1. Data protection controller and privacy officer
Managing directors: Catriona Stevenson and Helmut Watterott
2. Purposes of data processing and legal framework
2.1 Visiting our website
When accessing our website www.slaintescotland.com the browser that you use will automatically send information to our website’s server. This information is stored temporarily in a so-called log file. The following information is recorded and stored until automatically deleted:
Date and time of the request
Time zone difference compared to Greenwich Mean Time (GMT)
Content of request (specific page)
Access status/HTTP status code
Data volume transmitted
Website from which the request emanates
Operating system and its interface
Browser software language and version.
Duration of visit
Region (City and country)
Age and Sex
Internet Service Provider
We process the above data to ensure a smooth connection setup and user-friendly application of our website, to guarantee network and information security, to analyse system security and stability and also for administrative purposes.
The legitimacy of our data processing is based on Art. 6(1) sentence 1(f) GDPR. Our legitimate interest derives from the aforementioned data recording purposes. We do not use data to draw conclusions about you as an individual.
We also deploy cookies and tracking services on our website. Further details of this are to be found in paragraphs 7 and 8 of this Privacy Statement.
2.2 Subscribing for our newsletter
If you have agreed to receive our newsletter, invitations to events and other information of relevance to you (Art. 6(1) sentence 1(a) DS-GVO), we will use your name and email address to provide you with that information electronically.
You may withdraw your consent at any time with future effect and also unsubscribe. To do this you may use the link at the end of any newsletter or, alternatively, the above email address. This means that we will no longer continue in future to carry out any data processing to which your consent relates and will delete the data unless there should be any legal reason not to do so or a statutory obligation to retain it.
2.3 Using our contact form
If you have questions of any kind you may use our contact form on the website. It is necessary to provide us with your valid mail address in order to answer the questions. Any additional information is voluntarily.
The legitimacy of our data processing is based on Art. 6(1) sentence 1(a) DS-GVO.
The data provided will be deleted after the execution of the enquiry unless there should be any legal reason not to do so or a statutory obligation to retain it.
3. Disclosure of personal data
We will not disclose your personal data to third parties unless:
you have given your consent to this pursuant to Art. 6(1) sentence 1(a) GDPR,
disclosure is necessary under Art. 6(1) sentence 1(f) GDPR in order to assert, establish or defend legal claims and there is no reason to assume that you have an overriding and legitimate interest in non-disclosure of your data,
there should be a statutory obligation of disclosure pursuant to Art. 6(1) sentence 1(c) GDPR, or
permissible by law and necessary for the performance of contracts with you pursuant to Art. 6(1) sentence 1(b) GDPR.
Where we process data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)), where this is done whilst using third-party services or when disclosing or transmitting data to third parties this will only be done so as to fulfil our (pre)contractual duties, with your consent, where required by law to do so, or where we have a legitimate interest in so doing. Unless there should be a statutory exemption we will only process data in a third country if the special statutory conditions under Art. 44 et seq. GDPR are fulfilled.
4. Rights of data subjects
You have the right:
under Art. 15 GDPR to ask for information about your personal data processed by us. You may specifically ask for information as to the purpose of such processing, the categories of personal data concerned, the categories of recipients to whom your data has been or is being disclosed and the length of time that it is intended to be kept, as to the existence of a right to amend, delete or limit such processing or raise an objection, the existence of a right of appeal, the origin of your data if it has not been obtained from us and as to the existence of automated decision-making, including profiling, and details of any significant information;
under Art. 16 GDPR to require the rectification without undue delay of inaccurate personal data recorded by us or the supplementation of personal data recorded by us;
under Art. 17 GDPR to require the erasure of personal data recorded by us unless its processing should be necessary in the exercise of the right of freedom of expression and information, to fulfil a legal requirement, for reasons of public interest or in order to assert, establish or defend legal claims;
under Art. 18 GDPR. to require a restriction to be put on the processing of your personal data where the accuracy of data is disputed by you, processing is unlawful but you refuse its erasure and we no longer need the data but you need it in order to assert, establish or defend legal claims or where you have filed an objection to processing under Art. 21 GDPR;
under Art. 20 GDPR to receive your personal data that you have provided to us in a structured, conventional and machine-readable format or to require it to be transmitted to another data protection controller;
under Art. 7(3) GDPR to withdraw your consent at any time. This means that in future we will no longer be allowed to continue data processing to which your consent relates, and
under Art. 77 GDPR to lodge a complaint with a supervisory authority. You may generally address this to the supervisory authority at your habitual place of residence, your place of work or our place of business.
5. Right to object
Where your personal data is processed for the purpose of legitimate interests under Art. 6(1) sentence 1(f) GDPR you have the right under Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation or where the objection is levelled at direct marketing. In the latter case you have a general right to object which will be implemented by us without a particular situation having to be specified.
If you should wish to exercise your right to object or ask for rectification kindly send an email to the above email address.
6. Data security
When our website is visited we use the SSL method (Secure Socket Layer) in conjunction with the highest level of encryption that is supported by your browser. This will generally be 256-bit encryption. If your browser should not support 256-bit encryption we will have recourse to 128-bit v3 technology. You can see whether a particular page of our website is transmitted encrypted from the closed-form display of the key or padlock icon in the bottom status bar of your browser.
We also apply appropriate technical and organisational security measures to safeguard your data from accidental or deliberate manipulation, complete or partial loss, destruction or access by unauthorised third parties. Our security measures are continually being improved in line with technological progress.
We deploy cookies on our website. These are small files which your browser generates automatically and are saved on your computer, laptop, tablet, smartphone etc. when you visit our website. Information that is produced in conjunction with the particular device used is stored in cookies. The application of cookies serves to make the use of our services more convenient for you. We therefore use so-called session cookies to recognise that you have already visited various pages of our website. They are automatically eliminated when you exit our site. To optimise the user-friendliness of our site we also deploy temporary cookies, which are stored on your device for a specific period of time. When you return to our website they enable us to automatically recognise that you have visited us before and identify your previous entries and settings so that you do not have to input them again.
Data processed using cookies is required for the said purposes in order to safeguard our legitimate interests and those of third parties pursuant to Art. 6(1) sentence 1(f) GDPR.
Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your device or that you are always asked for permission before cookies are saved. Nevertheless, if you decline to accept cookies this might lead to you being unable to use all of the functions of our website.
8. Tracking tools
The tracking measures stated below and applied by us are based on Art. 6(1) sentence 1(f) GDPR. The use of tracking measures is intended to ensure demand-oriented design and ongoing optimisation of our website. We also use tracking measures to ascertain our website usage for statistical purposes and evaluate it so as to optimise our services for you. These constitute legitimate interests within the meaning of Art. 6(1) sentence 1(f) GDPR.
This website uses the following tools which privacy policies you can find using the following links:
Google Analytics und Google Adwords Conversion Tracking (https://policies.google.com/privacy/update?hl=en)
Google Tag Manager (https://policies.google.com/?hl=en)
Google Maps (https://policies.google.com/privacy?hl=en&gl=en)
Facebook Remarketing (https://www.facebook.com/about/privacy/)
Google Remarketing (http://www.google.com/settings/ads)
Optinmonster App (https://optinmonster.com/privacy/)
9. Social media plug-ins
We use social plug-ins for social media on our website based on Art. 6(1) sentence 1(f) GDPR. The underlying promotional aim is deemed a legitimate interest within the meaning of the GDPR. Responsibility for compliance with data protection rules lies with the particular provider concerned.
We currently use the following social media plug-ins: Twitter, Youtube, Instagram and Facebook. We apply the so-called two-click solution. This means that, in principle, when you visit our site no personal data will initially be forwarded to plug-in providers. You can identify the plug-in provider from the labels on the field, from its initial letters or logo. We give you an opportunity of communicating with the plug-in provider direct using the button. It is only if you click on the selected field and therefore activate it that the plug-in provider receives the information that you have accessed our online service website. The data referred to in paragraph
2.1 of this Privacy Statement is also transmitted. In the case of Facebook and Xing the IP address recorded is anonymised immediately as stated by the respective provider in Germany. By activating the plug-in, therefore, personal data is sent by you to the plug-in provider concerned and stored there (for USA providers in the USA). As the plug-in provider gathers data using cookies in particular we recommend that you delete all cookies via your browser security settings before clicking on the greyed-out field.
We do not have any influence on the data collected or data processing operations, nor are we made aware of the full extent of the data collection, the purpose of processing or retention periods. We do not hold any information on the deletion of gathered data by the plug-in provider either.
The plug-in provider stores the data collected about you as usage profiles and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. This kind of evaluation is especially undertaken (even for users not logged on) to present demand-oriented advertising and to inform other users of the social network of your activity on our website. You have the right to object to the creation of such user profiles although in order to exercise that right you have to turn to the respective plug-in provider. With plug-ins we give you an opportunity to interact with social media and other users so that we can improve our services and make things more interesting for you, the user. The legitimacy of our use of plug-ins is based on Art. 6(1) sentence 1(f) GDPR.
Data is transferred irrespective of whether you have an account with the plug-in provider and are logged on there. When you are logged on to the plug-in provider your data which we hold is allocated direct to your account with the plug-in provider. When you click on the activated button and link to the site, for example, the plug-in provider saves that information as well in your user account and openly informs your contacts. We recommend that after using a social network you generally log out, particularly before activating the button, as in this way you will be able to avoid allocation to your profile with the plug-in provider.
You can obtain further information on the purpose and scope of data collection and its processing by plug-in providers in the plug-in providers’ privacy statements detailed below. These also contain further information on your rights and setting options in that respect to protect your privacy.
Addresses of the respective plug-in providers and URL plus data protection notices:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084. Facebook has agreed to be bound by the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy and https://twitter.com/de/privacy#update. Twitter has agreed to be bound by the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; https://help.instagram.com/519522125107875?helpref=page_content and http://instagram.com/about/legal/privacy/
YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA; https://www.google.de/intl/de/policies/privacy/
10. Payment Processing:
Slainte Scotland (Clyde Coast Tourism Ltd) use a 3rd party to process payments – Fareharbor, Paypal and Trekksoft. We (Slainte Scotland and Clyde Coast Tourism) do not store any of your personal information directly and ask that you do not send any highly confidential information such as card details over email. If this does happen, it will immediately be deleted.
Please see the following links for each of our payment processors on how they hold your personal information:
Paypal – https://www.paypal.com/en/webapps/mpp/ua/privacy-full
FareHarbor – https://fareharbor.com/legal/privacy/
Trekksoft – https://www.trekksoft.com/en/privacy/
FreeAgent – https://www.freeagent.com/company/gdpr/
11. Validity and amendment of this Privacy Statement
This Privacy Statement is currently valid and dated May 2018. Due to the further development of our website and proposals or due to changes in the law or official rules and regulations it might become necessary to amend this Privacy Statement. We therefore recommend that you check this Privacy Statement at regular intervals.
Slàinte Scotland Tours
Slàinte Scotland, Clyde Coast Tourism Ltd
14 Crawfurd Street
Greenock, Inverclyde PA15 1LJ