We know there is a lot of information here to digest, however, we want to ensure you are fully informed about your rights, and how Apartbook uses your data. Hopefully, this page answers any questions you may have, but if you require further assistance please do not hesitate to contact us using the information at the bottom of this page.
What is GDPR?
The General Data Protection Regulations came into force on 25th May 2018. These regulations replaced the Data Protection Act 1988 and enforce stricter rules on how companies within the European Economic Area (EEA) are able to process and store data. The regulations also give individuals more rights to access and manage the data that companies hold.
The rules not only apply to all companies that are based within the EU but also any company that offers products or services to individuals within the EU. The UK government have also already written the new GDPR rules into UK Law, so they will still apply once the UK leaves the EEA.
What are the legal bases for data collection?
The GDPR outlines 6 legal bases that a company may use to collect data from individuals. All data collected and processed must fall under one of these categories, otherwise, the data may not be collected in the first place.
At Apartbook, we only use 4 of the legal bases to collect information. We explain these below, however, if you would like to read about the other legal bases you can find more information on the Information Commissioner’s Office website.
We need to collect and process personal data to perform our contractual obligations with you. This legal basis is normally used when you purchase one of our services.
For example, we need to collect information about your company name, address and contact information when you sign up to use SAMS so that we can send you information on how to access the system. We will also collect billing information so that we can charge you on a monthly basis.
We may be required by law to collect and process your personal data.
For example, we can pass details of individuals and companies involved in fraud or other criminal activity affecting Apartbook to law enforcement.
We may collect and process personal data for our own legitimate interests in ways that are reasonably expected to run our business.
For example, we monitor the usage of our systems to ensure we can maintain and scale our infrastructure accordingly.
We may collect and process your personal data with your consent.
For example, you tick a box to sign up to our newsletter.
What personal data does Apartbook collect?
Apartbook collects data at all stages of the customer journey. This is to ensure that we can provide the best customer service and fulfil our contractual obligations.
|Data collected||How we use the data|
|When you visit our marketing websites we anonymously collect data on which pages you visit and how you use our websites.||We use this data to make improvements to our website and ensure that users are able to easily sign up for our services. You are shown a cookie banner for use to obtain consent for this.|
|When you sign up for our service either through the website or via the phone we collect the following information:
||We use this data to fulfil our contractual obligation to you in signing up to our services. We use this information to create your account and billing set up and to send you information on accessing our services.
We may pass your details on to credit checking agencies, but will always ask permission before doing so.
|When you make an enquiry through the website contact form we collect:
||We use this data to respond to your enquiry and monitor the performance of our sales team.|
|When you enter competitions we may collect:
||We use this data to pick a winner and keep entries updated on the competition.|
|When you sign up for our newsletter we may collect:
||We use this data to send out our monthly newsletter to individuals who have consented to direct marketing.|
|When you interact with us on social media.||We use this data to monitor our customer service performance.|
Data use for legitimate interests
We may also process all data that we hold for a legitimate interest of the company. This may include the following activities:
- Monitoring website performance
- Monitoring system performance
- Monitoring customer service performance
- Monitoring social media performance
- Reporting on demand trends within the market to better help plan promotions
- Monitoring customer spend and credit
How does Apartbook store your data?
We know how much security means to all of our customers, therefore, we always treat your data with the utmost care and take all appropriate steps to protect it.
We ensure all of our websites are secured using TLS technology (https) to ensure data in transit is encrypted and secure.
Where possible we do not store any personal data locally on company premises. All data is stored in our third-party systems and any local copies are immediately destroyed. We have strict data security policies in place that all our staff understand and agree to. This is to ensure that all data is processed and stored correctly and in a secure manner.
We ensure all our third-party system meet the General Data Protection Regulations and are PCI compliant where required, which enforces even stricter rules. Access to these systems is only given to staff members who require it to complete their daily tasks. Each system is secured via a TLS connection and only accessible via a password-protected portal.
All sensitive data such as payment card details are secured and tokenised outside of the system our staff can access to ensure they are always protected.
We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
How long do we keep your data?
When we collect or process your personal data we will only keep it for as long as necessary for the purpose for which it was collected.
After this retention period, your personal data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for business analysis and planning.
Who do we share your data with?
We sometimes share your data with trusted third-parties. We have a very strict policy on what information can be shared with third-parties to keep your data safe and to protect your privacy.
We always ensure:
- We only provide the information they require to perform their specific services
- They may only hold the data we provide for the exact purposes specified in our contract with them
- We ensure that they hold your data in a secure manner and that your privacy is protected at all times
- If we stop using their services, any data that they may hold will be deleted
We may share information with law enforcement bodies on request and where fraudulent or potentially fraudulent activity is suspected in our systems.
To help fulfil our contractual obligations with you and to help personalise and improve your journey through our websites we currently use the following companies, who will process your personal data as part of their contract with us:
- Digital Ocean
- Campaign Monitor
- Amazon Web Services
Where your personal data may be processed
Sometimes we need to share your personal data with third parties outside the European Economic Area (EEA), such as New Zealand and the USA.
If you are based outside of the UK and provide personal data, we will transfer the personal data that we collect from you to the company in the UK.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third parties outside of the EEA.
If we do this, we have procedures in place to ensure that all your data receives the same protection as if it were being processed inside the EEA. If you wish to receive more information about these policies please contact us using the information at the bottom of this page.
The GDPR gives individuals more rights in regards to how companies collect and process their personal data. Under the guidelines, you have the following rights:
- You should always be informed about how personal data will be used at the point of collection
- You have the right to request access to any and all personal data that a company holds on you
- You should be able to instruct a company to update and correct any information that they hold on you
- You have the right to request a company deletes any personal data that they may hold on you
- You can instruct a company how they can and cannot process your personal data
- You have the right to request a copy of all data a company hold on you in an easily usable electronic format
Right to access personal information
Under the guidelines, you have the right to request a copy of any information Apartbook currently holds about you at any time and also to have that information corrected if it is inaccurate. To ask for your information please send your request to Data Protection, Apartbook, Suite 2-15 Margaret Powell House, 401-447 Midsummer Boulevard, Milton Keynes, MK9 3BN. To ask for your information to be updated please contact a member of the team.
Right to withdraw consent
Whenever you have given us consent to process your personal data, you have the right to change your mind and withdraw that consent at any time.
Where we rely on our legitimate interest
In cases where we are processing your personal data for legitimate business interests, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your data.
You have the right to stop the processing of your data for any and all direct marketing activity through all channels, or selected channels. We must always comply with your request.
You can either contact us directly to stop direct marketing or click the unsubscribe link on any marketing email you may receive from us to stop all future marketing campaigns being sent.
Checking your identity
To protect the confidentiality of all personal data we hold, we will ask you to verify your identity before proceeding with any request for information. If you have instructed a third-party to make the request on your behalf, we will ask them to prove they have your permission to do so.
Contacting the regulator
If at any point you feel that your data hasn’t been handled correctly, or you are unhappy with any response to requests, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them on 0303 123 1113 or by visiting www.ico.org.uk/concerns.
If you are based outside of the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country.
Still, have questions?
You can email us at firstname.lastname@example.org or write to us at Data Protection, Apartbook, Suite 2-15 Margaret Powell House, 401-447 Midsummer Boulevard, Milton Keynes, MK9 3BN.
This notice was last updated on 26/11/2019.