General Data Protection Regulation (2018) and Privacy & Electronic Communications Regulation (2003/2011)
Who are Gretna Green?
Gretna Green Ltd is a fourth-generation, family-owned business in Gretna Green and Gretna, Scotland. Established for over 130 years, they are the owners of the World Famous Blacksmiths Shop venue and museum – home of the Anvil Wedding – as well as luxury hoteliers, online shopping provider and commercial retailers.
For the purpose of this policy “Gretna Green”, “We”, “Us”, “Our”, “Company” or “Group” refer to Gretna Green Ltd and any/all of their trading names and/or sub-brands.
Our trading names include Gretna Green Famous Blacksmiths Shop, Smiths at Gretna Green, Greens at Gretna, Gretna Hall, Old Toll Bar, Canny Scot and Gretna Green since 1754.
Our Data Compliance
We, Gretna Green Ltd, as per the EU General Data Protection Regulation (GDPR) 2018 and Privacy & Electronic Communications (EC Directive) Regulations (PECR) 2003/2011 certify, that to the best of our knowledge and understanding of the aforementioned legislation we have taken the necessary technological and organisational measures for the purpose of Data Compliance, including: data minimisation, de-identification (wherever possible), privacy by design, additional transparency, restricted access, opt-out options and other technical security measures where applicable.
As is our organisational responsibility as a data controller, we have also taken steps to ensure that all relevant data processors are equally GDPR compliant.
Please find below, full details of our GDPR compliant privacy policy and how we will respectfully collect, treat and use your personal data, why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information.
What information do we collect
Depending on how you interact with Gretna Green Ltd, dictates what information we collect from you.
E-commerce customers: name, address, contact number, email address, purchase date, products ordered and order value.
Subscribed customers: name, address, email address will be captured in all subscription forms. We will also hold any other data which you supply during your subscription, e.g. Bride and Groom’s names or the options you selected to the question “I am interested in”. You can view and amend all of the opt-in information we hold about you here.
Wedding/Events customers: name, address, email address will be held for all customers. We will also hold information such as event date, venue, number of guests and other contact information. If you would like to view, amend or delete the information which we hold about you, you can do so by contacting us.
Hotel customers: name, address and email address will be held for all customers. We will also hold information such as contact number, booking reference, arrival and departure dates, number of nights, accommodation type, accommodation name, number of guests, as well as information regarding any upgrades you may have purchased during or prior to your stay. If you would like to view, amend or delete the information which we hold about you, you can do so by contacting us.
Retail/Loyalty Card customers: name, address, email address, contact telephone number.
Group Travel clients and members: name, company address, company name, position, email address, contact telephone number, membership number.
How will we use your information
We will collect and use your personal information to allow access to this website, register or subscribe to this website, buy and / or use our products and services, stay at our hotel, host an event or wedding with us and purposes set out in more detail in this section, provide you with marketing material based on products/services you have previously engaged with.
E-commerce customers: We use this information to provide our products and services, manage and administer our services, process your order, take payment from you or give you a refund, onboard you as a customer, help us ensure that our customers are genuine and to prevent fraud; and send personalised offers [or shopping ideas].
Subscribed customers: We use this information to send you our newsletters and details of services and goods we think that you would be interested in, as per the categories, or list which you subscribed to.
Wedding/Events customers: We use this information to provide our wedding and events services to you and contact you in relation to the wedding and events we are providing to you.
Hotel customers: We use this information to provide our hotel services to you, including contacting you in relation to these services (e.g. updating you on check in and check out times and providing you with details of services you may be interested in while staying with us).
Retail/Loyalty Card customers: We use this information to provide you with our retail/loyalty card service, including contacting you with details of your retail/loyalty points and any offers, goods and services that are available to you as a retail/loyalty card customer.
Group Travel clients and members: We use this information to provide you with our group travel services, including contacting you, providing membership services, reminding you of your booking and providing you with details of services you may be interested in.
Why we collect and how long we keep your information
We collect and use your information for a variety of reasons. We need some information to enter into and perform our contract – for example, your contact and payment details.
Some information processing is required by law due to our anti-fraud screening obligations or in the public interest such as making sure we verify our customers' identities.
We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you have any outstanding purchases or an account with us or have interacted with recent offers or recently stayed with us or hosted an event or wedding with us. We will also routinely refresh our information to ensure we keep it up-to-date.
Processing data under Legitimate Interest
As a customer or client of Gretna Green Ltd, under article 6 – Legitimate Interest, we will use any information provided by you, to us, for the purpose of direct, online and any other relevant marketing activities, however; you may opt-out (unsubscribe) or amend your contact preferences with us at any time, by visiting here.
Under Legitimate Interests, we may use your data to contact you regarding similar/related products and services, based on your previous relationship with our company, as set out in ‘How we will use your information’.
Legal requirements
We need to collect certain types of information for compliance with legal requirements relating to our obligations as a registered company and limited company.
Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
Processing Data under Opt-in Consent
If you have previously opted-in or choose to opt-in in the future, the same rights to be forgotten and to amend how you are contacted and the details we hold about you, also apply. In this instance, the information held will be that which was/is entered during the opt-in/subscription process.
Cookies and Tracking
In order to help make your experience on our website as relevant and pleasant as possible, we utilise cookies and tracking tools, such as Google Analytics, to anonymously track your interaction with our websites. This information is then used to help us improve our website, services, products, or for the purpose of benchmarking and user experience. If you would prefer not to be tracked, you can choose do disable cookies in your own web browser. Alternatively, you can access our website through ‘Incognito Mode’ or ‘Private Browsing’; also managed via your own browser settings.
Profiling and Pseudonymisation
In order to improve our products and services, we may use your data for the purpose of profiling and/or pseudonymised (anonymous) benchmarking. Profiling allows us to target our marketing initiatives, so that we only send you products, services and information which we think, or you have selected to be relevant or of interest.
Pseudonymisation, such as anonymous data captured via online tracking services, or collated through data analysis, helps us to understand our customer’s journey and other important insights, to ensure that our business meets both our customer expectations and our company goals.
You can opt-out or amend your profiling preferences at any time, here. To be removed from anonymous internal benchmarking, you will need to contact us using our contact details below, however please see the section - Cookies and Tracking for more information regarding removing yourself from online tracking.
Third Party Websites
While we do not share your data with third-party websites, we do use online email marketing and client relationship management software to power our outward marketing initiatives. These are known as Data Processors. This information is only accessible by qualified Gretna Green Ltd employees and is not accessible to any other companies or persons outside of our group. We will never share your personal information with third parties, without your prior, express permission. An example of this would be a competition with a partner company or third party, where you would also be given the explicit option to consent to sharing your personal information, for the purpose of the specified competition, with the named third-party and/or Gretna Green.
Information we share
Your personal information may be transferred to other third party organisations in certain scenarios:
- If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
- If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
- If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
- If we are defending a legal claim your information may be transferred as required in connection with defending such claim.
Changes and Updates to our privacy policy
In line with our business and legislative changes, our privacy policy will be updated from time to time, as appropriate. This will always be accessible via our website and a printed copy can be requested at the email or postal address above.
Your rights
You may have certain rights in relation to your information including a right to access or to correct the information we hold on you. We've listed the rights you have over your information and how you can use them below.
These rights will only apply in certain circumstances. They will generally not be available if there are outstanding contracts between us, if we required by law to keep the information or if the information is relevant to a legal dispute.
- You can remove consent, where you have provided it, at any time.
- You can ask us to confirm if we are processing your information.
- You can ask for access to your information.
- You can ask to correct your information if it's wrong.
- You can ask us to delete your information.
- You have a right to be forgotten and you can ask that our systems stop using your information.
- You can ask us to restrict how we use your information.
- You can ask us to help you move your information to other companies. To help with that, you have a right to ask that we provide your information in an easily readable format to another company.
- You can ask us to stop using your personal information, but only in certain cases.
- You have the right to complain to the relevant supervisory authority.
Where your data is stored?
All data is stored either on our Gretna Green internal servers or on UK-based cloud hosting services. These services are provided by GDPR compliant third-party data processors, with whom GDPR complaint contracts are in place to secure your data. Access to data at Gretna Green is managed and monitored using password protected logins and recorded, authorised access only.
Transfer of Data outside of the EU
At present, we do not transfer any of our customer data outside of the European Economic Community. Should this change, we will update this policy accordingly and ensure that the correct legislative protections are put in place accordingly.
Contact Details
Registered Address: Gretna Green, Headless Cross, Gretna Green, Gretna, Dumfries and Galloway, DG16 5EA.
If you would like to contact us, please submit any request in writing via email to: [email protected] or alternatively by post to: Data Controller, Gretna Green Ltd, Headless Cross, Gretna Green, Gretna, Dumfries and Galloway, DG16 5EA. If you have any questions or anything in this policy is unclear, please get in touch at [email protected].
Whilst we will always aim to reply and action all requests in a timely manner, responses may take up to 21 days.
Additional Information
- VAT Number: 264 6189 36
- Company Number: SC52082
- You may contact us by e-mail at: [email protected]
- You may phone us on: 01461 338441
Dispute Resolution and Privacy Seals
We have the following privacy seals and/or dispute resolution mechanisms. If you think we have not followed our privacy policy in some way, they can help you resolve your concern.
- Customer Service: Call us on 01461 338441
Additional Information
This policy is valid for 1 day from the time that it is loaded by a client.
Compact Policy Summary
The compact policy which corresponds to this policy is:
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
The following table explains the meaning of each field in the compact policy.
Field | Meaning |
---|---|
CP= | This is the compact policy header; it indicates that what follows is a P3P compact policy. |
NOI | No identifiable information is collected, so no access is possible. |
CURa | The data is used for completion of the current activity. |
ADMa | The data is used for site administration. |
DEVa | The data is used for research and development. |
TAIa | The data is used for tailoring the site. |
OUR | The data is given to ourselves and our agents. |
BUS | Our business practices specify how long the data will be kept. |
IND | The data will be kept indefinitely. |
UNI | Unique identifiers are collected. |
COM | Computer information is collected. |
NAV | Navigation and clickstream data is collected. |
INT | Interactive data is collected. |
The compact policy is sent by the Web server along with the cookies it describes. For more information, see the P3P deployment guide at http://www.w3.org/TR/p3pdeployment.
Policy Evaluation
Microsoft Internet Explorer 6 will evaluate this policy's compact policy whenever it is used with a cookie. The actions IE will take depend on what privacy level the user has selected in their browser (Low, Medium, Medium High, or High; the default is Medium. In addition, IE will examine whether the cookie's policy is considered satisfactory or unsatisfactory, whether the cookie is a session cookie or a persistent cookie, and whether the cookie is used in a first-party or third-party context.