1.0 Our core beliefs regarding user privacy and data protection
- User privacy and data protection are human rights
- We will never sell, rent or otherwise distribute or make public your personal information
2.0 Relevant legislation
Along with our business and internal computer systems, our website’s are designed to comply with the following national and international legislations with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
- Australian Privacy Act 1988 (APA)
This site’s compliance with the above legislation means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well.
3.0 Personal information that this website collects and why we collect it
This website collects and uses personal information for the following reasons:
3.1 Site visitation tracking
3.2 Contact forms and email links
Should you choose to contact us using the contact form on our contact us page or an email link, none of the data that you supply will be passed to / be processed by any of the third party data processors defined. The data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices.
3.3 Email newsletter
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to Mailchimp who provide us with email marketing services. We consider Mailchimp to be a third party data processor. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems. Your email address will remain within the Mailchimp database for as long as we continue to use Mailchimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by emailing email@example.com . When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains within the Mailchimp mailing list, you will receive newsletter-style emails from us.
We share a few testimonials on our website that have been submitted on to Trip Advisor using their widget. Occasionally your testimonial may appear on our website if it has been submitted to Trip Advisor. We consider Trip Advisor to be a third party data processor.
We show a few videos created by production companies and travel companies. These companies would have the responsibility of gaining consent from the people in the videos.
- The Londonist (web link)
We consider YouTube who hosts the videos to be a third party data processor. Fun London Tours will sometimes take photos and videos of our tours. These may be used for marketing purposes on our website, social media, newsletters and through third party advertisers. On such occasions we will ask again for your verbal consent at the start of the tour and will not take your photo or video you if your consent is not given.
3.6 Payment Processors
We take payments online using PayPal or Stripe. We consider these to be third party processors. We do not store any of your bank or payment details. Everything is handled via PayPal & Stripe.
3.7 What data we gather & how we use it
We may collect the following information:
- Name and job title
- Contact information including email address
- Demographic information, such as postcode, preferences and interests on Google Analytics
- Website usage data
- Other information relevant to client enquiries
- Other information pertaining to special offers and surveys
- Market research
Specifically, we may use data:
- For our own internal records.
- To improve the services and products we provide.
- To contact you in response to a specific enquiry.
- To send you promotional emails about services, products, offers and other things we think might be relevant to you.
- To send you promotional mailings or to call you about services, products, offers and other things we think might be relevant to you.
- To invite you to events
- To send you information you have requested about
- To update you with our news or blog stories
- To customise the website for you.
- To promoted specific products to you
- To show you special offers
- To ask you for feedback or to complete surveys
- To contact you via email, telephone or mail for market research reasons.
3.7 Retention Policy
We keep details of bookings and gift voucher purchases made up to one year prior in order to know who is coming on the tours, and to respond to requests to reschedule, refund and amend bookings if necessary
3.8 Right to Erasure
If you would like to retrieve or remove personal information then email us at firstname.lastname@example.org. We will respond within 30 days in accordance with Article 17 of the GDPR’
4.0 How we store your personal information
If you submit a form on this website some personal information will be stored within this website’s database. This is currently the only occasion where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is built with.
5.0 About this website’s server
This website is hosted on servers run within a state-of-the-art data centre located in the United Kingdom.
Some of the more notable security features are as follows:
- The Green Grid industry body, comply with the European Code of Conduct for Datacentre Operators best practice guidelines E
- Externally audited and certified to ISO 9001 (Quality Management), ISO 14001 (Environmental Management) and ISO 27001 (Information Security) standards
- 24×7 security and NOC staff being present, high security perimeter fencing.
- A state-of-the-art IP CCTV system and access control system form part of the comprehensive security arrangements, including man-traps, interlocked doors, and biometric iris scanners.
- High-end fire suppression systems are fitted throughout the entire facility.
- All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
- 2 level firewalls protects our server against attacks and unauthorised access.
Full details of our providers data centre please contact us: email@example.com
6.0 Our third party data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation.
7.0 Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.