Initial Policy: 5th March 2020
Compliance Stage: GDPR 1
Data Controller: Andrew Rice
Data Processor: The Dunster Tourism Forum, Lucy Green
Data Protection Officer: David Oxendale
For the purposes of this policy, The Dunster Tourism Forum defines the term “User” as an entity with which The Dunster Tourism Forum has an established relationship, and the term “Visitor” as an individual that visits our front-end website (for example www.discoverdunster.info)
Any information stored by The Dunster Tourism Forum is treated as confidential. All information is stored securely and is accessed by authorised personnel only. The Dunster Tourism Forum implements and maintains appropriate technical, security and organisational measures to protect Personal Data against unauthorised or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
2. Collection and use
The following sections cover the specifics of each of the two groups from which data is collected: website Visitors and Users.
2.2 Website Visitors
By visiting our website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website.
As required by applicable law (in the EU, GDPR), we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the full use of this website may not be possible.
If you provide The Dunster Tourism Forum with your social media details, The Dunster Tourism Forum may retrieve publicly available information about you from social media, however this information is not routinely captured for usage by ourselves except in messaging conversations required solely to deliver our service.
Personal Data which may be captured from social media (but not used by ourselves) could comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in The Dunster Tourism Forum products, and certain information about the company you are working for (company name and address), as well as information as to the type of relationship that exists between The Dunster Tourism Forum and yourself.
The Dunster Tourism Forum gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or patterns of visits. Anonymised data may be used for analytical purposes by an approved third-party agent who also complies with local regulations as detailed in 2.2.2 below.
2.2.1 Purpose of processing personal data
The Dunster Tourism Forum uses the collected data to communicate with Visitors, to customise content for Visitors, to show ads on other websites to Visitors, and to improve its website by analysing how Visitors navigate its website.
2.2.2 Sharing personal data
The Dunster Tourism Forum may also share such information with similarly compliant service vendors or contractors in order to provide a requested service or transaction or in order to analyse the Visitor behaviour on its website.
Cookies are small pieces of information sent by a website to a Visitor’s hard disk. Cookies cannot be used to run programs or deliver viruses to your computer. By continuing to visit the website, you agree to the placement of cookies on your device. If you choose not to accept our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be.
2.2.4 Links to other sites
In order to provide services to its Users, The Dunster Tourism Forum collects certain types of data from them. Data entered or transferred into The Dunster Tourism Forum by Users such as texts, questions, contacts, media files, etc., remains the property of the User and may not be shared with a third party by The Dunster Tourism Forum without express consent from the User.
2.3.2 Collection of User data
We collect no user registration content from Visitors.
2.3.3 Geographical location
The Dunster Tourism Forum operates in a number of data regions. A The Dunster Tourism Forum “Data Region” is a set of data centres located within a defined geographical area where User data is stored. At date of compliance, The Dunster Tourism Forum, all Users are processed within the European Data Region (EU).
2.3.4 Processing in the European Economic Area (EEA)
For Users with accounts located in The Dunster Tourism Forum’ European Data Region, all processing of Personal Data is performed in accordance with the Directive and local legislation of Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and The Dunster Tourism Forum processing will take place in accordance with the GDPR.
The Dunster Tourism Forum processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR:
The The Dunster Tourism Forum entity which you as a User entered an agreement with when using The Dunster Tourism Forum’ platform, will be the Controller for User data, as outlined above in “Collection of User data” section.
The Dunster Tourism Forum adheres to the GDPR from May 25th, 2018 and is noted as Compliant at 29 February 2020. Consequently, The Dunster Tourism Forum processes all data provided by its Users with accounts in its European Data Region, in the European Economic Area (EU) only.
Moonfruit hosting is performed in accordance with the highest security regulations and secure encryption.
All transfers of data internally within the EU is carried out in accordance with this data processing agreement.
3. Retention and deletion
The Dunster Tourism Forum will not retain data longer than is necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations. Any Subscribers to The Dunster Tourism Forum marketing services will be regularly contacted to provide options to opt-out of receiving news and information.
The Dunster Tourism Forum will retain the contact data of members and prospective members to provide marketing and situation updates. If any participant within this group wishes for their contact details to be deleted, it will be their responsibility to notify a member of the management committee or the data protection officer.
4. Acceptance of these Conditions
5. Our Legal Obligation to Disclose Personal Information
We will reveal a user’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to The Dunster Tourism Forum or to others who could be harmed by the User’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required.
6. Data Protection Officer
The Dunster Tourism Forum have an external ‘Data Protection Officer’ who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:
•The Dunster Tourism Forum DPO: David Oxendale, 21 High Street, Dunster. TA24 6SF.
•Email: [email protected]
7. For Further Information
If you have any further questions regarding the data The Dunster Tourism Forum collects, or how we use it, then please feel free to contact us by email at: [email protected]