Scent of Italy Ltd (‘we’, ‘us’, ‘our’) is committed to protecting your privacy and safeguarding your personal data.
In accordance with the General Data Protection Regulation (GDPR), this policy explains when and why we collect personal data about you, how we use it, how we keep it secure and the conditions under which we may disclose it to others.
This policy is reviewed regularly and may change from time to time due to changes in the law, so please check this page occasionally to ensure that you are happy with any changes which have been made. This policy was last updated on 1st September 2018.
The data controller is Scent of Italy Ltd, Kemp House 152-160 City Road, London EC1V 2NX.
Any questions regarding this policy and our privacy practices should be sent by email to firstname.lastname@example.org, or in writing to Scent of Italy Ltd, at the above address, or you can telephone 03300 577150.
What Information do we collect from you?
We may collect all or some of the following information relating to you or other members of your party. We will only collect enough personal information to provide you with the requested information or fulfil our contract to you. You are responsible for ensuring that other members of your party are aware of this Policy and consent to you acting on their behalf in all your dealings with us.
The personal data we collect from you might include your name, postal address, telephone number and email address. For bookings we may also collect further information about you and if necessary for entry visa purposes, the members of your party including name, age, date of birth, birth town, country and place of residence, and passport information, including passport number, start date, expiry date and country of issue.
Special categories of Personal Data
We do not collect any ‘special categories of personal data’ as defined in the GDPR such as race, ethnic origin, politics, religion, health etc.
Details about payments, purchases made by you and contracts with you.
When you make a purchase, payment card details are collected directly via our fully certified PCI DSS level 1 payment service provider, (see ‘Who might we share your information with’ below).
We use Google Analytics to collect information about how visitors use our website, for instance which pages visitors go to most often and searches they may have made. This information includes IP address, browser type and version, operating type and system and time zone.
Communications & Marketing Data
Your preferences for receiving communications and marketing from us.
Why do we collect this information?
We obtain information about you when you use our website, for example, when you contact us about our service and products, or subscribe to our mailing list to receive updates and offers. We obtain information directly from you to enable us to effectively provide services and/or products you have purchased.
Who might we share your information with?
We may share your personal information with third-party suppliers to process data on our behalf, to enable us to deliver our services to you. These include:
- Our Business Accountants White Hart Associates LLP www.whitehartassociates.com/privacy-notice
We will only provide third-parties with the personal information they require to deliver their services.
How do we process your information?
We may use your information in the following ways:
|Activity||Data Type||Lawful basis for processing|
|Process an inquiry that you have made||Personal||We have received your consent.|
|To process a booking or purchase you have made||Personal
|Necessary for a contract we have with you.|
|Manage our relationship with you||Personal
Marketing & Communications
|Necessary for a contract we have with you.
To comply with a legal obligation.
|Notify you of changes to our services and products, new services and offers||Personal
Marketing & Communications
|We have received your consent.|
|Administer our business and website||Personal
|To comply with a legal obligation.|
|Analyse and improve the operation of the website||Technical||We have received your consent.|
How long do we keep your information?
We will hold your personal information on our systems only for as long as is necessary for the relevant activity, and as long as we are legally required to do so. At the end of the retention period, the relevant data will be securely destroyed.
What are your rights?
Under the GDPR you have the right:
- To be informed. We will always keep you informed on how we use your personal data via this policy and other notifications as necessary.
- Of access. You have the right to ask for a copy of the information we hold about you.
- To rectification. We will always endeavour to keep your information up to date, please inform us of any relevant changes to your personal information.
- To erasure. You can request we remove your data from our systems, we will process your request providing there are no lawful reasons why we should not.
- To restrict processing. You have the right to object to us processing your data, which means we will continue to store your personal data but not process it.
- To data portability. If you make a request for the information we hold on you, we can provide it in a suitable exchangeable format, i.e. CSV, Excel.
- To object. You have the right to object to us processing your data. You can unsubscribe from the link on our newsletter email at any time and/or email a request to the address below.
- Rights in relation to automated decision making and profiling. We do not process your data for automated decision making and profiling.
You can make a request for any of the above by email to email@example.com from the email address we have on record for you. We can only process your request if the email address of the requester matches our records. We will respond to any request within 1 month of receipt.
If you have a complaint about the way in which we process your data, please let us know by email to firstname.lastname@example.org and we will respond to you as soon as possible. If you still remain dissatisfied, you can make a complaint to the Information Commissioners Office https://ico.org.uk/
How do we secure your information?
We take appropriate technical and organisational measures to protect the loss, unauthorised access, misuse or alteration of your personal information.
Access to our website is encrypted by an SSL security certificate and you can verify this by the presence of a green padlock at the beginning of the URL. Any information you submit via forms on our website is sent via encrypted email to an admin email address.
Once we receive your information, we make every effort to ensure it is secure on our systems:
- Personal information is accessed on a need to know basis and is only made available to staff requiring access to the information.
- All systems storing personal information are password protected, encrypted and adequately protected by Firewall and Anti-Virus software.
- All mobile devices carrying personal data relating to our business which may include laptop computers, smart phones and tablets will be encrypted and password/PIN protected.