Privacy statement for Firefly House, Cowes

Firefly House is fully compliant with the GDPR (General Data Protection Regulation 25-01-18)

 

This statement concerns "Personal data", ie any data about an identifiable person.  A person can be identified by their name, phone number, email address, reservation number, IP address, or any information that allows them to be uniquely identified.

Firefly House does not have access to, nor hold any "sensitive data" (eg health or religion) about any individual.

What information data does Firefly House hold longterm?

Why do we keep this data?

How do we collect this data?

What temporary data do we hold?

Who do we share this data with?

How long is this data stored?

How can individuals ask to have data about them removed?

 

 

What information data does Firefly House hold longterm?

Firefly House holds the name of each guest booking our accommodation in a Visitor’s Book (kept in a metal locked filing cabinet).

We also hold pseudonym names for each booking for tax purposes (encrypted excel file).

Why do we keep this data?

The Immigration (Hotel Records) Order, 1972 for all serviced and self-catering accommodation states that a record of all guests over the age of 16 (full name and nationality) must be kept for at least 12 months.  For those who are not British, Irish or Commonwealth guests, a passport number, place of issue and details of their next destination are listed.

Data is also kept for HMRC tax notification.

 

How do we collect this data?

Names of guests are collated from bookings for Firefly House through booking channels: Booking.com, AirBNB, Tripadvisor and Freetobook (a UK booking site).  

Please see each individual company’s privacy statements by visiting the links.

 

https://www.booking.com/content/privacy.en-gb.html

https://www.airbnb.co.uk/home/terms-of-service-event

https://www.airbnb.co.uk/terms/privacy_policy

https://www.tripadvisor.co.uk/pages/privacy_pre_060407.html

For details on Freetobook data protection, please scroll down

 

What temporary data do we hold?

Through the booking process of Booking.com, AirBNB and Tripadvisor, Firefly House has viewing access to booking details such as addresses and phone numbers.  This information can be viewed by secure extranet or app on pc, laptop or mobile phone.  All computers, laptops and mobile phones are password protected and each extranet site and app is password protected with additional layers of security such as access codes.   

Personal email addresses are also obtained from some customers (either by direct request through Booking.com or at point of booking through Freetobook) for the purposes of obtaining a security deposit.  After the security deposit is refunded post-stay, emails are deleted from the Firefly House email account.

Payment for bookings through Booking.com, AirBNB and Tripadvisor is between the customer and the booking channel direct.  Firefly House does not have access to any payment details (bank account or credit cards).  Other details such as addresses and telephone numbers are not available to view through the booking channel website after the guests’ stay.

 

Payments for bookings through Freetobook is through Stripe.  Firefly House does not have access to any payment details (bank account or credit cards).  See below for data protection information concerning freetobook.

 

Payment for other bookings is invoiced through WaveApps via Stripe. Firefly House does not have access to any payment details (bank account or credit cards).

 

Who do we share this data with?

Firefly House does not share data with any other organisation or individual.

Guests are only contacted with specific information regarding their booking for Firefly House.

How long is this data stored?

The Visitor’s Book is an ongoing record of guests who have stayed at Firefly House, and names are kept for at least 12 months.    

Other temporary data such as guest’s addresses, email addresses and mobile phone contact numbers are deleted after the guest's stay, by both the booking channel and by Firefly House directly.

 

How can individuals ask to have data about them removed?

Guests whose personal data is stored with Firefly House may request that their data be removed from the Visitor Book or from the Freetobook register.  They should contact Firefly House directly with their request and should expect a response within one month.

Data protection regarding Freetobook

Freetobook is compliant and supportive of GDPR data rules.

 

Freetobook does not store or capture any personal data that is not strictly needed for the booking process nor do they ever transfer any personal data to any other party if it is not part of the booking process.

All credit card data is already super secure with the PCI level 1 compliance of FabPay, Stripe and PCI Card Storage.

Any guest has the right to be forgotten by having detailed information removed from the guest's booking (please make initial request to Firefly House).

Any guest has the right to have access to the data held on them (booking and contact data) (please make initial request to Firefly House).
 

Privacy policies for website provider, email, invoicing and credit card payment systems that Firefly House uses

Website provider - Wix

 https://www.wix.com/about/privacy

Email - Google mail

https://policies.google.com/privacy

Invoicing software - WaveApps

https://my.waveapps.com/privacy/

Creditcard payment system - Stripe

https://stripe.com/gb/privacy