Rock Estates (Cornwall) Limited, trading as John Bray and Partners and John Bray Cornish Holidays
This notice is to help you understand how and why we collect your personal information and what we do with that information. It also explains the decisions that you can make about your own information.
Personal information is information that “the company”, Rock Estates (Cornwall) Limited, trading as John Bray and Partners and John Bray Cornish Holidays, holds about you and which identifies you. This can include information such as your name, age category, contact telephone numbers alternative contact numbers, e-mails and address as well as things that are required under the law for selling property such as identity check information.
This means that the company is using your information when this is necessary for the purpose of fulfilling our contractual obligations to you in the legitimate purpose of carrying out the business purpose. We won't rely on this basis when your interests and fundamental rights override our legitimate interests. Specifically, but not exclusively, these services are:
Providing Self-Catering holidays as an agent for the owner of a property (including sharing your data with the legal contracting parties and contractors who need the information to carry out their legitimate function);
Providing Maintenance services (including instructing and sharing your data with legitimate sub-contractors) for both owners and guests;
Providing Holiday Insurance services (including instructing and sharing your data with the insurer and ITC compliance Ltd which is authorised and regulated by the Financial Conduct Authority – their regulation number is 313486 - for the purposes of monitoring and/or enforcing compliance with any regulatory rules and codes);
Providing Estate Agencies services (including instructing and sharing your data with contracting parties and their professional advisors);
The company might need to use your information in order to comply with a legal obligation. Such as to disclose your information to third parties such as the courts, the local authority or the police (where legally obliged to do so).
In limited circumstances we may use your information to protect your vital interests or the vital interests of someone else (e.g. if you or they are seriously hurt).
Performance of a task carried out in the public interest (or carrying out public tasks)
This applies where what we are doing is for the benefit of people generally. The following are examples of where this applies:
Employment and social protection and social security law and taxation law
There will be times when the company needs to use your information because we are an employer. Also, the company could use your information to comply with social protection law, social security laws and taxation laws. Social protection law is concerned with preventing, managing, and overcoming situations that adversely affect people’s wellbeing.
We are allowed to use your information if this is necessary, in relation to legal claims. For example, this allows us to share information with our legal advisors and insurers. This applies whenever sharing special category data is necessary in relation to legal claims.
This includes medical treatment and the management of healthcare services.
Sometimes we get information from other sources and other professionals, or we may need ourselves to share your information with other sources and other professionals, we will only do this where we need this to carry out our legitimate functions or where we are legally obliged to do so.
In exceptional circumstances, we may use information about criminal convictions or offences. We will only do this where the law allows us to. This will usually be where such processing is necessary to carry out our obligations and to exercise our rights or to look after our employees, sub-contractors and clients.
As you will see from the information above, in some cases we will rely on more than one of the grounds for a particular use of your information. In addition, we may move from one of the legal bases listed above to another as circumstances change.
We may ask for your consent to use your information in certain ways as an alternative to relying on any of the bases already detailed. For example, we may ask for your consent before using a testimonial or taking or using some photographs and videos. If we ask for your consent to use your personal information you can take back this consent at any time. Any use of your information before you withdraw your consent remains valid. Please speak to data protection officer at the company if you would like to withdraw any consent that you have given.
We keep your information for as long as we need in order to carry out our legitimate legal obligations to you. In exceptional circumstances we may keep your information for a longer time than usual, but we would only do so if we had a good reason and only if we are allowed to do so under data protection law.
You are able to make various decisions about your information. Some of these are new rights whilst others build on your existing rights. In precis your rights are as follows:
Rectification: if information the company holds about you is incorrect you can ask us to correct it.
Access: you can also ask what information we hold about you and be provided with a copy. This is commonly known as making a subject access request. This should be made to the data protection officer.
Deletion: you can ask us to delete the information that we hold about you in certain circumstances, for example, where we no longer need the information.
Portability: you can request the transfer of your information to you or to a third party in a format that can be read by computer in certain circumstances.
Restriction: our use of information about you may be restricted to simply storing it in some cases. For example, if you tell us that the information is inaccurate we can only use it for limited purposes while we check its accuracy.
We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our computers, and information access authorisation controls.
The company Data Protection Officer (DPO) is in charge of the company’s data protection compliance. You can contact the DPO in writing; Rock Estates (Cornwall) Limited, Trading as John Bray Cornish Holidays and John Bray & Partners, Pavilion Building, Rock, Cornwall, PL27 6JS; or firstname.lastname@example.org If you consider that we have not acted properly when using your personal information you can contact the Information Commissioner's Office: ico.org.uk. quoting our Registered company name and ICO registration number; ROCK ESTATES (CORNWALL) LIMITED reg. no.; Z9308226
To make full use of our websites your computer, tablet or mobile phone does need to accept “cookies”; as we can only provide you with certain personalised features of our websites by using them. Cookies make the use of our website easier; for example, so you can go backwards and forwards without having to re-enter your search requirements every-time on the holiday or sales websites; we also use them to see how our website is being used so we can improve the site; and to enable traffic monitoring. If you’d prefer to restrict, block or delete cookies from www.johnbraycornishholidays.co.uk or www.johnbray.co.uk or any other website, you can use your browser to do this, although this may affect the quality of your visit. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences. The cookies our site creates can’t harm your computer; they don’t store personally identifiable information (such as credit card details); they are there to help retain search information so you do not have to re-input as you go back and forwards. Information gathered from them help improve your experience of the site. For example, they help us to identify and resolve errors that can sometimes occur on websites. They are not computer programs and cannot read other information saved on your hard drive. They cannot be used to disseminate viruses, or get user’s e-mail addresses etc. We’re giving you this information because we want to be honest and upfront about your privacy when using our website, as part of our initiative to comply with recent EU legislation.