1. Data Protection and Privacy
My Guide Costa Brava is part of the global My Guide Network of Online & Mobile travel guides.
For the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulation 2016/679 it is confirmed that the proprietor of the website located at https://www.myguidecostabrava.com (the "Website") is My Guide Network Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. United Kingdom ("My Guide").
2. Collection of Personal Data
The Website allows you to access and use a range of information relating to travel destinations, including information relating to businesses offering goods and services relating to travel or otherwise, and to access and use third party portals such as portals for searching for and booking services such as hotel accommodation, restaurants, car rentals, flights, entertainment tickets and other services.
My Guide may collect certain personal data from you via the Website if you choose to submit it. Personal data about you may also be collected by My Guide if you contact My Guide with queries or to request further information about the Website or any other matter.
The types of personal data which My Guide may collect from you in the ways referred to above when using the Website may include full name, gender, address, telephone numbers, e-mail address, demographic information and contact preferences.
My Guide does not store credit card details. Any transactions completed on third party websites are subject to their privacy policies and terms & conditions.
3. How we use your information
With your consent
My Guide may collect your personal data for the purpose of contacting you about queries you may have or information or materials which you may provide to My Guide via the Website. Specifically, My Guide may use your personal data to set up records for the provision of My Guide information to you. My Guide may also use your personal data to better understand who uses our Website and the pages they access so as to be able to improve the Website and the types of information and data provided to users in general via the Website from time to time.
In addition, from time to time, My Guide may also use your personal data to contact you for market research or user care survey purposes or to let you know about other websites and services My Guide may be able to provide to you, or to provide you with newsletters, details of special offers or similar. My Guide will always give you the opportunity to opt-out of such communications.
My Guide will ensure that your personal data will not be disclosed to other organisations, institutions and authorities unless specifically required by law.
Furthermore, My Guide will not collect information about you from other sources, such as public records or bodies, or private organisations.
You hereby agree to and authorise My Guide to use the personal data you provide to My Guide for the above purposes. If My Guide would like to use your personal data for a purpose other than those above, My Guide will request your permission first.
In our legitimate interest* to improve our services
Market research – to contact you (and others if their personal information is provided by you) to ask about the experience using our services as part of a continual programme of customer service improvement. This is not marketing communication and is separate to Marketing communications above.
Website customisation – to customise our website and its content to your particular preferences in accordance with the Cookies and Tracking section below
Customer support – monitor calls and help train staff in relation to our customer support and helpdesk function;
Product and service improvement – to improve our product and services;
Service analysis – to conduct research, statistical analysis and behavioral analysis. This may include providing aggregate statistical information relating to customers, sales, traffic patterns and related site information to reputable third parties.
In our legitimate interest* to protect against fraud
Website improvement and fraud prevention – improve our websites, prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf
* any reliance on legitimate interest shall not prejudice your interest or fundamental rights and freedoms.
4. Where your data is stored
We use a third-party service, White Label Technologies Ltd, who provide our CRM, Apps and booking website. They act as a data-processor on behalf of My Guide. All data collected via the My Guide website or APP is stored in their secure encrypted database servers hosted by Amazon Web Services, a company located in the Republic of Ireland. All AWS services comply with the General Data Protection Regulation (GDPR).
AWS has a long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5)
We also use a third-party email service, mailchimp.com, to manage our regular email communications to members and Mailchimp act as a data-processor on behalf of My Guide.
By submitting your personal data, you agree to this.
5. Keeping your data secure
Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit, however, to give users greater confidence the My Guide website is protected via a HTTPS connection, verified by SSL certificate, which provides encryption for data entered on the site. However, no data transmitted over the internet can be guaranteed to be 100% safe and My Guide do not accept liability for any data in transit and any data you send is at your own risk.
To protect your information, My Guide has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have proportionate and reasonable security measures in place. To achieve this, employees, contractors, sub-contractors and third party suppliers have contracts, with defined roles and responsibilities. While we take commercially reasonable measures to ensure the safety and security of your data, due to the inherent risks with the Internet, we are unable to warranty the absolute security of your data when using our services. In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right.
We will always take appropriate technical and organisational measures to protect personal information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing (including taking reasonable steps to ensure the reliability of employees who have access to personal information).
We have put in place internal procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
6. Data Retention
We retain your information for a range of purposes and will not be kept longer than necessary for the purpose. Data will be retained for 6 years however you may ask for this to be deleted in accordance with the Rights of the GDPR (see Right to be forgotten) by contacting us via firstname.lastname@example.org
7. Your Rights
Access to your data
At any point you can contact us to request details concerning the information we hold about you, why we have that information, who has access to the information and where we got the information. In most cases you may be entitled to copies of the information we hold concerning you. Once we have received your request we will respond within 30 days. Please submit a request via email@example.com
Update your data
If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated. Please submit a request via firstname.lastname@example.org
Right to be forgotten
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. Please submit a request via email@example.com
Object to processing & request restriction
You have the right to request that My Guide stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights. You have the right to request that we stop contacting you with direct marketing. On promotional emails we provide an ‘unsubscribe’ link at the top and bottom of the email which will unsubscribe you from that service. You can also unsubscribe by updating your subscriptions on your account on our website or via our unsubscribe link. If you wish to opt out with respect to more than one email address, you must complete a separate request for each email address. You have the right to request that we stop profiling you in relation to our direct marketing practice. You can inform us and we will deal with your request accordingly. You can make a complaint to us by contacting us via firstname.lastname@example.org or to the data protection supervisory authority – in the UK, this is the Information Commissioner’s Office, at https://ico.org.uk/.
You have the right to request that we transfer your data to you in a machine readable format. Once we have received your request, we will need to verify your identity and comply where it is feasible to do so. Please submit a request via email@example.com
Description of Cookies
Google Analytics - These cookies give us critical information about various pages on the websites and how our users interact with them. We use this information to improve the performance of our website and the information presented to users
Authentication - When you create an account with My Guide, these cookies allow the website to remember you in order present you with information that is directly relevant to you.
Functional - A set of cookies designed to deliver a smooth booking journey for you. We use these cookies to remember selected hotels, anything you may have already added to the basket etc. so you do not have to enter information more than once.
How to reject and delete Cookies
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
9. Changes to Policy
We may change this policy from time to time. You should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.
It is also important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
10. Governing Law
If you have any queries about this policy, need further information or wish to lodge a complaint you can use the details below to contact us.
DATA PROTECTION OFFICER
My Guide Network LTD
71-75 Shelton Street
Covent Garden, London, WC2H 9JQ
Telephone: +44 20 8133 1208