1. Our Commitment To Personal Data.
The protection of personal data should be your right.
It is our responsibility to do everything we can to protect your data.
Data should ONLY be collected when it is required to provide a certain product or service.
Data will not be stored longer than it is needed.
We will NEVER sell, share or disclose your personal data without your permission unless it is requested by warrant by law enforcement agencies.
2. Legislation We Abide By.
Villakoumos.com follows the guidelines and legislation of the following bodies
The UK Data Protection Act 2018
The EU General Data Protection Regulation (GDPR) 2018
We follow the guidelines of the Information Commissioners Office the UK's official data protection body.
All the regulators above impose strict practices when it comes to the processing and storing of your personal data. If you are not from the UK the chances are we will meet the data regulations in your country too. If you wish to check on any aspect of your data protection rights you think may not be covered you can contact us
3. Data Retention.
We collect very little personal data. Please read on to see what data this site does collect.
3.1 Account Information Data
What: We collect full legal name, postal address, email address, shipping address, telephone number, IP address when you register as a customer at the time of registration.
Why: We collect this information to facilitate your booking for the villa, contact you about your booking, contact you with important information about our properties, to invoice or bill you and to provide you with support.
How Long: Client data is stored for the life of the client account. After an account is closed the data will no longer be used for processing, however, it will remain stored for a period of 5 years from the end of the tax year in which you close your account. This is to comply with HMRC tax reporting which is a statutory requirement and so overrules any request to completely remove data.
Where: We store this information in our hosting account with 3001web.com. See third party providers. Our site encrypts data during transfer and employs the latest in website security as does the web hosting company we chose.
3.2 Client Mailing List
We do not currently run mailing lists of any kind from this site.
3.3 Browser Tracking Information
What: What site you came from to get to our site, what link you clicked, what browser you use, what operating system you use, your geographical location, your IP address.
Why: Like a lot of websites we may use Google Analytics and other tracking software to track user interaction with this website. This helps us find out things like how many people visit our site, how they navigate around our site, the pages that are most visited. This data is stored on our website to provide us with traffic analysis. It helps us improve our site and our services. This information does not directly identify you as a person it is just behavioural data. Google may also record your IP address which could be used to identify you, however, they do not give villakoumos.com access to that information.
How Long: This data is purged every 3 years. It is not personally identifying data so there is no way we can remove data about your visits as we do not know what part of the data is attributed to you.
Where: Basic tracking information is stored on our web hosting account with 3001web.com please see third-party providers. Our web host encrypts data during transfer and employs the latest in server security. This data, however, does not personally identify you and is not classed as sensitive personal data.
Any Google based tracking is stored by Google on its servers. While this data may be used to track you Google does not give us access to that kind of information. See third-party providers.
3.4 Email Contact (Contact form)
What: Your email address, your name, your telephone number, your consent to store your details, your IP address, the date and time you submit the form and any other information you provide.
Why: To contact you for the purpose of discussing the provision of our service.
How Long: Your input will be stored for a period of five years in line with UK law.
Where: The form input is stored in the secure admin area of our site and in our business email account. See third-party providers.
3.5 Email Address Book
What: Your name and email address.
Why: To be able to communicate with you quickly and effectively by email.
How long: This data is deleted if you request that we remove it. It may also be cleared periodically if we have not had communication with you in several years.
Where: We store this information securely in our business email account it is not stored on our website. (see third-party providers.)
4. Third-Party Providers And Data Processors
Some of the services this site uses may process, store or have access to your data to help us run our service to you. We have no control over their processing or data storage however they are all reputable and data protection focussed companies that have been vetted by us. The companies we use are as follows;
5. How We Protect Your Data
Data is encrypted when sent between your devices and our website using 256bit encryption provided by SSL certificates issued for our own site.
Our web hosts servers have regular security checks and hardening performed on them by their server administration team.
Our web hosts servers contain (among others) the following security protocols;
cPHulk brute force protection to protect against brute force attacks
PHP open_basedir Protection
CSF firewall is installed, and LFD is running.
System kernels are updated instantly as released.
The MySQL port is blocked by the firewall, effectively allowing only local connections.
Password strength requirements are strong at both server level and admin areas for our site.
Outbound SMTP connections are restricted.
Php versions upgraded regularly as soon as they are stable.
Our site is monitored by 3001web for out of date or no longer supported plugins, themes and core code. Any outdated plugins or theme are updated immediately.
We have also installed a site level firewall and security system to protect your data even further.
6. Data Breaches
We will report any unlawful data breach where we believe there is a threat to the personal data of our clients. This will be reported to the ICO in the UK. The report will be submitted within 72 hours if we can establish that personal data was accessed or stolen. In the event that personal data was accessed and in accordance with the GDPR rules we may also inform the data subject (you).
You, of course, may, at any time, prevent the setting of cookies through our website by means of corresponding settings of your Internet browser, and deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programmes. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in your browser, not all functions of our website may be entirely usable.
8. Lawful Basis For The Processing Of Your Data
The lawful basis for the collection of your data is "Contract" We need to process your name, email address and telephone number to be able to contact you and contract the rental of our property.
9. Your Rights As A Data Subject
The Data Subject has the following rights:
- Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help of supervisory authority – meaning you have the right to the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right to withdraw any given consent for Processing of your Personal Data.
10. Changes to this policy