Privacy Policy

Privacy Policy

This Privacy Policy sets out how the Settle and Carlisle Railway Trust will process and use any personal data that you provide to us, or that we may collect as a result of you visiting www.settlecarlisletrust.org.uk

The Settle and Carlisle Railway Trust is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy policy.

Please read the following information to understand our practices with regards to your personal data and how we will treat it.

Our Privacy Promise

We promise:

  • To keep your data safe and private
  • Not to sell your data
  • To give you ways to manage and review your marketing choices at any time.

Who we are

Settle and Carlisle Railway Trust is the charity responsible for your information under this privacy policy, for any information that is gathered through use of this website.

What information do we collect

When a person uses our website to make a booking or fill in an online form, we collect some or all of the following personal information:

  • Name
  • Date of birth
  • Contact information such as email addresses and telephone numbers
  • Demographic information such as post code, preferences, and interests
  • Financial information such as credit/debit card numbers
  • IP address
  • Web browser type and version
  • Operating system
  • A list of URLs starting with a referring site, your activity on Our Site, and the site you exit to

Information We Collect from Third Parties.

Settle and Carlisle Railway Trust may collect information from third parties, including personal information that we need in order to provide our service. We do not control, supervise or respond as to how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.

How do we use your information?

We will use the data that you provided to us at the time of making a booking, in order to provide you with our company services to confirm and manage your booking. To complete your booking, we share your personal information with our subcontractors who are involved in the booking process, such as payment providers who will process the booking payments, and our housekeeping staff, who require guest contact details in order to arrange check in times.

We will use your information in order to contact you regarding any booking related enquiries, or to provide you with information relevant to your stay.

Information may also be used to analyse your use of our Site and gathering feedback to enable us to continually improve our Site and your user experience.

IP ADDRESSES AND COOKIES

We do not collect information about your computer or how you use our website. The only cookies used will be on our third party booking engine when you make a booking.

How do we store your data?

All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times.

We will do our best to protect your personal data, unfortunately, the transmission of information over the internet is not entirely secure and we cannot guarantee the security of data transmitted to our sites. Any transmission of data is at your own risk.

Once you have made available your credit card details to make a payment, these are used for the process of completing the transaction. We do not store these details. Credit card details taken both over the phone and online are deleted once payment is complete.

Do we share your data?

In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.

We may sometimes contract with third parties to supply products and services to you on our behalf. These may include payment processing, delivery of goods, and search engine facilities. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.

We may sometimes use third party data processors that are located outside of the UK or European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.

Third Party Websites

From time to time our site may contain links to and from the websites of our partner networks, advertisers and affiliates. If you visit any of these sites please note that they have their own privacy policies and you should check these before submitting any personal data. We cannot accept any responsibility or liability for these policies.

Access to your data

You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

In accordance with the General Data Protection Regulation (GDPR), you have the right to have your personal data erased from our system. Exercising this right will remove your personal details and anonymise any data relevant to marketing, business development, statistical and management purposes.

Please note, we us a booking software called Bookster. This company will retain a log entry only with your Name, Email Address and Date you requested a “Right To Erasure” in order for Bookster to be compliant with auditing requirements.

You may email us if you would like to exercise your “Right to Erasure”. Please note that this can take up to a 30 days to be completed. Once your request has been received, an email will be sent to Bookster regarding your request. You will also receive confirmation of your “Right to Erasure” request once processed for your records.

Contact

We welcome any questions, comments and requests regarding this privacy policy and should be emailed to enquiries@settlecarlisletrust.org.uk

We will respond to enquiries within 30 days

Policy date

This policy was last updated on the 22/05/2020