication to protect the security of your data. For all Outer Hebrides Tourism companies, all of our staff and whenever we hire third parties to provide support services, we will require them to observe our privacy standards and to allow us to audit them for compliance.
We may use your information:
We review our retention periods for personal information on a regular basis and we will hold your personal information on our systems only for so long as is necessary for the relevant activity.
E-newsletters - by completing our e-newsletter signup page you are agreeing to receive email marketing communications. These can be unsubscribed from at any time, simply by clicking the unsubscribe link at the bottom of the email.
Brochure requests - by completing our Brochure Request form you are agreeing to receive brochures from us.
Competitions - please check the individual terms and conditions associated with each competition. By entering our competitions and completing our entry forms you are agreeing to receive email marketing communication
The legal basis for this processing is consent/legitimate interest.
Social media and website.
If you use any of our social network pages or applications or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For more information and for details about how you can control access to your social network profile, you should view the privacy policy and other guidance available on your social network’s website.
Where you have uploaded product reviews, comments or content to our websites or services and made them publicly visible, we may link to, publish, or publicise these materials elsewhere including in our own advertisements.
Each time you create or reply to a post or thread on a website forum from us, in addition to providing this forum service, we may also record the forum name and the time and date of your post or thread with your account details. We do this to better understand the ‘typical users’ of our forums and to select or tailor our marketing communications to reflect your forum activity. We do not use the actual content of your forum posts or threads for purposes of sending marketing communications.
The legal basis for processing is legitimate interest.
OHT Membership Account
In addition to above sections, we collect your business address and contact details to create an OHT membership account. When you login, we will track this and your behaviour. We may use this data and other data we hold about you to tailor your experience in the account and any communications we send. We may also use it improve our service to you and others.
If you ask us to cancel your account, we will cancel the account. We will however delete the data within 18 months as we need to keep your data for accounting and other legal obligations.
The legal basis for this processing is consent/legitimate interest.
Providing your personal data to others
We may use other third-party service providers to provide certain data processing services for us (acting as our authorised data processors). Examples of authorised data processors could include billing and fulfilment partners, IT solution providers, data analytics providers who process information on our behalf for the purposes outlined above. For example, we may use the services of third parties to personalise content, fulfil orders, deliver packages, send postal mail and emails, send text messages (SMS), provide marketing assistance, process credit card payments, provide fraud checking services and provide customer services.
When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.
In addition to the specific disclosures of personal data set out in this section, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
International transfers of your personal data
We store your data on our secure servers in the United Kingdom and retain it for a reasonable period or as long as the law requires. However, your data may be transferred to, stored at, and processed at a destination inside or outside the European Economic Area by our partners or service providers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
Retaining and deleting personal data
Personal data that we process shall not be kept for longer than is necessary for that purpose or those purposes.
Your personal data will be retained for 5 years following the date you cease to be a client, or longer as required to meet our regulatory obligations.
Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests.
Links to third party sites
Some of our websites may contain links to other third-party websites that are not operated by us. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those third-party websites. We strongly encourage you to view the privacy and cookie policies displayed on those third-party websites to find out how your personal information may be used.
Amendments
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
Your Rights
In this Section we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under GDPR are:
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity. In practice, you will usually either expressly agree (opt in) in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Cookies
By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive which allow that website to recognise you when you visit. Cookies collect statistical information about your browsing actions and patterns and do not identify you as an individual. We use cookies to improve our website and provide you with a better service. We cannot personally identify you.
Children
We are especially concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under, please ask your parent/guardian’s permission before providing any personal information.
About Us
The website is owned and operated by Outer Hebrides Tourism (Trading) Community Interest Company.
We operate two companies Outer Hebrides Tourism (Trading) Community Interest Company, registration no: SC501113 and Outer Hebrides Tourism Community Interest Company, registration no: SC471775.
Our registered office for both companies is at:
3 Linshader, Isle of Lewis, Western Isles HS2 9DR.
Our principle place of business is in the Outer Hebrides.
Contact us: at the above address or Email: enquiries@outerhebridestourism.org
Data Protection Officer – Ian Fordham, Chairman, Outer Hebrides Tourism
© Outer Hebrides Tourism (Trading) 2024. Registered in Scotland SC501113. All Rights Reserved