Privacy Notice

This notice applies to Mulag House website

Mulag House is a family run bed and breakfast based in Ardvourlie, Isle of Harris, HS3 3AB. All significant decisions about data processing and policy implementation will be made using UK GDPR (General Data Protection Regulation). This notice is set out to help you understand the types of data that we collect from you, and how that data is used and managed.

Commitment

Mulag House is committed to protecting the privacy and security of your personal data. We continually monitor compliance through implementing policies & procedures to safeguard data and by setting regular reviews to manage these policies and procedures.

Information we collect.

  • Name
  • Email

Data Controller

In accordance with ICO (Information Commissioners Office) requirements of Data Controllers (the main decision maker when it comes to how people’s personal information is managed), Mulag House is registered with the Information Commissioners Office (ZB784369)When you are using our website, Mulag House is the Data Controller.

Personal data is information about you and from which you can be identified. Most of the personal
information we process is provided to us directly by you. Data collection can be through a variety of
channels, including by telephone, email, via our website or on site and via third parties. We may collect the following information: –

  • Address
  • Contact Number
  • Allergy information for guests dining with us
  • External CCTV images (grounds surrounding Mulag House)

How we use your information & our Lawful Basis

Mulag House will only process personal data where we have a lawful basis for doing so. The legal grounds for processing data will depend on the purpose of the data collected and its processing requirements. Under UK GDPR, there are six available lawful basis, namely: Consent, Contract, Legal Obligation, Vital Interests, Public Task, and Legitimate Interests.

Our lawful bases for collecting or using your personal information are: –

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have theright to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out acontract with you. All of your data protection rights may apply except the right to object.

We collect, process and store personal data for the following purposes: –

  • Confirming, amending or cancelling a booking
  • Contacting you in response to a request you have made
  • Following up to ensure everything was as per your requirements
  • Storing your details securely in order to provide you with seamless service for repeatbusiness
  • Informing you of a change to our policies or any issues with a service/facility

Privacy Notice

  • Address any claims made against us; for example, we may share details of our accident logs with our insurers in connection with any claim made or likely to be made against us in connection with legal proceedings (i.e., the establishment, exercise, or defence of legal claims)
  • Comply with any legal or regulatory obligation.
  • We use CCTV to help us manage arrivals and departures, ensuring smooth operations andenhancing the safety and security of our guests and property
  • We may be required to share CCTV footage as part of a legal investigation with the police

How we protect your personal data

We know how much data security matters to all our clients. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. All significant decisions about data processing and policy implementation will be made using UK GDPR. We take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.

Website

Mulag House collects personal data from web forms submitted by individuals requesting information in the form of general enquiries or to make a booking. This comprises the name, phone number, email address, subject & message of the person making the enquiry.

3rd Parties

Our website contains a link to Airbnb. This privacy policy applies only to our website‚ so we encourage you to read the privacy statement on Airbnb (Airbnb Privacy – Airbnb Help Centre). We cannot be responsible for the privacy policies and practices of Airbnb even if you access them using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Payment data

A high number of our bookings are made through Airbnb, where payments are handled directly by Airbnb. For guests who book with us directly, we accept payment via bank transfer or cash on arrival. Since these payments are processed outside of third-party platforms, personal data collected in the process is limited to name address and any reference used by you when making the electronic transfer.

The Principles

Whether we are acting as a data controller or processor we continue to apply the UK GDPR principles to all personal & sensitive data that we hold, or process and these principles lie at the heart of our approach to processing personal data.

1) Processed lawfully, fairly and in a transparent manner in relation to individuals.

2) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.

3) Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Privacy Notice

4) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay.

5) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the UK GDPR in order to safeguard the rights and freedoms of individuals.

6) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Protecting your personal information

We will continue to look for new ways to protect data. We have effective processes and procedures in place to be able to detect, investigate, risk assess and record incidents and breaches. However, in the event of a data breach we will notify the ICO (Information Commissioners Office) within 72 hours of becoming aware of the breach as well as taking steps to inform any individuals affected. Where we do not yet have all the relevant details we will notify the ICO, if required, when we expect to have the results of the investigation. We use the ICO guidance framework on managing a security breach to guide us.

International

All significant decisions about data processing and policy implementation will be made using UK GDPR. As part of the services offered to you the information which you provide to us will not be transferred to countries outside the UK. Our servers are Located inside the UK. If we have a requirement to transfer your information outside of the UK in any way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.

Your data protection rights.

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Contact Us

Privacy Notice

Mulag House
Ardvourlie
Isle of Harris
HS3 3AB
01859502107 
amanda@mulaghouse.com

Regulatory Information

Further information around your rights can be found at https://ico.org.uk/your-data-matters

The ICO’s address:

Information Commissioner’s Office Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF