1.1 This Privacy Notice covers the activities of Malulu. In this Privacy Notice these organisations are referred to as we, us or Malulu.
1.2 Malulu respects your privacy and commits to protecting it through our compliance with the practices described in this notice. This notice describes how we collect, use, protect and share the personal data we may collect from you or that you may provide when you visit our website or when you contact us in connection with an enquiry or to book accommodation or an event with us. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).
1.3. The website may include links to third-party websites, plug-ins, services, social networks or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. We do not control these third-party websites, and we encourage you to read the privacy notice of every website you visit.
1.4. Please read this notice carefully to understand our policies and practices for processing and storing your personal data. This notice may change from time to time (see Changes to our privacy notice), so please check the notice periodically for updates.
2. Data We May Collect About You
2.1 We collect and use different types of data from and about you including:
2.1.1 Personal data that we could reasonably use to directly or indirectly identify you, such as your name, postal address, email address, telephone number, user name or other similar identifier (“personal data“).
2.1.2 Non-personal data that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information, or statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific website feature.
2.1.3 Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, or operating system and platform.
2.1.4 Non-personal details about your website interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our website (including date and time), areas of the website you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page or any phone number used to call our customer service number.
2.1.5 Information about your visit if you contact us to book accommodation or an event.
2.2. If we combine or connect non-personal, technical, or demographic data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.
3. How We Collect Data About You
3.1. We use different methods to collect data from and about you including through:
3.1.1. Direct interactions. You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you make an enquiry.
3.1.2. Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns as specified above. We collect this information by using cookies and other similar technologies (see Cookies and automatic data collection technologies).
3.1.3. Third parties or publicly available sources. We may receive information about you from third parties including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, data brokers or aggregators.
4. Cookies And Automatic Data Collection Technologies
4.1.1. Estimate our audience size and usage patterns.
4.1.2. Store your preferences so we may customise our website according to your individual interests.
4.1.3. Speed up your searches.
4.1.4. Recognise you when you return to our website.
5. How We Use Your Personal Data
5.1 The ways in which we use your personal information will vary depending on the reason why you are in contact with us. We set out below further information about how we use personal information for different purposes.
6. Other Uses of Your Information
6.1. We also use your information for the following purposes:
6.1.1. Present our website and provide you with the information, services and support that you request from us.
6.1.2. Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or comply with legal requirements.
6.1.3. Fulfil the purposes for which you provided the data or that were described when it was collected.
6.1.4. Notify you about changes to our website or services.
6.1.5. Ensure that we present our website content in the most effective manner for you and for your computer.
6.1.6. Administer our website and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical and survey purposes.
6.1.7. Improve our website or services, marketing, or customer relationships and experiences.
6.1.8. Protect our website, employees, contractors, or operations.
6.1.9. Make suggestions and recommendations to you and other users of our website about events and services that may interest you or them.
6.2. We may also use personal data to contact you about our own and third-parties’ goods and services that may be of interest to you. We will only do this if you have signed up to receive our updates or otherwise given your consent for us to contact you in this way. You can change your preferences at any time by using the unsubscribe link on our emails or by contacting Louise Edwards at email@example.com.
7. What Is The Legal Basis Of Our Data Processing?
7.1. Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so. We rely on the following legal bases to use your information:
7.1.1. Where we need information to enter into or perform a contract we have entered into with you.
7.1.2. Where we need to comply with a legal obligation.
7.1.3. Where the processing is necessary for us to carry out activities which are in the Chase Farm Glamping’s legitimate interests (or those of a third party) and provided that your interests and fundamental rights do not override those interests, including:
18.104.22.168 Using your personal data to promote our events and to send you marketing communications.
22.214.171.124 Processing for fraud prevention purposes and to recover monies owed to us.
126.96.36.199. Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively – this will include: verifying the accuracy of information that we hold about you and create a better understanding of you; processing for administrative efficiency purposes such as where we outsource certain administrative functions to third parties who are specialise in such services; processing for network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access or to comply with a request from you in connection with the exercise of any of your rights outlined below.
7.2. In limited circumstances we may process information relating to your health (for example if you inform us of dietary requirements or where have specific medical needs that we need to know about to enable us to provide you with access to an event or to cater for your specific requirements). In these cases, the legal basis which we rely on to use your personal data is consent. By volunteering this information to us you will be consenting to us using it for the purpose that you specify when you provide us with the information.
8. Disclosure Of Your Personal Data
8.1. We share your personal data with the following third parties and in the following ways:
8.1.1. Business partners, suppliers, service providers, sub-contractors and other third parties we use to support our business (such as analytics and search engine providers that assist us with website improvement and optimisation, event organisers and billing partners). We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.
8.1.2. Credit reference agencies when required to assess your credit score before entering into a contract with you (only relevant for residential tenants).
8.2. For any other purposes that we disclose when you provide the data.
8.3. With your consent.
9. We May Also Disclose Your Personal Data To Third Parties:
9.1. If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
9.2. To comply with any court order, law, or legal process, including responding to any government or regulatory request.
9.3. To enforce a contract that we have with you.
9.4. To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of cybersecurity, fraud protection and credit risk reduction.
10. Overseas Transfers Of Data
10.1. We are based in the United Kingdom. However, some of the service providers that we use may store your data in countries that have different privacy laws that may not be as comprehensive as your own. Where our service provides transfer your personal data outside of the European Union, we ensure that they have adequate safeguards in place to protect your personal data.
10.2. We’ll use one of these safeguards:
10.2.1. Transfers to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website (https://ec.europa.eu/info/law/law-topic/data-protection_en).
10.2.2. Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website (https://ec.europa.eu/info/law/law-topic/data-protection_en).
10.2.3 Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website (https://ec.europa.eu/info/law/law-topic/data-protection_en).
11. Your Personal Data Use Choices
11.1. We strive to provide you with choices regarding certain personal data uses, particularly around marketing. If you do not want us to use your email address to contact you with our offers and news, you can opt-out by replying to any promotional email we have sent you or following the opt-out links on that message.
11.3. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates, or plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.
12. Your Rights In Relation To Your Personal Information
12.1. You have a number of rights in relation to your personal information – these include the right to:
12.1.1. Be informed about how we use your personal information.
12.1.2. Obtain access to your personal information that we hold.
12.1.3. Request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate.
12.1.4. Request that we erase your personal information in the following circumstances:
188.8.131.52. If Malulu is continuing to process personal information beyond the period when it is necessary to do so for the purpose for which it was originally collected.
184.108.40.206. If Malulu is relying on consent as the legal basis for processing and you withdraw consent (we do not usually rely on consent).
220.127.116.11. If Malulu is relying on legitimate interests as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us continue with the processing.
18.104.22.168. If the personal information has been processed unlawfully.
22.214.171.124. If it is necessary to delete the personal information to comply with a legal obligation.
12.1.5. Ask us to restrict our data processing activities where you consider that:
126.96.36.199. Personal information is inaccurate.
188.8.131.52. Our processing of your personal information is unlawful.
184.108.40.206. Where we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim.
220.127.116.11. Request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information.
18.104.22.168. Not be subject to wholly automated decisions which produce legal effects or which could have a similarly significant effect on you.
12.1.6. Request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information.
12.1.7. Not be subject to wholly automated decisions which produce legal effects or which could have a similarly significant effect on you.
13. Right To Object
13.1. In addition to the rights set out above you also have a right to object to our processing of your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful.
13.2. If you raise an objection, we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information.
13.3. If you would like to exercise any of your rights, please contact us using the details below.
14. Data Security
14.1. The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse and unauthorised access, use, alteration or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections.
14.2. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
14.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the website.
15. Children's Online Privacy
15.1. We do not direct our website to minors and we do not knowingly collect personal data from children under 18 or as defined by local legal requirements. If we learn we have mistakenly or unintentionally collected or received personal data from a child under 18 without appropriate consent, we will delete it. If you believe we mistakenly or unintentionally collected any information from or about a child under 18, please contact us at firstname.lastname@example.org.
16. For How Long Do We Keep Your Personal Data?
16.1. The period for which we will keep your personal data will depend on the nature of our relationship with you. We will keep your personal data for as long necessary to perform the relevant services that you have requested from us. We will also keep data for as long as we are required to do so for legal or regulatory purposes.
17. Changes To Our Privacy Notice
17.1. We will post any changes we may make to our privacy notice on this page and indicate on the website home page that we updated this privacy notice. If the changes materially alter how we use or treat your personal data we will notify you through a notice on the website home page. Please check back frequently to see any updates or changes to our privacy notice.
18. Complaints And Contact Information
18.1.1. If you have any complaints about the way we use your personal data then in the first instance please contact email@example.com who will endeavour to resolve the issue. If we cannot resolve any issue, you have the right to complain to the Information Commissioner.
18.2. Contact details:
18.2.2. If you have any questions, comments or requests regarding any aspect of this Privacy Notice, please do not hesitate to contact us by email at firstname.lastname@example.org, by phone on 07743 862 790, or by post to – Chase Farm, Shaw’s Lane, Southwater, Horsham, West Sussex, RH13 9BX, UK.