Inchcolm Island & Scottish Castles Weddings As a business we are subject to British, Scottish and European law. We care about your privacy and your right to privacy, under the new GDPR Regulations. For this reason, we collect and use personal data only as it might be needed for us to deliver products/services. Your personal data includes information such as name, address, telephone number, email address. We will never transfer your personal data and we will never sell your data to a third party.
How we secure, store and retain your data We follow generally acceptable standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate. We retain personal data only for as long as necessary to provide the services you have requested and therefore for a variety of legitimate legal or business purposes. These might include retention periods; mandated by law, contract or similar obligations applicable to our business operations for preserving resolving defending or enforcing our legal/contractual rights , or needed to maintain adequate and accurate business and financial records. If you have any further questions about the security or retention of your personal data, you can contact us directly.
Right to be forgotten Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the right to be forgotten. The right is not absolute and only applies in certain circumstances.
When does the right to erase apply? Individuals have the right to have personal data erased if: • The personal data is longer necessary for the purpose which you originally collected it for • You are relying on consent as your lawful basis for holding the data and the individual withdraws their consent • You are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data and there is no overriding legitimate interest to continue this processing • You are processing the personal data for direct marketing purposes and the individual objects to that processing you have processed the personal data unlawfully (i.e in breach of the lawfulness requirement of the 1st principle) • You have to do it to comply with legal obligation, or you have processed the personal data to offer information society services to a child.