Privacy Policy

BLACK BOOK VILLAS LTD.

PRIVACY POLICY

UPDATED AND REVISED AS OF MAY 24, 2018

This Privacy Policy explains in detail the types of personal information we may collect about you when you interact with us. It also explains how we will store and handle that data, and keep it safe. This Private Policy aims at helping you understand the handling of your information while you are visiting our websites, our applications and as a subscriber of our mailing lists. We also explain our approach to achieving compliance with the new EU General Data Protection Regulation (“GDPR”), both for Black Book Villas Ltd. and for you.

We know that there is a lot of information here, but we want you to be fully informed about your rights, and how Black Book Villas Ltd. uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us. We may change this policy from time to time. Please check back for updates so you are always fully aware of what information is collected and how it is used.

This Privacy Policy governs each website, mobile site, application, and/or other service, regardless of how distributed, transmitted, or published, (each, a “Service”) by Black Book Villas Ltd. and any of its subsidiaries or affiliates (“we,” “us,” or “our”) that links to this Privacy Policy, which is binding on all those who access, visit or use our services, whether acting as an individual or on behalf of an entity (collectively, “you” or “your”).

We appreciate the importance of your personal privacy.

1. WHO WE ARE

Black Book Vilas Ltd. is a privately-owned company specialising in luxury tailor-made holidays in private residences, yachts and hotels around the world, incorporated under the laws of England and Wales, with company registration number 8242068 and VAT registration number GB-177134892.

Any personal information provided to or gathered by us is controlled by Black Book Vilas Ltd., with registered address in 39 Long Acre; London WC2E 9LG; United Kingdom.

For simplicity throughout this notice, “we”, “us” or “ours” means Black Book Villas Ltd.

2. THE LEGAL BASIS OF US COLLECTING INFORMATION

Personal information is information about you that is personally identifiable like your name, address, email address, or phone number, that is not otherwise publicly available. The regulation on data protection sets out a number of different reasons for which a company may collect and process your personal information, including:

  • Consent: In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters.
  • Contractual Obligations: In certain circumstances, we need your personal information to comply with our contractual obligations. For example, if you book a tailor-made holiday through us, we will collect your identification or passport details and provide them to the suppliers of services that you use.
  • Legal Compliance: If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting Black Book Villas Ltd. to law enforcement agencies or we can pass on your details to owners in order to comply with local guest reporting regulations.
  • Legitimate interest: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your custom history with us to send you or make available personalised offers.

3. WHEN DO WE COLLECT YOUR PERSONAL INFORMATION?

The information we collect about you will depend on how you interact with us and what services you arrange with us. Depending on the circumstances, we collect information in any of the following ways:

  • When you visit any of our websites
  • When you enquire or search for a holiday on our website
  • When you are registered as a property owner, property manager, supplier partner or agency partner in our system
  • When you download or install one of our apps
  • When you contact us at our office or via social media, post or email
  • When you apply for a job with us by email or through online and offline recruiting services
  • When you request a brochure, sign up to receive email updates, or participate in any of our competitions, promotions (for example via any social media channels, email or our website), surveys or market research
  • When you make a complaint via a third party (such as another travel agent)
  • When you attend any events that we host
  • When you attend our offices which usually have CCTV systems operated for the security of both clients and employees. These systems may record your image during your visit.

4. WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?

In the instances (and analogous ones) indicated in the next section, we ask for and collect information such as, but not limited to; your name, contact details, company, job title, country, postcode, and sector. In some cases, we may also ask for your address and additional information about you or your business, such as, but not limited to company registration number, VAT registration number, registered address, staff member details, credit card information, and financial information.

The type of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we collect any of the following:

  • Details about you: Name, address, email address, company, job title, telephone number, date of birth, your accommodation preferences, payment details, your reasons for travel (such as for a wedding, birthday or anniversary), meal and other travel preferences or dietary requirements and, if necessary, information about your health to the extent that is relevant to your holiday itinerary or to provide you with special assistance.
  • Identification documents: If you are travelling to a country that requires reporting of guests staying in a holiday accommodation, a copy of your passport or identity card, your passport or identity card details including your passport number, the country in which your passport was issued and the expiry date.
  • Details about the services you arrange with us: Your travel details, including your travel itinerary, where you are flying from and to, your booking information, any onward travel details if relevant, details of experiences or excursions booked through us, your baggage and transportation requirements, meal preferences or requirements, details of any special assistance you might need from us and any other information relevant to enable us to provide you with the services that you have arranged with us or through us.
  • Your interactions with us: Information about your interactions or conversations with us, our professional advisors and our employees, including when you make enquiries, comments, complaints or submit feedback to us, via our website, email or verbally via our experts.
  • Your use of our systems and services: Details of the way in which you use our website, app and social media pages (please see section “11. OUR SITE, APP AND COOKIES” below for further details).
  • Job applications: If you apply for a job with us, your CV, work history, educational details and the role you are applying for.

5. HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT ABOUT YOU?

We will use your personal information for a variety of different purposes, some of which will depend on the services that you engage us for. This includes:

  • To manage your booking: We will use your information to provide you with any services that you request or purchase from us. This includes booking your accommodation, arranging an excursion, transportation or car hire, and issuing you with your vouchers (on the basis of performing our contract with you), and providing you with any special assistance (where you provide your consent).
  • To send you service communications and support services: We will use your information to send you any communications relevant to the services you have requested or purchased from us. This includes sending you an email to notify you of changes to your holiday arrangements or providing you with a voucher, ticket or e-ticket. We will also provide you with customer service and support, deal with your enquiries, scheduling changes, complaints, comments or observations shared with us (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with customer service).
  • To send you marketing communications: We will use your information to keep you up to date with the latest news, events, offers, sales, promotions and competitions that we think might be of interest or relevant to you (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so) (please see section “10. MARKETING” below for more information).
  • To personalise your customer experience: We use your information to provide you with a more personalised service. For example, tailoring the communications that we send to you with your preferred destinations, serving you only with advertising that we think you might like or enhancing your holiday experience (on the basis of our legitimate interests to present you with the right kinds of products and services).
  • To improve our customer service: We may record calls to our office or monitor calls for the purposes of improving our customer service, ensure quality assurance, training, security and for general business purposes (on the basis of our legitimate interest in improving our customer service).
  • To process your job applications: We will use your information to process any job applications that you submit to us, whether directly or via an agent or recruiter (speculatively or in response to any recruitment ad) (on the basis of our legitimate interest to recruit new employees or contractors).
  • To process your interest in becoming part of our system of property owners, property managers, concierges, household staff or service suppliers: (on the basis of our legitimate interest to enhance our product offerings and services offered to our clients)
  • To optimise our websites and app: If you use our website or app, we will use your information to ensure that the content from our websites is presented in an effective manner for you and your device, to provide you with access to our site and app in a manner that is effective, convenient and optimal, and to provide you with content that is relevant to you, using site analytics and research and in certain circumstances combining that with other information we know about you (on the basis of our legitimate interests to operate and present an effective and convenient website to our website users).
  • To ensure security and protect our business interests: In certain circumstances, we use your information to ensure the security of our services, buildings, and our employees, including to protect against, investigate and deter fraud and unauthorised or illegal activities, as well as systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
  • To conduct research: We use your information to carry out research about general engagement with our services and systems, or if you choose to participate in customer surveys, consumer focus groups and research (on the basis of our legitimate interests to improve our products, services and customer service).
  • To comply with our legal obligations: In certain circumstances, we will need to use your information to comply with our legal obligations, for example, to comply holiday accommodation reporting regulations or with any court orders or regulatory supervisors requests (on the basis of our legitimate interests to comply with a legal obligation).

6. WHO DO WE SHARE YOUR INFORMATION WITH?

We do not rent, sell, or share personal information about you with other people or non-affiliated companies except to provide products or services that you have requested, when we have your permission, or under the following circumstances:

  • Third party suppliers that we work with to fulfil your booking: We may share your information with third party suppliers that provide us with services in connection with the provision of our services to you. This includes, for example, hotels, transport companies, excursion providers, airport authorities, insurance companies, car hire companies, ground handling agencies and postal companies, such as Royal Mail, to send out your itineraries. We share your personal information with them under confidentiality and similar agreements prohibiting such parties’ further use of the information. These companies or professionals may use your personal information to help us communicate with you about products, services and offers that we consider might be of interest to you. However, these companies do not have any independent right to use or share this information.
  • Other third-party suppliers that we work with in connection with our business: We share your information with third party suppliers that provide us with services in connection with our business and the provision of our services to you. This includes for example: marketing agencies that run our marketing campaigns, IT developers, service providers and hosting providers, third parties that manage promotions or competitions that we may run, third-party software companies that provide us with applications on a white label basis (for example, a product produced by one company and sold by another company under their brand), advertising providers and networks, ground agents, site analytics providers, medical service providers and credit card screening companies.
  • Government authorities and property owners: Some destinations require holiday accommodation operators and property owners to provide “Guest Information” about you to the government authorities of the country of your travel destination. Guest Information comprises the basic information contained in your identification card or passport and, in certain countries, electronic or printed copies of your identification card or passport.
  • Third parties for marketing: We share your information with selected third parties when you consent to us sharing your information for marketing purposes. For example, when you enter a competition you would need to give consent to receiving marketing from the prize supplier (e.g. property owner, hotel, airline) if that is a third party. We may occasionally conduct subscriber surveys to better target our content to our audiences. The aggregated information collected is sometimes shared with our advertisers, however, we do not share specific individual information with third parties.
  • Courts, regulatory bodies or advisors: We share your information with other third parties (including legal services, accountants or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

Where we do share your information with third parties, we will require them to maintain appropriate security to protect your information from unauthorised access or processing, unless we have no ability to do so (for example, where we are sharing information with border agencies or enforcement authorities).

If you have been referred to us from another site or by any other third party, the information that you provide to them will also be governed by their privacy policy, which we recommend you to read.

If you provide any financial information, we use that information primarily to trade our services with you as a client and this information will not be shared with any third-party organization except with your express consent.

7. WHERE YOUR PERSONAL INFORMATION MAY BE PROCESSED

Due to the nature of our business, sometimes we will need to share your personal information with third parties and suppliers outside the European Economic Area (EEA). Countries outside of the EEA protect information differently, and so where we do transfer your information to suppliers based outside of the EEA, we will take all steps necessary to ensure that it is adequately protected and used in accordance with this Privacy Policy.

8. HOW LONG DO WE KEEP YOUR INFORMATION FOR?

We keep your information for as long as is reasonably necessary to enable us to provide you with the services that you have requested from us, to comply with any legal obligations that require us to keep information, or for as long as we reasonably require for our legitimate interests, including for example for the purposes of exercising our legal rights or defending ourselves against claims.

9. WHAT ARE YOUR RIGHTS?

You have the right to request the following:

  • Access to the personal information we hold about you, free of charge in most cases.
  • That we correct your personal information when incorrect, out of date or incomplete.
  • That we stop using your personal information for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal information after you withdraw that consent.

10. MARKETING

Registration is not required in order to visit and use our, or our subsidiaries, websites. However, we may provide commenting features, submission forms, etc. to its users and you may be required to register in order to use such features. If you do register, and in the process provide us with personal information, no information will be shared with any third-party organization except with your expressed consent. If you post comments on the website, any personal information you provide in those comments or articles will be public. As such, we are not responsible for personal information that you may choose to share through these channels.

We will keep you up to date with periodical and occasional newsletters with our latest news, company updates, offers, partnerships, promotions and competitions that we think might be of interest or relevant to you if you have indicated that you are happy to receive marketing communications from us – that is, if you have:

  • Purchased services such as a holiday from us and have not told us that you do not want to hear from us.
  • Signed up to receive marketing communications from us and have not later told us that you do not want to hear from us.

We have numerous products and services and therefore numerous email and promotion lists. In an effort to allow you to tailor your participation in our services and promotions, we provide you with the ability to choose specific lists or products of interest and opt-out options are product and use or list-specific. All email promotions sent by us provide an ‘update your email preferences’ link at the bottom of the email pursuant to which you can choose to opt-out of specific products and promotions.

If you no longer want to hear from us, you can opt out of or unsubscribe from receiving any, or all, of these communications by:

  • Clicking the “unsubscribe” link contained in any marketing communications that you receive from us
  • Replying to any email stating that you would like to be removed from our list
  • Sending us an email to marketing@blackbookvillas.com indicating that you would like to be removed from our list

11. TRANSPARENCY AND CHOICE

People have different privacy concerns. Our aim is to be as clear as possible about what personal information we collect so that you can make your own choices about how we use it. For example:

  • Wherever it is optional to collect additional information about you, we transparently inform you about what information we need, why we ask for it and we require your consent to process such information. When you change your mind, there is always a convenient way how to let us know.
  • When visiting our websites, you may be given the opportunity to choose whether you accept our cookie settings and therefore decide whether you agree to be on our radar when it comes to ads or behaviour analytics or not.

12. OUR SITE, APP AND COOKIES

As you may already know, most sites and apps collect certain information automatically in log files about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), browser type, referral source, length of visit to the site or app, number of page views, page visits, the search queries you make, and similar information.

This information will be collected by us or by a third-party site analytics service provider, such as Google Analytics, and will be collected using cookies.

As we’ve described above, we use this information to save your settings, to help improve our functionality and services, run diagnostics, analyse trends, track visitor movements, gather broad demographic information and personalise our services.

Cookies are small amounts of information in the form of text files that we store on the device you use to access our site or our marketing communications. Cookies allow us to monitor your use of our services and improve them. For example, a temporary cookie is also used to keep track of your browsing “session”.

We also use cookies for site analytics purposes and to monitor how customers interact with and receive our marketing communications (for example if you open the marketing communication or click on any of our offers). We use this information to try to improve the relevance and tone of our future communications to ensure we are serving you as best as we can.

If you do not want cookies to be installed on your device, you can change the settings on your browser or device to reject cookies or to notify you when a cookie is being sent. For more information about how to reject cookies using your Internet browser settings, please consult the “Help” section of your Internet browser or visit http://www.aboutcookies.org. Please note that if you do set your Internet browser to reject cookies, your experience at our website or app may be impaired and some features or functions of the site or app may not work as intended or you may not be able to access them.

Pixel tags are tiny graphic images that tell us what parts of the website have been visited or measure the effectiveness of searches users perform on the website. We may also use pixel tags in email messages to tell us whether emails have been opened to assure that we are only sending messages that are of interest to our subscribers.

13. EXTERNAL LINKS

Our website may contain links to other websites that are not controlled by us. We are not responsible for the privacy practices and policies of any website other than our own. If you use the hyperlinks then you will be leaving the website. Your access and use of other websites will not be governed by this Privacy Policy statement and it is your responsibility to check the other websites and the privacy policies that may govern those sites to ascertain how your information and data will be treated if you access and use them.

14. SECURING YOUR PERSONAL INFORMATION

We follow accepted industry standards to protect personal information you have provided.

We work hard to protect us and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of the personal information that we hold.

In particular

  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
  • We restrict access to personal information to those of our staff, and third parties who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

However, no method of electronic storage can ever be 100% secure. Therefore, we are not in a position to guarantee the absolute security of your information.

15. HOW WE TRANSFER AND STORE YOUR PERSONAL INFORMATION

We are based in the United Kingdom of Great Britain. Your data will be processed in the United Kingdom, Greece (where our back-office systems are hosted), and the United States of America (where our websites, our email mailboxes, and our third-party mailing systems are hosted). In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.

We store personal information on secure servers that are managed by us and our service providers. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication where available, and data encryption where appropriate.

16. UPDATING OR CHANGING YOUR PERSONAL INFORMATION

You may update your personal information or change your preferences at any time by contacting us on marketing@blackbookvillas.com.

17. ONGOING CHANGES TO THIS PRIVACY POLICY

We reserve the right, at any time and without notice, to add to, change, update or modify this Privacy Policy, simply by posting such change, update or modification on our website. Any such change, update or modification will be effective immediately upon posting on the website. Users will be informed of changes to this Privacy Policy via the “updated as of” notice on this Policy.

18. OUR COMMITMENT

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services or our website, then you can be assured that it will only be used in accordance with this Privacy Policy.

The GDPR is the most comprehensive European Union data privacy law in decades and will come into effect on May 25, 2018. As well as strengthening and unifying user data privacy across the European Union, it also puts new or additional obligations upon anyone that handles European Union citizens’ personal information, regardless of where they are located.

Below, we’ll explain our approach to achieving GDPR-compliance, both for ourselves and for our users, customers, and partners.

The GDPR’s updated requirements are significant and our team has been working hard to bring our service offerings and contractual commitments in line so our users, customers, and partners can prepare themselves before May 25, 2018. Measures that we have taken to achieve this include:

  • Changes in our newsletter sign-ups. We updated all opt-in checkboxes to require an action taken. All language with exactly what you are signing up for is on forms and landing pages across products.
  • Investments in our systems. We have implemented improvements to our infrastructure, to fulfil all the requirements and obligations connected to continuous security monitoring, data breaches and security incident management.
  • Policies. We have already updated our Privacy Policy. However, we will continually work on our internal policies and practices to ensure that we are aligned with the GDPR requirements.

We will also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and will adjust our plans accordingly if it changes.

19. ANY QUESTIONS?

We hope this Privacy Policy has been helpful in setting out the way we handle your personal information and your rights to control it.

If you have any questions that have not been covered, or you need any further clarification or amplification, please contact us using any of the following:

Communications Department
Black Book Villas Ltd.
39 Long Acre
London WC2E 9LG
United Kingdom