Edinburgh Tourism Action Group Limited takes seriously each individual’s right to personal privacy. We collect and use information through our website only in the ways disclosed in this statement. We hope the following statement will help you understand how Edinburgh Tourism Action Group Limited collects, uses and safeguards the personal information you provide to us on our website, or if you share information when corresponding with us or when we work with you.
This policy is updated from time to time so you should check this page regularly to ensure you are happy with the changes.
If you have any questions about this policy or would like further information on the data we hold about you, please email firstname.lastname@example.org
We will never sell or share your personal data.
Who We Are
Edinburgh Tourism Action Group Limited is a limited company, registered in Scotland, delivering a range of tourism development activity. Our company registration number is SC546437 and our registered office is C/o Scottish Enterprise, Apex House, 99 Haymarket Terrace, Edinburgh EH12 5HD.
Edinburgh Tourism Action Group Limited collects information throughout the website at several points. We collect the following general data that is not personally identifiable information: browser information; country/ geographical information; pages visited and files downloaded.
We collect information through registration forms. The information which is entered through our Contact Form is sent to Etag.org.uk via email and the information that is collected through event registration is stored within Eventbrite and accessed via protected password. The information which is entered through our Mailing List pages is stored in Mailchimp, accessed via protected password.
Edinburgh Tourism Action Group Limited and Personal Data
Personal data is any data which may identify you, or be identified as relating to you. For example, your name, address, phone number and email address.
We will only collect personal data that we need to allow us to conduct our business, maintain our own records and accounts, and to deliver the projects and services that our clients and partners have commissioned or contracted us to deliver.
You may provide personal data to us when you submit a contact form on our website, when you contact us by phone or email, or when you commission us to deliver a project or deliver you. Personal data may include names, postal or email addresses, phone numbers, photographs, project documentation, usernames, passwords, databases, financial information (i.e. bank account details for billing or integration of third party payment services), or other potentially sensitive information.
In addition, we may record information about your visit to our website, such as pages viewed, length of visit and any search terms you use, in order to improve our website and offer a better user experience.
How we use Personal Data
We will only use your personal data on relevant lawful grounds, as permitted by the EU General Data Protection Regulations (GDPR 2018) and the UK Data Protection Act (1998) and Privacy of Electronic Communication Regulations.
Personal data provided to us will be used for the purposes of carrying out our core business, and keeping our contacts up to date with important information related to the services we provide for them.
In addition, we are required by law to keep accurate and up to date accounts of our business transactions. When you work with us, you may be added to our accounting system.
If you are contracted or employed to work with us, we will ask you for personal data, perhaps including ‘sensitive personal data’. Such data may include contact information, health information or information relating to criminal convictions. We have responsibilities which arise from our contract of employment with staff members, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring.
Disclosure of Personal Data
In order to carry out the running of our business day to day and fulfill the requirements of the projects we work on, we sometimes need to disclose your data to other bodies or third party suppliers.
These other bodies may include sub-contractors, partners, online service/systems suppliers, etc.
Edinburgh Tourism Action Group Limited assess the Data Protection practices of our suppliers to the best of our abilities to ensure they are GDPR compliant and, wherever possible, Edinburgh Tourism Action Group Limited will put Non-Disclosure Agreements (NDAs) in place with our suppliers where it is necessary to share personal user data with them in the process of delivering our services.
Your Rights under GDPR
Under the GDPR, where we are using your data under consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for marketing purposes.
If you would like us to provide details of the information we hold for you, you can make a Subject Access Request by contacting us at email@example.com. There is no charge for making this request, although you will be asked to verify your identity. We will respond within 30 days of receiving your request and verifying your identity.
In using this site, you may provide certain personal data to Etag.org.uk, and certain data about you may be collected by ‘cookies’. Cookies are temporary internet files which are used by Etag.org.uk to enhance the use of this site. The information gathered via event registration will only be used to contact you in relation to that event. If you provide your contact details to the ETAG mailing list these may be used to contact you in regards to future ETAG activity, events and market intelligence.
Most browsers allow you to refuse to accept cookies.
- In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
- In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites.
(The wording for this Google Analytics policy section was created using a Contractology template available at http://www.freenetlaw.com)
Keeping your information
If you have submitted any information through our website, we will keep this data for 90 days, then delete it from our website and database. We keep email data and project files for 7 years, as required by HMRC for auditing purposes, where we may need to produce evidence of work carried out. ETAG Ltd will retain data for the time periods set out below:
Emails, Correspondence and Project Files: 7 years
This is in-line with record keeping guidelines provided by HMRC. We keep emails and project files to prove work carried out actually happened and we delete emails older than 7 years.
Financial Information: 7 years
We hold financial records for 7 years, in-line with guidance from HMRC.
Website backups: 1 year
As part of its hosting agreement, our web host stores secure backups of client websites to ensure the site can be restored in the event of outage or a hack. They hold backups on a secure, third-party server to a period of up to one year.
Website submissions: 90 days
Data submitted to us via any contact form on our own website is retained in the website database for 90 days. After this period of time, the entries are deleted.
Employee Details: 7 years
We keep details of staff members for 7 years. We do this incase we need to provide references for ex-employees moving on to new jobs, or if we need to provide HMRC with details of any previous work carried out.
Corporate Records: Permanent
Our corporate records are permanently retained on the governments Companies House website.
Access to information
Users may access their own personal information by request. They can also contact us about inaccuracies they may find by using our Contact Form.
Disclosure of Information
Sometimes, when working on projects, we have to share your data with sub-contractors or other people working on the project. When we are sharing the data, we endeavor do so in such a way that access can be revoked again.
Who will see your data?
When you submit data to us, we might disclose it to parties that we work with to deliver our services. This may include :
- Our staff
- Contractors we work with
- Service providers we use in administration and the delivery of our services
- We may also disclose your information to third parties if we are compelled to by law or to comply with any legal obligation.
Data storage and security
Edinburgh Tourism Action Group Limited protects user information with the following security measures: firewalls, standard network security, and other technology and procedures used to protect consumer privacy.
Edinburgh Tourism Action Group Limited uses a cloud-storage provider with the server located in the EU.
If you have any further questions about privacy or security, please contact us using our Contact Form.