Passed in 2016, the General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which came into force 25 May 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all local laws relating to it.
We support the GDPR and will ensure all Harwood House services comply with its provisions.
- Who We Are
- Your Privacy Is Important
- What We Collect and Store
- What We Share with Others
- Who On Our Team Has Access
- Where We Send Your Data
- How Long We Retain Your Data
- What Rights You Have Over Your Data
- Contact Us About Your Privacy
- How We Protect Your Data
- What Data Breach Procedures We Have in Place
Who We Are
Harwoodhousestansted.com, owned and operated by Hardwood House (HH). We are a bed and breakfast serving travellers through Stansted Airport as well as visitors to Essex. We are located at 52 Stortford Road, Great Dunmow, Essex, CM6 1DN.
Our website’s full URL is https://harwoodhousestansted.com. This document outlines how HH handles any personal information collected through our site. If you have any questions or comments, email us at firstname.lastname@example.org.
Your Privacy Is Important
What We Collect and Store
- Functional purposes: The WordPress software that powers our site relies on non-tracking cookies in order to function properly.
- Social web: We use third-party cookies from social networks such as Facebook to enable ‘liking’ and ‘sharing’ content on your social networks.
We provide a contact form on our Contact Page. This contact form collects the following personal data:
- Email address
- Phone number
It may also capture a subject line and a short message written by you.
What We Share With Others
We ask for reviews on our business’s Google My Business page. We do not directly share your data with Google, nor do we collect or store your review. When you click the ‘Write Your Review’ button on our Write a Review page, you are taken off-site and asked to login to your Google Account to create the review.
Finally, in order to send messages from our contact form, our site uses the Mailgun Plugin for WordPress. Mailgun receives SMTP requests from our site and processes / sends the message to our email address. Mailgun collects your name, email, subject line and message body. Mailgun is fully GPDR compliant.
Who on Our Team Has Access
Harwood House is a small business run by Nicola Bradley and Tom Hamilton. As owners and managers we have access to booking information stored in our Eviivo account. This allows us to support our guests and ensure smooth running of our Stansted B&B.
Messages sent through our contact form are delivered to our business email address, email@example.com. We use Gmail as part of Google Cloud for our email client. You can read about Google Cloud and GDPR compliance here.
Where We Send Your Data
We do not directly share or transfer your data to any third parties inside or outside the EU. For example, our Mailgun SMTP service is based in the EU. However, when you click on our Book Online or Write a Review links you are taken off-site to websites managed by Eviivo and Google, respectively. See the ‘Who We Share Your Data With’ section, above.
How Long We Retain Your Data
Messages sent via the contact form are retained in our email account for 6 months prior to deletion. Mailgun retains message bodies for 72 hours before deletion. Moreover, Mailgun retains metadata of a message, which includes the sender, recipient(s), subject line, originating IP address and other routing data for 30 days.
Reservation details are stored in Eviivo for a minimum of 7 years for tax purposes.
What Rights You Have Over Your Data
If you have sent a message via the contact form or made a reservation with us, you can request to receive a file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Please send Right of Access or Right of Erasure Requests to firstname.lastname@example.org.
Contact Us About Your Privacy
If you have any privacy questions or concerns, please contact:
+44 01371 874627
52 Stortford Road, Great Dunmow, Essex, CM6 1DN
How We Protect Your Data
We seek to protect your data in a number of ways, in particular:
- our site uses an SSL connection
- we follow and enforce a strong password policy within our business
What Data Breach Procedures We Have in Place
If data breaches are detected, we contact anyone affected via email as soon as the breach is discovered.