Le Gite du Pontreau - Privacy & GDPR Policy
What is the GDPR?
GDPR is an acronym for the General Data Protection Regulation. The purpose of the GDPR is to protect user data, and to ensure users located in the EU are in control of their personal data by allowing users to easily opt-out and remove their personal data as they see fit.
We respect your right to privacy and only request or collect information that we need to provide you with the services that you request. We aim to ensure that our collection and use of your personal information is appropriate to the provision of services to you and is in accordance with applicable data protection laws.
BREXIT Update - Does the GDPR still apply?
Yes. The GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018.
The key principles, rights and obligations remain the same.
Personal data can continue to flow freely between the European Union and the United Kingdom in the same way as before Brexit, because the EU has now confirmed that UK data protection law is adequate for the purposes of the EU General Data Protection Regulation (GDPR) and the Law Enforcement Directive, agreeing that UK law provides an essentially equivalent level of protection to that guaranteed under EU law.
The EU has adopted two ‘adequacy’ decisions for the UK, pronouncing that UK data protection law is adequate to protect personal data to the standards required by the GDPR. This means (except for some immigration control purposes which are still under review) no restrictions apply to personal data transfers between the UK and EU for a minimum of four years. The UK's data protection system continues to be based on the same rules that were applicable when the UK was a Member State of the EU and the UK has fully incorporated the principles, rights and obligations of the GDPR and the Law Enforcement Directive into its post-Brexit legal system.
What information we collect from you.
When you make a booking with Le Gite du Pontreau we collect the names of all the guests who will be staying, and the home address, email address and telephone number of the person making the booking. In order to repay security deposits, we may also request bank details (account name, account number and sort code).
How we use the information that you give us.
We use your email to communicate with you, to send you your booking confirmation and answer any queries you may raise with us. After your visit we may also thank you and ask you for a review.
We will not use your telephone number unless we need to contact you urgently or if we cannot reach you by email.
We do not issue newsletters or use marketing mailing services such as Mailchimp. We use Facebook and Instagram and other social media platforms to market our property in addition to our own website. Under no circumstances would we ever pass your details to any third party apart from official government bodies if required to do so by law.
If you choose to follow us on social media such as Facebook or Instagram, we do not need your consent as you have already given this by your acceptance of the terms and conditions on that platform.
Access to your Information
You have the right to request a copy of any information we hold about you. If you would like a copy of this, please email us using the contact form on our website or by using any of the other methods provided such as email or phone contacts.
Right to be Forgotten
All customers have the right for their details to be removed from our records. However, this cannot override French and UK legislative requirements. There are two current exceptions :
If your booking is made via one of our booking partners such as VRBO they will be responsible for their compliance with GDPR regulations and they have their own safeguards and policies in place. Please check on the booking site concerned directly.
Notification of Data Breaches
We are required to notify the Information Commissioner’s’ Office within 72 hours if we become aware of any data breach if that breach is likely to “result in a risk for the rights and freedoms of individuals”. For any breach, we are also required to notify the concerned parties “without undue delay” after first becoming aware of any data breach.