1 About this policy
2 About us
We are Millennium Investments Limited trading as The Crane registered at Erin Court, Bishop’s Court Hill, St. Michael Barbados for the purposes of data privacy legislation, we will be a ‘controller’.
3 Contacting us
By post: Crane Resorts, Crane, St. Philip, Barbados, BB 18079
By phone: +1246 423 6220
By email: firstname.lastname@example.org
4. Your rights
You have certain rights in relation to your personal information.
4.1 Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above).
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.
If you want to exercise any of these rights then please contact us using the details at section 3. The various rights are not absolute and each is subject to certain exceptions or qualifications. For example, if you wish to withdraw your consent or object to processing, we may need to discuss with you whether our use of your data needs to continue for other lawful purposes, such as fulfilment of a legal or contractual requirement.
We will respond to your request within thirty (30) days of receipt of your request. In some cases we may not be able to fulfil your request to exercise the right before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request.
4.2 Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.
4.4 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
4.5 Right to complain
If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, please contact us on the contact details contained in section 3.
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to your national supervisory authority.
5. Information we collect
5.1 Information you provide to us
This section details the information we collect about you in the course of your stay at one of our resorts, your use of our website and otherwise in your interaction and correspondence with us and our representatives. We will collect:
- basic personal details including your name and address (and proof of name and address), email address, telephone number, any other contact details you supply, nationality, citizenship, date of birth and family connections;
- financial and payment details;
- passport details or other forms of identification;
- details on your reason for travel;
- records of communications including recordings of phone calls and electronic communications with our staff and meeting notes (see below for more details); and
- certain health and medical information.
5.2 Information we collect from other sources
We will receive information about you from third parties such as tour operators, travel agents and other third party travel companies. We will collect the following information from third parties:
- basic personal details including your name, address, email address, telephone number and other contact details;
- financial and payment details; and
- your flight information
5.3 Information from your use of our website
We collect information about your use of our website and the devices you use. We collect information on:
- how often you access our website;
- your geographic location when you accessed our website;
- the way in which you navigate around it;
- how long you spend on particular pages;
- the operating system, hardware, software versions, browser configuration, display size, browser configuration of the devices you use;
- traffic patterns, visits from other web sites or to third-party web sites linked to the our website, use of particular services; and
- connection information such as IP addresses.
5.4 Security Surveillance
We make use of Security Surveillance at our premises and may retain recordings.
6. How we use the information we collect
6.1 General uses of information
The information which we collect and what we use it for will depend on the nature of our business relationship with you. We use your information:
- to provide you with the accommodation which you have requested and to fulfil our contractual obligations towards you;
- to fulfil our contractual obligations to third parties to whom you have provided your information and through whom you have booked your stay with us;
- for our internal business administration and record keeping purposes;
- to respond to your enquiries submitted through our website;
- to detect, prevent and address technical issues;
- to notify you about changes to our website and/or services;
- to comply with applicable laws, respond to governmental inquires, requests from public authorities, regulatory or law enforcement agencies.
- to comply with valid legal process, protect the rights, privacy, safety or property of Crane Resorts, site visitors, guests, employees or the public;
- to protect our legal or business interests and limit any damages that we may sustain; and
- to respond to an emergency.
6.2 Information for marketing purposes
We use your information to identify products, services and events that we think may be of interest to you.
You have the right to ask us not to send you marketing messages by email, post, telephone or any combination of these at any time. You can also let us know at any time that you wish to change your mind and to start receiving such messages.
You can do this:
- by replying directly to the marketing message;
- in case you wish to withdraw from all marketing communications, you can also unsubscribe from all marketing by clicking the appropriate link in any email you receive from Crane Resorts; or
- at any time by contacting us (see section 3).
Periodically, we will remind you (possibly along with other communications) that you may unsubscribe if you no longer wish to receive communications from us. If you choose to unsubscribe, we will cease to send you such communications as mentioned above.
7 Our bases for collecting and using the information
- the use of personal information in this way is necessary for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;
- we have legal obligations that we have to discharge;
- the use of your personal information is necessary for our legitimate interests in:
-- ensuring the quality of the products and services we provide to you;
-- collecting information for marketing purposes;
-- communicating with you;
-- the physical security of our premises (with regard to Security Surveillance); and
-- statistical analysis;
- you have consented to such use; and/or
- to establish, exercise or defend our legal rights for the purposes of legal proceedings.
We process your sensitive and special categories of information, which for a stay at one of our resorts would most likely include information concerning:
- food or other allergies;
- physical medical conditions which may affect your stay; or
- religious considerations you would like Crane Resorts to take into account during your stay with us.
Special categories of information may also include other data concerning your health, personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or data concerning sexual orientation. We will process such personal information where we have asked for your explicit consent, there is a need to process to protect your health or wellbeing, or otherwise where this is necessary for the establishment, exercise or defence of legal claims.
In the case that you have obviously made information public (e.g. on social media) we will process sensitive/special categories of information for the purposes of carrying out our legal obligations.
If provision of your personal information is a legal or contractual requirement or a requirement necessary to enter into a contract with us, and you choose not to provide it, we may not be able to perform some of the tasks we need to in order to provide certain products or services to you.
If you do choose to provide your consent, you can withdraw it at any time by contacting us (see section 3).
8 Sharing your information
Where necessary, we disclose your personal data to third parties that are specifically engaged by us to provide services to us, in which case we will require those parties to keep that information confidential and secure and to use it solely for the purpose of providing the specified services to us. The following is a list of the types of third parties who process your personal information on our behalf:
- Website and IT providers and suppliers;
- Third party API technology providers
- Digital Media partners
- Loyalty and rewards programme providers;
- Customer Relationship Management (CRM) provider
- we may share information with the following entities which we have appointed to process data on our behalf in order to allow us to provide products or services that you have requested:
- we may provide your information to third parties engaged by us to provide services to us:
-- professional advisers, including accountants, auditors, compliance consultants, legal advisers and tax advisers;
-- fraud prevention agencies;
-- courier companies;
-- insurance brokers.
- we may disclose to law enforcement agencies and regulators, government departments or competent authorities of the UK or of other countries any personal data (including tax status, identity or residency or other personal and payment information, documents or self-certifications) where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect our rights, property, or safety, or that of our customers or others. Such disclosure may be made directly to such regulators or competent authorities or made indirectly to our advisers or providers who will make such filings or disclosures on our behalf;
- If we are under a duty to disclose or share your information with tax authorities, who may transfer it to the government or the tax authorities in another country where you may be subject to tax. Such disclosure may be made directly to such regulators or competent authorities or made indirectly to our advisers or providers who will make such filings or disclosures on our behalf; and
- if you have consented to any disclosure to a third party.
9 Where we store your information
We transfer, use and store your personal information outside of the European Economic Area (“EEA”) and the laws of some of these destination countries may not offer the same standard of protection for personal information as countries within the EEA. It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers (for example, those who supply support services to us).
We currently transfer data to the following countries outside of the EEA:
- United States of America
10 Keeping your information
We will keep your information only for as long as necessary depending on the purpose for which it was provided. Details of retention periods for different aspects of your personal information are available in our retention policy, which you can request by contacting us (see section 3).
When determining the relevant retention periods, we will take into account factors including:
- our contractual and business relationships with you;
- legal obligations under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- (potential) disputes; and
- guidelines issued by relevant supervisory authorities.
We acknowledge that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with our normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal information against loss and to guard against access by unauthorised persons.
In addition, those employees, agents, contractors and other third parties who process your personal information will only do so on our instructions and they will be subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information [for example by encrypting our outgoing email communications,] we cannot guarantee the security of your data [transmitted to our website]. Any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
12 Links to other websites
Links on our website may take you to third party sites over which we have no control. While such links are provided for your convenience, you should be aware that the information handling practices of the linked websites might not be the same as ours. You should review any privacy notices on those linked websites. We are not responsible for any linked websites.
What is a cookie?
Cookies are small data files that many internet sites automatically download to a user’s computer, phone or tablet’s hard disk. They are primarily used to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of a website, improve the functionality of a website and to compile statistical reports on website activity.
What cookies will our websites use and for what purpose?
- Single session cookies. These enable our websites to keep track of your movement from page to page in order to ensure that you will not be asked for the same information you have previously given during your visit to the website. These cookies allow you to proceed through the website quickly and easily without having to authenticate or reprocess each new area you visit. We may use such cookies to analyse user behaviour, such as which pages have been visited during the session, in order to improve your overall experience, for example by enabling us to determine and display more relevant content.
- Persistent cookies. These cookies enable us to collect information such as the number of visitors to the website and the pages visited (in aggregate) in order to analyse user behaviour. This information is collected in an anonymous form and will be collated with similar information received from other users to enable us to compile reports in order to develop and improve user experience by displaying more tailored and relevant content.
This data is collected primarily for monitoring the usage and performance of our websites. We may use your IP address and track browser types to build a profile of our users.
Further information about cookies
For further information about cookies visit www.aboutcookies.org or www.youronlinechoices.eu. You can set your web browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, some of our website features may not function as a result. The way in which you adjust your browser security setting varies from browser to browser.
15 Children’s Privacy and Parental Consent
Please be aware that Crane Resorts has designed this website to be used for information only purposes by all ages. However, as with any website parental consent is encouraged.
You must be at least 18 years old to make reservations and/or submit personal information on our website.
Should Crane Resorts become aware that we received personal data from children without verification of parental consent, we take secure steps to remove that information from our servers. Crane Resorts will not knowingly provide this data to any third party for any purpose whatsoever, and any subsequent disclosure would be due to the fact the user under 18 used the website and submitted personal information without solicitation by or permission from Crane Resorts.