Privacy Policy2018-05-23T12:55:02+00:00

PRIVACY POLICY

Toby&Kate McCartney Ltd respect your privacy and is committed to protecting the personal information you share with us. Your privacy is important to us, please read the following to fully understand our online privacy policy. This Privacy and Cookie Policy describes how we collect, use, share, store or otherwise process the information we hold about you.

Your personal information allows us to provide the products and services you have asked for, as well as enabling us to improve those products and services by understanding your interests and preferences. By understanding what you like (and what you don’t) we are able to personalise your course, show relevant adverts and improve your course.

WHO WE ARE

Toby&Kate McCartney Ltd (“we”, “our”, “us”) is the data controller

 

LEGAL BASIS FOR USING YOUR INFORMATION

All organisations need a legal reason to use your personal information. We are conscious of our legal responsibilities as a “data controller” and we shall endeavour to ensure that the personal information we obtain and use will always be held, used, transferred and otherwise processed in accordance with our legal obligations. If we don’t have a reason, we can’t use your personal information. There are a number of legal grounds that enable data processing. It’s quite complicated but below are the most relevant grounds you should be aware of.

1. With your consent (C)

There are some activities where we process personal information with your consent and whenever possible we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies. You may withdraw your consent at any time by emailing info@tobyandkatemccartney.com

However, if you do so, we may not be able to provide the product or service you have requested.  For example, where we want to send you marketing messages by email, we would first ask your permission to opt-in. If you opt-in, you may request to opt-out at any time. We will indicate in the Policy where we rely on consent.

2. To fulfil a contract (A)

We also process your personal information in order to fulfil a contract we have with you. For example, when you book a course with us, we will process your information to administer that course.

3. For a legitimate interest (LI)

Sometimes we may use your information to help achieve our business objectives but only where that activity doesn’t negatively affect your rights. For example, we might use your information to analyse occupancy rates of our courses and adjust course rates.

 

WHAT INFORMATION DO WE COLLECT?

When you interact with our products and services we collect information about you and that particular interaction. Generally this may include:

  • Your personal details
  • Contact information, and preferences
  • Sensitive information, for example when you tell us about dietary requirements, and/or disabilities
  • Information about your use of our courses, and other services when you work with us
  • Images of you during the courses, such as when we take a group photograph at the end of many of the training courses. You can always ask to not be included in this images
  • Conversations you have when you call our office (these are not recorded but we might take and record notes if it helps us manage your booking)
  • Information about anyone you’re travelling with or meeting, if that information is provided to us
  • Information about the devices you use to interact with us
  • Where you provide information to us about other people, you need to make sure you have their permission to do so.

Privacy Policy on sensitive data

In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin, physical or mental health, or religious beliefs. Such information is considered “sensitive personal data” under GDPR and other data protection laws. We only collect this information where you have given your explicit consent, it is necessary, or you have deliberately made it public.

For example, we may collect this information in the following circumstances:

  • If you request special assistance during a course, this could reveal information about your health (for example if you ask for a wheelchair). If you inform us about specific dietary requirements you may have, this could potentially indicate that you have specific religious beliefs or food intolerance or allergies. Also, when you provide us with your travel document details, your nationality may imply your racial or ethnic origin.

By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Policy.

If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us.

 

WHEN AND HOW WE COLLECT YOUR INFORMATION?

We collect information you provide to us directly and indirectly when interacting with our products and services, including when you book any course with us.

  1. You provide information directly to us

This may include when you:

  • Book a course online, over email or on the phone
  • Create, use or manage an online account
  • Sign up to our loyalty programmes
  • Visit our website or use our apps
  • Fill out our online forms
  • Visit our courses
  • Access courses on the internet
  • Use social media pages
  • Interact with us in online forums, by email, text, or on social media
  • Post reviews of your course or interaction with us
  • Complete our market research/customer surveys
  • Enter competitions or promotions
  • Requests, complaints and/or disputes
  1. You provide information via our processors

There may be situations where we use data processors – companies who act on our behalf – to collect your information for us. These processors can only use your information in accordance with our instructions and for the purposes in this Policy.

  1. You provide information via our websites

We also receive information about you indirectly when you interact with us. For example, when you visit our websites or use our apps the devices you use may provide us with your general location (like which country or region you’re in), if you are using ad-blockers, and your IP address. We may also receive information from cookies and other technologies that are on your device or browser. For more information on our use of cookies, please see the section on cookies.

HOW WE USE YOUR PERSONAL INFORMATION

The reason we use your information will often be obvious from the way you interact with us. For example, if you book a course, we would use that information to administer your course with us. However, our uses of your information may not always be so obvious. You can find out more below. When you provide your information to us, we may use it to:

Use of Personal Information

Legal basis for processing (Where there is more than one, the exact grounds will depend on the activity – Click links to see the section above for an explanation of each)

  • Provide you with the products and services you have requested, including administering your booking, responding to any enquiries, complaints or requests you may have CLIA
  • To manage our relationship with you CLIA
  • Allow you to participate in loyalty programmes CLIA
  • Send you market research surveys CLI
  • Tailor our service to your preferences, where you tell us about them CLIA
  • Make decisions about what direct marketing to show you based on how you have interacted with us LI
  • Improve our products and services online and offline, including our websites and apps LI
  • Allow you to interact with us online and offline, in forums, on social media and elsewhere CLIA
  • Monitor the use of our products and services and content LILO
  • Verify your identity LIA
  • Conduct analysis, system testing and statistical research LILO
  • Comply with legal obligations on us LILO
  • Detect ad blockers and other technologies that affect the services we provide CLIA
  • Manage our courses efficiency, including regulating the use of hotel refreshments
  • Send you product or service related communications, service messages CLIALO
  • Send you direct marketing, where you have consented CLI
  • Allow social sharing functionality CLIA
  • Conduct data matching and audience insight activities LI
  • Detect ad blockers LI
  • Ensure the acceptable use of our services LILO
  • Facilitate payments CLIALO
  • Facilitate the restructuring or sale of all or part of our business CLIALO
  • Investigate and respond to disputes CLILO
  • Provide you with help and support where it may be required. For example, we contact you to provide assistance if you do not complete the booking process or course technical difficulties, where we have your contact details LIA

(C) With your consent

There are some activities where we process personal information with your consent and whenever possible we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our use of cookies. You may withdraw your consent at any time by emailinginfo@Toby&KateMcCartney.com However, if you do so, we may not be able to provide the product or service you have requested. For example, where we want to send you marketing messages by email, we would first ask your permission to opt-in. If you opt-in, you may request to opt-out at any time. We will indicate in the Policy where we rely on consent.

(A) To fulfil a contract

We also process your personal information in order to fulfil a contract we have with you. For example, when you book a course with us, we will process your information to administer that course.

(LI) For a legitimate interest

Sometimes we may use your information to help achieve our business objectives but only where that activity doesn’t negatively affect your rights. For example, we might use your information to analyse occupancy rates of our courses and adjust course rates.

(LO) To comply with legal obligations

Further Information on how we use your information. We sometimes use your information for reasons that we think you might want a bit more detail on, so to help we have added more information to these below. There may be situations where we need to use your information to comply with legal obligations.

DIRECT MARKETING

In addition to sending you information about the products and services you use (product communications) and in-life communications while you work with us, where we have your permission we may send you direct marketing communications about our products, services, events and offers, as well as those of our other students that we think you’ll be interested in.

Direct marketing communications may be sent by post, email, telephone, SMS and MMS, through social media (such as Whatsapp, Instagram, Twitter, and Facebook), messages including push notifications to your mobile devices, and via other electronic means such as when you visit our websites or use our apps. This may also include any websites and apps of our partners who are in our advertising networks.

We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have used one of our products or services.

You will be able to opt-out of direct marketing by following the instructions in the communications you receive or changing your device settings. Alternatively, where you have an account with us, you will be able to log-in and change your marketing preferences.

Product related communications and in-life updates

We may use your information to send you newsletters, bulletins, and other in-life communications (about your course), and triggered communications where you make changes to your account or other information about products and services you have signed up for.

For example, we may send you email or text messages about an upcoming course with us in order to help you plan your visit and give you the best course possible. You’ll be able to opt-out of these.

Service communications will be sent to you regarding products and services you interact with. These are important messages relating to the products and services we provide to you.

ANALYSIS AND PRODUCT DEVELOPMENT

We may use your information to improve the products and services we offer. For example, we may look at the preferences our students have to offer other students comparable opportunities.

PROTECTION OF PERSONAL DATA

Toby&Kate McCartney Ltd strive to protect the privacy of the information that you share with us. We have undertaken reasonable efforts to implement security measures designed to protect all data we collect against unauthorised access. We utilise the industry standard security measures available through your browser, so that it is unlikely that your information can be read as it travels over the Internet.

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, although we strive to protect your information, we cannot ensure or warrant the security of the information that you submit to us via the Site and you do so at your own risk. We also implement measures to protect your personal information off-line.

 

PAYMENTS

Your information may be used to take payment for products that you have agreed to.

 

DISCLOSURES REQUIRED BY LAW

Your information will be disclosed where we are obliged by law to do so. We may also disclose your information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.

 

ACCEPTABLE USAGE

If you post or send offensive or inappropriate content anywhere on or to any of our websites or apps, or otherwise engage in disruptive behaviour on any of our websites or apps, we may use the information that is available to us about you to stop such behaviour. This may involve responding to or informing relevant third parties and law enforcement agencies about the content and your behaviour.

DATA TRANSFERS

When you complete our registration forms or use our services, we may transfer your information to our processors – companies that carry out activities on our behalf, only on our instructions – outside the European Economic Area (EEA) to countries that may not have data protection rules that provide the same level of protection to your personal information as countries in the EEA. However, we will only transfer your information if we have appropriate measures in place to ensure the protection of your information in accordance with applicable data protection legislation.

When you give us information about other individuals, you confirm that you have authority to act for them and have made them aware of the potential transfer of their information outside the EEA.

 

HOW WE SHARE YOUR PERSONAL INFORMATION

Where you provide your information to us we may share it with our group companies and affiliates, advertising networks and partners, commercial partners, and sharing with our suppliers.

What sharing takes place will depend on the activity that your information is being used for. Your information will only be shared and used in accordance with this Policy and where an agreement is in place to ensure that your information is protected. We won’t sell your personal information without your consent

  1. Sharing with advertising partners

When you visit our websites or apps we may pass information about you and any devices you are using to our advertising network partners to enable them to deliver relevant adverts and tell advertisers that adverts have been delivered and seen.

  1. Sharing with our processors

There may be situations where we use data processor companies who act on our behalf to process your information for us. These processors can only use your information in accordance with our instructions and for the purposes in this Policy.

  1. Sharing with commercial partners

We may share your information with third parties for their own purposes, including direct marketing, where we have told you about this and you have given permission. As above, this may include sharing information with owners of courses businesses we manage and/or to whom we have licensed a brand and/or courses systems.

  1. Sale of our business

If we restructure or sell all or part of our business or business operations, we may transfer your information as part of that activity, including, but not limited to, where we transfer or cease to manage (or license the use of a brand) . Where this is the case your information will be used in accordance with this Policy unless you are notified otherwise.

 

ACCESS AND CONTROL

  1. Updating your information

If you have an online account with us, please ensure that the information you provide (e.g. any contact information) is correct and that you review and update it regularly. Alternatively, you can tell us that your information has changed and we will update it for you.

  1. Controlling direct marketing

A customer may allow Toby&Kate McCartney Ltd to provide them with information about products and services that Toby&Kate McCartney Ltd, or third parties that Toby&Kate McCartney Ltd have selected, which may be of interest to them. Toby&Kate McCartney Ltd will only do this where a customer has agreed to receive such information. You agree to receive marketing information:

  • From Toby&Kate McCartney Ltd about our products and services by choosing not to opt-out on your registration form for a Toby&Kate McCartney Ltd website or service.
  • From Toby&Kate McCartney Ltd about similar products and services where you provide your details in the course of purchase or negotiations for the purchase of a product or service.
  • From third parties about their products and services by choosing to opt-in on your registration form for a Toby&Kate McCartney Ltd website or service.
  1. Controlling other communications

You can control the communications you receive from us, such as product related communications, by logging into your account, by following the instructions in any relevant communication.

  1. Controlling profiling

If you would like to opt-out of profiling, you can do this in your account preferences or by contacting us using the details below or by updating your preferences in your account, where this feature is available.

RIGHTS IN RELATION TO YOUR INFORMATION

  1. Your rights

Under GDPR, you may have the right to object, erase, or restrict our processing of your information – for example, where we process your personal information because this is in our legitimate interests, you may object to this. We will carefully consider your request as there may be circumstances which require us to, or allow us to, continue processing your data.

The request must be in writing and must contain the following:

  • Your name and postal address.
  • Details of your request.
  • Any details which may help us locate the information which is the subject of your request, for example:
  1. Booking information and dates.

You must also provide:

  • Your signature and the date of the request.
  • If you are applying on behalf of another person then signed authority from the individual or the organisation is required.

Please send your request to:

Data Protection Officer

Toby&Kate McCartney Ltd

The Barn at Ashyards, Eaglesfield, Lockerbie, DG11 3PP

  1. Personal information from Children

We do not provide services to children, nor do we market to children. We do not knowingly collect personally identifiable information from children under 18 without permission from a parent or guardian. If you are a parent or legal guardians and think that your child under 18 has given us information, you can contact us at info@tobyandkatemccartney.com

  1. GDPR – The fees to access the personal data

We must provide a copy of the requested information free of charge. However, we can charge the requestor a ‘reasonable fee’ when a request is manifestly unfounded, mischievous, vexatious, specious or excessive, particularly if it is repetitive.

We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we can charge for all subsequent access requests.

The fee will be based on the administrative cost of providing the information.

  1. Complaining to the regulator

If you have any comments, concerns or complaints about our usage of your information we would ask that you contact us first, so that we can try and resolve any matter. However, where we are unable to assist, you are able to complain to the Information Commissioner’s Office in the United Kingdom or the data protection regulator in your country of residence, who will be able to liaise with the UK Information Commissioner in the UK.

  1. Retention of your information

We will retain your information for as long as necessary for the uses set out in this Policy or while there is a legitimate business reason for doing so. We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed. If you ask us to delete your information before this time, we may not be able to do so for technical, legal, regulatory or contractual constraints. For example, where you wish to be suppressed from direct marketing, we would need to retain your information for this purpose.

Where you ask for your account to be closed, we will do this as soon as possible subject to any terms and conditions relating to the account. Your information will be retained in order to comply with legal and regulatory obligations as well as for analysis, to prevent fraud, collect any monies owed, and to resolve disputes.

 

COOKIES AND SIMILAR TECHNOLOGIES

Introduction

We use cookies to help improve our websites in a variety of different ways. Including collecting contextual information about your visit to the site to enhance functionality and user course.

What are cookies?

Cookies are small text files placed on your devices when you visit websites via internet browsers. Our use of cookies is to primarily help enhance your user experience and improve the efficiency of our website. In order to make purchases on our website you will need to enable cookies.

What cookies do we use?

  1. Essential cookies

These make our websites work. They remember what dates you want to study with us, what sort of course you want and that you are logged in to your account. They also allow us to collect information about your use of our websites and apps, enabling us to improve the way they work. Analytics cookies also allow us to see if there are any technical issues on our websites and if you are experiencing any issues using our websites. They also allow us to look at usage statistics and performance.

We use Google Analytics to help us understand how you use our services. For more information on Google Analytics, please visit Google’s website.

  1. Functional cookies

These cookies collect information about the language you have requested the site display content in, remembering your username so you can log-in more quickly, text size, location you are in and generally allow us to customise your course. Nobody likes having to repeat themselves and these cookies help with that.

  1. Tracking and advertising cookies and similar technologies

We use these types of cookies and similar technologies to provide adverts that we think may be more relevant to your interests. This can be based on your browsing activity and is known as Online Behavioural Advertising or OBA. Cookies are placed on your browser, which remembers what websites you’ve been to. Advertising based on what you have been viewing is then displayed.

  1. Web beacons and tracking pixels

These technologies help us to count users on a web page, and see if a cookie has been activated. They allow us to see how popular content is and if an email has been delivered to a recipient, opened and links clicked on. We use this information to track how successful campaigns have been.

  1. Flash cookies

Sometimes we may use flash players to deliver special content, such as video clips. This uses Local Shared Objects or flash cookies to remember settings.

  1. Device Fingerprinting

Sometimes we may use a device’s browser information to identify that device, conduct analysis, help detect and prevent fraud and present content correctly.

What other purposes do cookies and similar technologies are used for:

  • Allow you access to our websites;
  • Permit your internet connection to our websites;
  • Allow our servers to record information about your device (such as IP address, browser type, location, hardware and software information;
  • Collect unique device identifier (UDID), geo-location and other transactional data to validate free trials when you use a mobile device;
  • Assess content usage;
  • Provide relevant content;
  • Sell third party advertising and enable frequency capping;

Managing cookies

You can change your cookie settings very easily in your browser settings. However, you need to be careful about restricting the use of cookies, as they may prevent the websites you visit from working as they were intended.

How to delete cookies?

Deleting your cookie settings is also relatively easy but the process does differ between browsers. Here’s how to delete cookies in the most popular browsers.

You can find this and further information about cookies at http://www.aboutcookies.org

You can also control which companies set cookies on your devices by visiting the following pages. Please note that you will need to turn off any ad blockers or privacy tools to see what cookies are being set:

  1. Internet Advertising Bureau (IAB)

Your Online Choices is an industry programme that allows you to control which companies can set cookies and show you advertising. It provides you an easy way of opting out several advertising networks.

  1. The Network Advertising Initiative control page

This control page also allows you to control OBA from the advertising networks they represent.

  1. The Digital Advertising Alliance’s control page

This control page also allows you to control cookies.

It is important to remember that these schemes use cookies to remember that you have opted-out of cookies being placed on your browsers. If you clear your cache, the opt-outs will be forgotten and you will have to opt-out again.

You can stop web beacons being set, although you cannot decline receiving them in emails. For information about managing these, please visit https://ico.org.uk/for-the-public/online/cookies/

CHANGES TO OUR PRIVACY AND COOKIE POLICY

From time to time we may make changes to this Policy. This might be in relation to changes in the law, best practice, changes to the services we provide or collection and use of your personal information. We will always display clearly when the Policy was last updated and where appropriate, notify you of any relevant changes.

CONTACT

If you would like to get in touch with us, please contact

  • By Email: info@tobyandkatemccartney.com
  • By Post: The Data Protection Officer, Toby&Kate McCartney Ltd, The Barn at Ashyards, Eaglesfield, Lockerbie, DG11 3PP.

 

LAST UPDATED

  • This policy was last updated on 23 May 2018