Last Updated: 29th August 2021
Purpose of Notice
Our privacy practices are in line with requirements set out in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
In order to provide you with the best service and experiences, our services are constantly evolving. We may change this notice from time to time so please check this page to ensure that you’re happy with any changes. By using our website, you are agreeing to be bound by this policy.
Any questions regarding this notice and our privacy practices should be sent by email to: firstname.lastname@example.org
Scope of Notice
This notice provides information for those who interact with any part of our organisation. The policies explained in this notice apply to all external data subjects.
If you have any questions about how we collect, store or use personal data that we hold about you, please contact us at Fundu Lagoon, P.O.Box 3945, Zanzibar or via email at email@example.com
This notice relates to personal data or information that we may collect about you, defined as any information from which a person can be identified. It does not include data where the identity has been removed.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our web site we encourage you to read the privacy policies of every website you visit.
When and how do we obtain information from you?
We obtain personal data and information about you when you use our website, book or buy from us, or contact us in any way (email, social media, calls, mail). Examples of when we collect data are when you:
- use the Fundu Lagoon website (including collecting data on your browsing habits)
- register for or use any of our services
- book and pay for our services
- subscribe to our newsletters or other publications
- contact us with feedback or via social media
- communicate with us by telephone, email or otherwise
- complete any survey that we send you, for example if we ask for feedback
What type of data do we process?
We take a variety of different data sets for a number of reasons. Here we explain what type of data we collect:
- personal details such as your name, address, email and telephone number and other personal information as required to reserve and confirm bookings at Fundu Lagoon.
- information you provide to us when accessing our services using your social media account.
- financial and payment information.
- details relating to your transaction history with us.
Some of the data we may collect from you may be due to your interaction with our website, this includes:
- technical information: such as your time zone setting, the Internet Protocol (IP) address used to connect your computer to the Internet, your computer or mobile device and connection information such as your browser type and version and your operating system and platform.
- information about your visit and traffic pattern: such as the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), frequency, duration and usage of on-line services, page response times, download errors, length of visits to certain pages, page interaction information and methods used to browse away from the page.
- email addresses and phone numbers used when you contact our customer service number or our reservations number.
- your preferences regarding communications and receipt of marketing.
We may also collect information from third parties, or combine your information with information lawfully obtained from third parties such as technical, payment and delivery service providers, advertising networks, social media platforms, analytics service providers and search information providers.
We also collect non-personal information or may anonymise personal information in order to make it non-personal. Non-personal information is information that does not allow a specific individual to be identified.
How do we use your data?
We will only use your personal data when the information we collect enables us to fulfil your requests and manage your contact with us and when the law allows us to, most commonly in the following circumstances:
- To deliver services, process payments and carry out any other obligations arising from any contracts entered into between you and us.
- Where we need to service your travel enquiry or booking, or to see if there was a problem with your use of website and on-line services.
- Where we need to comply with a legal obligation.
- Administering and protecting our business and website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.
- To deliver marketing communications if you have previously opted in to receiving them from us.
- We may use your personal data to personalise and tailor your experience by using your previous communications with Fundu Lagoon staff and providers to tailor recommendations and special offers relating to services that we think may be of interest to you. If you do not want us to profile and process your information in this way, please contact our Data Privacy Manager (see Scope of Notice, page one of this policy).
- To prevent fraudulent transactions or other illegal activities.
- To maintain our business records.
Any of these functions may be carried out by us or by our appointed third parties who must process any personal information in accordance with this Privacy Notice.
Who we share your information with:
We will not sell or rent your personal information to any third party without your express consent unless we are required to do so by law.
In order to ensure that we offer the best service and can carry out the functions more particularly described within the How We Use Information section above, it may be necessary for us to share the information we collect (which may include your personal data) with carefully selected and trusted business partners, suppliers and sub-contractors for the fulfilment of any contract we enter into with them and with you.
Examples of how and where we may share your information include:
- your name, delivery address, email and phone number may be shared with courier companies in case they need to contact you in relation to any delivery you have requested that we make on your behalf.
- your identity, billing address and payment card information will be shared with our bookings and payment processors so that payment for a booking can be collected.
- your identity and payment card information may be shared with our payment processors to conduct security checks if required to do so. This is so that they can check your card is not being used without consent.
- technical and other service providers who help us provide and deliver our online services may collect data in order to provide their services.
- analytics and search engine providers that assist us in the improvement and optimisation of the website and our services may collect data.
- As required, we share data with public authorities such as customs and immigration, security and or credit checking companies, credit and debit card companies and government and enforcement agencies if required by them in order for us to fulfil your booking or as required to do so by law.
- Service providers acting as processors based both inside and outside the EU who provide marketing services, data management or data analytics services.
Where we share financial details, these will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet.
In the event that we sell or buy any business or assets, it may become necessary to disclose your personal data to the prospective seller or buyer of such transactions. Your information may also be transferred to another company in the event of sale of the whole or part of our business to a third party.
In certain circumstances we may be obliged to disclose personal information relating to you to third parties, for example, in order to conform to any requirements of law or to comply with any legal process, to prevent and detect fraud and to protect and defend our rights and property.
More about how we communicate with you:
Where you have opted in to receive marketing communications from us, we will process your personal data to provide you with marketing communications in line with the preferences you have provided. In line with data protection laws we may process your personal data for marketing purposes, which can involve legitimate interest or consent. The Data Protection Act 2018 (DPA 2018) allows us to use the information you have provided when booking through Fundu Lagoon to send marketing communications to provide you with an enhanced customer experience.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time (see contact details in Scope of Notice, page one of this policy).
What are your rights and how can you control the data we hold on you?
The accuracy of your information is important to us. If you change email address, or are aware that any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org
You have the right to ask for a copy of any non-business personal information Fundu Lagoon may hold about you. This is often called a Subject Access Request. You can do this by contacting us at: email@example.com
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Manager by emailing: firstname.lastname@example.org and we will investigate.
If you are not satisfied with our response or continue to believe we are processing your personal data incorrectly, you can complain to the Information Commissioner’s Office (ICO). Information Commissioner’s Office (ICO) contact phone number 0303123 1113, or email email@example.com, Website address is https://ico.org.uk/
The Right to Erasure (The right to be forgotten):
In a similar way to how you can object to our processing your data, you have the right in some instances to have us destroy all the data we hold on you.
We maintain and follow a retention policy and your data will not be held for longer than the defined retention period without good reason.
Should you wish us to remove our records of your data prior to the end of our defined retention period, please contact: firstname.lastname@example.org
Should you wish us to continue to hold your information beyond any likely retention period, please contact: email@example.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data, or to exercise any of your other rights. This is a security measure.
We try to respond to all legitimate requests within one month.
Keeping your information safe
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as bank, credit or debit card details) will always be entered on a secured page and transferred using SSL, a cryptographic protocol designed to provide communication security over the Internet. When you are on a secure page, a lock icon will appear on the web browser.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
We will only retain your personal data for as long as reasonably needed in order to fulfil the purposes we collected it for.
International security and transferring your information outside of the European Union
We operate internationally and may need to transfer your personal information outside the UK and EU to a country which may not have equivalent protections for your data as your country of residence.
By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. Or, for example, where your data is processed by staff operating outside the EU who work for us or for one of our suppliers.
If we transfer your data outside of the EU, we will wherever possible take steps to ensure that a similar degree of protection is afforded to it.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
By submitting your personal data, you are agreeing to this transfer, storing or processing of your data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. Note however than no system is 100% secure or error-free and therefore we do not, and cannot, guarantee the security or accuracy of information that is gathered by us and our contracted third-party partners.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any appropriate regulator of a breach where we are legally required to do so.