We absolutely respect your right to privacy. Our overall aim is to ensure that our collection and use of personal data is appropriate to the provision of services to you and our clients and is in accordance with applicable data protection laws.
- Who we are
- The personal data we collect about you
- How we store, use and share your personal data for our core business
- How we might otherwise share your personal data and who we share it with
- International transfers
- Data Retention
- Your rights
- Applying for a job at The Original Cottage Company
- Third party sites
- Complaints, questions and suggestions
Who we are
The Original Cottage Company Limited is the data controller of the personal data that we collect from you. It is a company registered in England and Wales (registration number 06951692), whose registered office is at Bank House, Market Place, Reepham, Norwich, NR10 4JJ.
The personal data we collect about you
If you (either as an individual or as part of a group booking) are seeking to rent a property or to obtain details about a potential holiday, we will usually collect the minimum information required to fulfil your needs. This will likely include your name, contact details, payment details, date of birth, details of other members of your party plus information on your specific requirements in order to customise your holiday and deliver your specific requirements.
If you sign up to join our mailing list we will collect your name and email address, together with your consent to receive communications from us. This consent can be removed at any time simply by using the unsubscribe button on any of our email communications.
If you are letting or are seeking to let your property, we will usually collect your name, contact details, bank account details and information on your property required to optimise its marketing through our sites.
If you are, or work for, a supplier to The Original Cottage Company Limited, then we will collect the minimum amount of business specific personal data, usually your name, business role and business contact details to enable us to manage the business relationship.
If you are, or work for, a business customer of The Original Cottage Company Limited, then we will collect the minimum amount of business specific personal data, usually your name, business role and business contact details to enable us to manage the business relationship.
How we store, use and share your personal data for our core business
Individuals who rent, or enquire about, a property
We collect, store and use your personal details as outlined above for our legitimate business interests, so that we can fulfil both your immediate and any potential future holiday booking or enquiry needs. This storage and use of your personal data allows you to be contacted about both your current booking or enquiry.
Given that we act as an agent between the hirer / enquirer and the owner / renter of the property, we will share your personal data with the owner / renter as required to either secure your holiday booking or answer your holiday enquiry. The owner/renter of the property may use this personal data to contact you for the purposes of facilitating your holiday booking.
Should you request that we pass on supplementary information that you wish to provide to the owner / renter then we will do so and will only hold that information on your behalf as part of your booking record.
If you provide feedback on a property, we may also share this with the owner / renter which may include disclosing your personal data.
Individuals who join our mailing list
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, you have not opted out of receiving that marketing. You will also receive marketing communications from us if you have provided us with your details when you entered a competition or registered for a promotion and gave us your consent as part of that process. As such, we may contact you with details of our properties, services, offers and other marketing items which we believe will be of interest or potential benefit. We do not believe that this storage and use of your personal data will unduly prejudice your rights or freedoms. You can remove your consent at any time using the unsubscribe button on any of our email communications to you.
Individuals who let, or seek to let, a property
We collect, store and use your personal details as outlined above for our legitimate business interests, so that we can market and let your property.
This storage and use of your personal data allows you to be contacted about both any current booking or enquiry, and also - providing you have not opted out of receiving marketing communications - allows us to update you with offers, opportunities and developments which could be both interesting and beneficial in the future. We do not believe that this storage and use will unduly prejudice your rights or freedoms.
Given that we act as an agent between the hirer / enquirer and the owner / renter of the property, we will only share the minimum amount of your personal data with the hirer / enquirer as required to either secure your holiday letting or answer any relevant holiday enquiry. Additionally, should you request that we pass on supplementary information that you wish to provide to the hirer / enquirer then we will do so and will only hold that information on your behalf as part of your letting record.
We collect, store and use the business contact details of individuals working with our business partners for our legitimate business interests in maintaining and managing the commercial relationship between The Original Cottage Company Limited and its commercial suppliers and customers. We do not believe that this storage and use will unduly prejudice the rights or freedoms of these individuals.
All other users of the sites and our services
We collect, store and use your personal data for the following purposes:
- to make the sites available to you; and
- to provide any services that you request.
Sometimes, our use of your personal data is for purposes which are ancillary to the provision of the sites and services, or which are desirable in order to make them to operate more effectively. In those circumstances, we believe we have a legitimate business interest in handling your personal data, and do not believe that this storage and use of your personal data will unduly prejudice your rights or freedoms.
The relevant circumstances are:
- detecting and preventing fraud;
- keeping our websites, apps, products and IT systems secure;
- ensuring that our own processes, procedures and systems are as efficient as possible;
- analysing and enhancing the information that we collect;
- determining the effectiveness of our promotional campaigns and advertising; and
- if you have joined our mailing list and you have given us your consent, contacting you (including by SMS and email) with products and services which we think may interest you.
We also collect anonymised details about visitors to our websites for the purposes of generating site statistics, reporting purposes or improving our website and marketing effectiveness. However, no single individual will be identifiable from the anonymised details we collect for these purposes.
How we might otherwise share your personal data and who we share it with
We will disclose information under the following circumstances:
- Third-party service providers: When we share information with third-party service companies for them to facilitate or to provide certain services on our behalf. This will include:
- IT support service providers;
- third-party service providers who track our customers' use of the sites and our services for us.
- other third-parties who we may need to work with to deliver services and/or facilitate your booking and holiday (including any holiday extras), for example, providers of property management services (including, but not limited to, housekeeping, property maintenance etc).
These third-parties are contracted to use your personal data only as necessary to provide the relevant services to us and are required to maintain full security and confidentiality.
In some, relatively limited, circumstances we need to handle your personal data in a certain way to be able to comply with our legal obligations – for example: if we are requested to disclose your personal data to regulatory bodies or if we need to demonstrate our compliance with applicable law such as any tax and national insurance legislation relating to the payment of personal service company contractors and immigration law.
All of our core cottage rental business systems store and process data within the United Kingdom or European Economic Area (EEA). However, some of our internal management systems use international service providers who may carry out processing outside of the UK or EEA. If this processing is carried out in the USA your data is protected, with additional safeguards in place as required by the GDPR, by the use of Standard Contractual Clauses for each of the service providers concerned. If you would like more details on this, please contact us using DPO@originalcottages.co.uk
Technologies such as cookies, beacons, tags and scripts are used by us and our affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the sites, tracking users’ movements around the sites and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We employ comprehensive, reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal data we process. This includes organisational security (passwords and access controls), physical security (data centre protection) and IT security (encryption). Please note that no transmission over the Internet can ever be guaranteed secure and as a consequence please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
We retain information (including personal data) for the minimum reasonable time period to allow us to provide our services and to comply with legal requirements which require us to retain transactional records for six years following the end of the tax year in which you last interact with us. The only exceptions are in cases where we need to keep limited personal data to resolve ongoing disputes, or enforce our agreements.
Should you require more detail about our retention timescales for a specific category of data or information please contact us at DPO@originalcottages.co.uk
You have certain rights in relation to your personal data. If you would like further information in relation to these or would like to exercise any of them, please contact us at DPO@originalcottages.co.uk at any time. You have the right to request that we:
- provide access to any personal data we hold about you;
- update any of your personal data which is out of date or incorrect;
- delete any personal data which we are holding about you;
- restrict the way that we process your personal data;
- prevent the processing of your personal data for direct-marketing purposes;
- provide your personal data to a third-party provider of services;
- provide you with a copy of any personal data which we hold about you; or
- consider any valid objections which you have to our use of your personal data.
We will consider all such requests and provide our response within a reasonable period (and in any event within any time period required by applicable law). Please note, however, that certain personal data may be exempt from such requests in certain circumstances.
If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
Applying for a job at The Original Cottage Company
When you apply for a job with us, we collect and process a range of personal data in order to assess your suitability for employment. You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
We ask for:
- personal details including name and contact details
- details of your qualifications, skills, experience and employment history
- information about your current level of remuneration, including benefit entitlements
The legal basis we rely upon for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.
We will also ask whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process. The legal bases we rely upon for this are article 6(1)(c) of the GDPR which allows us to process information to meet a legal obligation and article 9(2)(b) as the processing is necessary for the purposes of carrying out our obligations in the field of social security and social protection law.
You may also be asked to provide equal opportunities information including information about your ethnic origin, sexual orientation, health, and religion or belief. This is not mandatory – if you don’t provide it, it won’t affect your application. This is done for the purposes of equal opportunities monitoring only and we won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. The legal bases we rely upon are article 6(1)(a) and 9(2)(b) which require your explicit consent.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts. It these situations the legal basis we rely upon is article 6(1)(c) of the GDPR which allows us to process information to meet a legal obligation.
When we make a job offer we will also seek information from third parties, such as references supplied by former employers and information from employment background check providers. For some roles, we are legally obliged by safeguarding legislation to conduct criminal records checks. This usually applies to roles that may involve working with minors. The legal basis we basis we rely upon is article 6(1)(c) of the GDPR which allows us to process information to meet a legal obligation.
Sharing your information
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. The organisation will then share your data with former employers to obtain references for you and employment background check providers to obtain necessary background and criminal records checks.
Keeping your information
If you are unsuccessful after assessment for the role, we will hold your data on file for 6 (six) months after the end of the relevant recruitment process. At this point your data will be deleted unless you have told us that you would like your details retained in our talent pool. If this is the case, then we would proactively contact you should any further suitable vacancies arise.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in our employee privacy notice.
Third party sites
Complaints, questions and suggestions
We have a Data Protection Officer to assist with all queries regarding our processing of personal data who can be contacted via DPO@originalcottages.co.uk
If you have any complaints, questions and suggestions about our sites or services, please contact us using our contact form.
In the EEA, you may also make a complaint to our supervisory body for data protection matters (the Information Commissioner's Office in the UK) or seek a remedy through local courts if you believe your rights have been breached.