Privacy Policy

SuperControl, a company registered in Scotland with the company number SC249531 and with its registered office at 4 Market Street, Castle Douglas, Dumfries And Galloway, DG7 1BE, (“SuperControl”)  strives to protect the privacy of all personally identifiable information collected during the course of our activities and it is important for you to know how we process your data.  We will process your personal information under the terms of this policy and in accordance with any agreement with you.

We strive to protect the privacy of all personally identifiable information collected during the course of our activities and it is important for you to know how we process your data.  We will process your personal information under the terms of this policy and in accordance with any agreement with you.

We are a “data controller” in terms under data protection laws (including the UK Data Protection Act 2018 including the UK GDPR and, if applicable, the EU General Data Protection Regulation 2016  (“Data Protection Laws”).

We need to process personal data relating to our clients (property owners), our suppliers and potential clients and also from people leaving reviews on our UpFront Reviews service (see www.upfrontreviews.com) in order to function effectively as a business, to ensure good governance, for audit purposes and to enable us to meet our legal obligations.

Personal data is processed for commercial, administrative, statutory and marketing/promotion purposes. All such personal data is collected and held in accordance with all applicable Data Protection Laws.

SuperControl will process personal data on behalf of other data controllers in its capacity as a data processor. When SuperControl processes personal data is this capacity it will be set out in a written contract with the relevant data controller and such data controller’s Privacy Notice would apply as opposed to this Privacy & Fair Processing Notice.

What personal information will SuperControl use?

This list includes all the ways we may use your personal information, and which of the reasons we rely on to do so. This is where we tell you what our legitimate interests are.

Personal information we may process from Clients (property owners)

  • Name
  • Contact details
  • Order history
  • Financial details

Our Reasons for Processing

  • Fulfilling contracts
  • Consent

Our Legitimate Interests

  • To operate and promote our business
  • For our Group companies to perform statistical, business and market analysis and to operate the businesses of the members of our Group by understanding our client-base and our market.
  • For our Group companies to send marketing information to our clients but only where permitted to do so in compliance with any applicable laws relating to marketing.
  • For us to send your or your relevant employees’ name and contact details to Booking Protect Limited to enable them to enrol you in their XCover Program and to facilitate them making XCover Refund Guarantees available to your Guests, provided that you have not, by prior written notice, opted out of being enrolled on the XCover Program.

Personal information we may process from Suppliers

  • Contact details
  • Financial details
  • IP addresses

Our Reasons for Processing

  • Fulfilling contracts

Our Legitimate Interests

  • Administering our business
  • To keep in contact with suppliers

Personal information we may process from Potential clients

  • Name
  • Contact details

Our Reasons for Processing

  • Fulfilling contracts
  • Consent

Our Legitimate Interests

  • To send marketing information to potential clients in compliance with any applicable laws relating to marketing

Since SuperControl’s clients are often companies, the personal data of the contacts at such companies will be processed under the legitimate interests of SuperControl, rather than by contracts with the individual data subjects.

Personal information we may process from people submitting reviews on our UpFront Reviews service

  • Name
  • Contact details
  • Details of visit (when stated, booking details etc)
  • Experience of visit to a particular property booked through SuperControl

Our Reasons for Processing

  • Consent – to hold initial contact details to send Questionnaire (collected by Client property owner from reviewer directly)
  • Legitimate interests – to process personal date relating to the reviewer and the review once submitted; and to manage any complaint in accordance with the procedures set out in our UpFront Reveiws Terms & Conditions.
  • Our Legitimate Interests
  • Documenting a person’s review of a property booked through our SuperControl.
  • Dealing with any complaint in relation to the review in accordance with the procedures set out in our UpFront Reviews Terms & Conditions.

 

Where do we obtain your information?

In most cases we will obtain this information from you directly.

Processing Conditions

We process the personal data referred to above for the purposes of any contract or potential contract with our clients (property owners), our suppliers and potential clients; or for our legitimate interests in order to function effectively as a business, to ensure good governance, for audit purposes, to perform our business activities; and to enable us to meet our legal obligations that we may be subject to.

Who do we share your information with?

The information you provide to us may be accessed by our staff, other companies in our Group, our auditors, our professional advisors and carefully selected third parties in the course of providing services to us under suitable obligations of confidentiality.

We may also use information in aggregate, where personally identifiable information is removed, for marketing and strategic development to improve and support our activities.

Security

We employ administrative, electronic, digital and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.

Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to us and any transmission is at your own risk.

The period for which the personal data will be processed

We will retain personal data securely and only in line with how long it is necessary to keep for the purposes or for a legitimate and lawful reason.

Our typical retention periods are as follows:

Personal Data Held Within:

  • Supplier contracts and documentation
  • Client contracts and documentation
  • Names and emails addresses of clients and potential clients used by the sales team

Retention Period:

  • 7 years from the last transaction or communication date

Some personal data may be retained for longer where it is in our legitimate interest to do so, such as to protect and defend our legal rights; or for research, archiving or statistical purposes.  Individuals can request that other information relating to them be erased and we will deal with such requests in accordance with the law.

Transfers outside the United Kingdom

We, or carefully selected third parties that we contract with, may send personal data to countries outside the United Kingdom (“UK”). If and when this occurs, there will be protections in place to ensure the recipient protects the data to the same standard as the UK. The protections include:

  • transferring to a country with privacy laws that give the same or similar protection as the UK (such as countries in the EEA).
  • putting in place a contract with the recipient that means they must protect personal data to the same standards as the UK.
  • an appropriate adequacy finding, data sharing framework or “data bridge” is available to permit the lawful transfer of such personal data.

Data subject’s rights

As an individual, you have the following rights as a data subject under applicable Data Protection Laws in relation to the processing of your personal data:

  • The right to request from us access to information held about you – (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • The right to request that inaccurate data held about you is rectified – this enables you to have any incomplete or inaccurate information we hold about you corrected.
  • The right to request the erasure of personal data – this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • The right to restriction of processing – this enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • The right to object to processing – objection to processing of your personal information can occur where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes; and
  • The right to data portability.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Privacy Manager, Robert Kennedy, in writing.

Where we process your personal data based upon your consent, you have the right to withdraw your consent at any time.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Privacy Manager.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

For more information and guidance about any of these rights please go to the website of the Information Commissioner’s Office at https://ico.org.uk/

Complaints

If you think there is an issue in the way in which we handle your personal data, you have a right to raise a complaint with the Information Commissioner’s Office. Their website contains details of how to make a complaint.

Changes to this Privacy & Fair Processing Notice

We keep our Privacy & Fair Processing Notice under regular review and reserve the right to update and amend it.  This notice was last updated on 16 January 2024.

Further information

For further information about the proposed data sharing set out in this notice, or about any aspect of SuperControl and the processing of your personal data, please contact our Data Privacy Manager:

Robert Kennedy
Data Privacy Manager
SuperControl Ltd
4 Market Street
Castle Douglas
DG7 1BE
Scotland