Privacy policy
FUZZY DUCK (ARMSCOTE) LIMITED
This Privacy Policy is provided by Fuzzy Duck (Armscote) Limited ("Fuzzy Duck", "we", "us", or "our"), whose registered office is at Acre House, 11/15 William Road, London, NW1 3ER. We are a 'controller' for the purposes of the Data Protection Act 2018 and the DDPEC (EU Exit) Regulations 2019 (UK GDPR) (collectively the "Data Protection Laws"). This Privacy Policy applies to the personal data we collect in relation to responding to enquiries you send us and arranging your bookings at Fuzzy Duck.
We take your privacy very seriously and ask that you read this Privacy Policy carefully as it contains important information about our processing and your rights.
HOW TO CONTACT US
If you would like this Privacy Policy in another format (for example: audio, large print, braille) please contact us at info@fuzzyduckarmscote.com.
The latest version of the Privacy Policy can be found here https://fuzzyduckarmscote.com/privacy-policy. We may change this Privacy Policy from time to time.
Current version: April 2022
WHAT PERSONAL DATA DO WE COLLECT?
Website Visitors - If you are just browsing our website (fuzzyduckarmscote.com) we only collect data as outlined in our Cookie Policy.
Booking – We process your name, email address and telephone number and your booking related information (dates of bookings, deposit information, room preference, vehicle registration, age of members of party for birthday party bookings, seating plan, voucher codes) to arrange and fulfil your booking with us (which you make through an external booking platform). Our lawful grounds for processing this personal data is to fulfil a contract between us.
The personal data may include information about disabled access or dietary requirements which we use with your consent. If you give us information on behalf of someone else, you confirm that the other person has agreed that you can.
Payment – payment is collected electronically by Stripe. We will hold copies of payment receipts and the final transaction value.
WHY DO WE PROCESS YOUR PERSONAL DATA, HOW IS IT LAWFUL AND HOW LONG DO WE KEEP IT FOR?
Booking - The legal basis we rely on for managing the administration of guests in our accommodation or restaurant is to fulfil a contract between us.
Cookie data – the legal basis for using data collected for these purposes is for our legitimate interests i.e. we have good, sensible, practical reasons for processing your personal data which is in our interest. In this case, we use information collected on our website to improve it and the customer journey. We have considered the impact on your interests and rights,and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. You can object to any of the processing that we carry out on the grounds of legitimate interests (see the section “Your Rights” to find out how).
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
Booking – We keep your personal data for six years after your visit. Financial records such as payment receipts are kept for seven years for tax and accounting purposes.
WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?
For key IT services such as website hosting, we use our parent company, Baylis & Harding plc, as our provider acting as our processor. We use other external providers that process your personal data as part of the services which they offer to us (such as email service providers). We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the "How to contact us" section.
Bookings are made on our behalf by our partners, Booking.com and Book a Table. The partners pass your booking details to us and we reconfirm it back to them once the booking has been fulfilled.
We use Microsoft Office software which might mean that your personal data is transferred to the US and other countries outside the UK and the European Economic Area but the personal data is protected by the EU Standard Contractual Clauses and UK International Data Transfer Agreement terms.
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
YOUR RIGHTS
As a data subject, you have the following rights under the Data Protection Laws:
Right to object to processing of your personal data;
Right of access to personal data relating to you;
Right to correct any mistakes in your information;
Right to prevent your personal data being processed;
Right to have your personal data ported to another controller; and
Right to erasure.
Some of these rights are qualified and do not apply in certain circumstances.
Rights in relation to automated decision making do not apply as we do not carry out any automated decision making.
To exercise your rights, contact us using the details given in the 'How to Contact Us' section.
If you do not think that we have processed their data in accordance with this notice, you should let us know as soon as possible. You can also complain to the ICO, the UK data protection regulator. Information about how to do this is available on its website at www.ico.org.uk.