Bolsover Cruise Club Limited is a limited company incorporated in England & Wales with registration number 05729112 and whose registered office address is at 35 Sherwood Street, Warsop, Mansfield, Nottinghamshire, NG20 0JR (“Bolsover”).
Bolsover takes data protection very seriously, we are aware of our obligations under the General Data Protection Regulation and will look at minimisation opportunities and ways to limit the processing of your data where feasible. Confidentiality is very important and at the very core of our business.
Essentially, we will require such information as is necessary to enable us to provide you with the booking service you and your family seek from us. The information we process will include personal data and although unlikely to include special category personal data (also known as sensitive personal data), such data may be necessary given the nature of the booking service you seek for your party and yourself and it may be held by us in a paper and/or electronic format.
The information we process that is provided by you direct may include the following as well as any other information type that we expressly ask you to enter and submit to us:
The information collected automatically from you when you visit our websites or mobile applications includes:
We may use and disclose automatically collected information for any purpose, except where we are restricted by applicable law. If we combine any automatically collected information with personal information, the combined information will be treated by us as personal data.
We may also use aggregated information for any purpose, however, this information does not identify specific individuals and so is not personal data.
The legal basis for processing your personal data depends on the circumstances. The basis may be:
Our use of your personal data is subject to your instructions, the Data Protection Act, 1998, whilst applicable, the General Data Protection Regulation (GDPR) after 25 May 2018, any replacement legislation in force in the United Kingdom (data protection legislation) and our duty of confidentiality owed to you as our customer.
We use the information you provide primarily to provide travel and related services to you including:
However, we may also use it for other purposes including:
If you no longer wish us to communicate with you please write to our Data Protection Officer with the subject heading "No more contact" at Bolsover Cruise Club, 6 Lindrick Way, Chesterfield S43 4XE or by emailing our Data Protection Officer at datachanges@BolsoverCruiseClub.co.uk.
Under no circumstances will we sell your personal data to a third party. We will, however, share certain personal data with other service providers as part of the booking service being provided to you, e.g. cruise operators, associated providers and agents.
We will not transfer your personal data abroad without your explicit prior consent unless the booking you make, or require us to make for you, is based outside the UK. However, please be aware that countries outside the EEA will have different laws relating to the protection of personal data to that provided in the UK under the GDPR.
We will always ensure that we have appropriate contractual terms in place with all our Suppliers that comply with the General Data Protection Regulation.
We have robust information security management systems in place to ensure the safety, security, integrity and confidentiality of your personal data; we use a variety of data security measures intended to ensure the safety, security, integrity and confidentiality of your personal data. We are familiar with and shall at all times comply with the GDPR and other applicable data protection legislation.
Our IT systems, containing customer data, have rigorously audited technical controls to ensure the confidentiality and integrity of all information is maintained at all times. As a requisite of our Plastic Card Industry (PCI) Compliance, Vulnerability Testing and Penetration Testing is performed regularly by independent Third Parties. We are Cyber Essentials accredited.
A multiple firewall configuration is maintained in order to protect the network. The outer firewall protects the network from internet attack and the inner firewall segments the network for all devices within PCI scope.
Our website is hosted off site and therefore is not connected to our Network.
Direct client access to our database is not permitted. Client booking information and customer data recall is via an external web server using strict security control.
We maintain full security against virus and Malware attack using the latest Intel McAfee Virus scan Enterprise plus Antispyware Enterprise software deployed across our network.
GFI Plus software is similarly network-wide deployed to monitor PC and server events to detect any malicious activity and is monitored regularly.
We have CCTV cameras in operation monitoring the exterior of our Head Office building. We also have a static camera to enable us to view, but not record, the activity inside our Meadowhall store. We display notices to make it clear that these areas are subject to surveillance.
We will only release footage where there is a legal obligation, to protect the vital interests of a data subject or another person. Processing is necessary for the purposes of our legitimate interests and may be overridden by the interests or fundamental rights and freedoms of data subjects especially where the data subject is a child.
We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and the safety of visitors and staff.
CCTV recordings are kept for a period of 28 days before they are recorded over.
Cookies are text files placed on your computer to collect standard internet and visitor behaviour information. The information is used to track visitor use of our website and for statistics compiled on website activity. For more information visit: www.allaboutcookies.org .
We do record our telephone calls to ensure service levels, for training and to aid resolving complaints/disputes. Credit card details are not recorded for PCI compliancy.
Our Data Protection Officer is Claire Rogers, and she can be contacted by email at datachanges@BolsoverCruiseClub.co.uk or you can write to her at Bolsover Cruise Club, 6 Lindrick Way, Chesterfield, S43 4XE
We have a Data Retention & Destruction Policy and in terms of that policy we destroy personal data after 7 years of booking inactivity, but reserve the right to do so earlier if we deem it appropriate. However, we also reserve the right in certain circumstances to hold your data for longer than 7 years, but in such event, it will not be accessible except in a secure retrieval process prescribed in our policies and procedures. In the event of us retaining your personal data for in excess of 7 years, we also reserve the right to securely delete some of your personal data that we do not regard as necessary to retain (minimisation) in the circumstances.
You may complain about our conduct in relation to data protection matters to the regulator of data protection in the UK, The Information Commissioner, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephoning them on 0303 123 1113.
If you have any questions about our Privacy Statement or want to exercise your rights under the data protection legislation to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or object to the processing on legitimate grounds, please contact us with the subject heading “Data Privacy” to datachanges@BolsoverCruiseClub.co.uk or send a signed letter addressed to Claire Rogers, Data Protection Officer, Bolsover Cruise Club, 6 Lindrick Way, Chesterfield S43 4XE.
We may change this Statement from time-to-time.
Date: May 2018