Who we are and what we do.
Visit County Durham (VCD) is strongly committed to preserving the privacy of its customers. This Data Protection and Security Policy lets you know about our policy for the collection and use of information about you and your transactions with us. Visit County Durham is the tourism management agency for County Durham working on behalf of businesses and public agencies. The company is mainly funded by Durham County Council. The private sector also contributes financially to our work in return for benefits and activities that meet their needs.
Our website www.thisisdurham.com is the official consumer travel website for Durham. The aim of the website is to ensure you experience the very best Durham has to offer.
Our corporate website www.visitcountydurham.org has more details about who we are and what we do. If you are a business, travel trade or other such organisation, please visit this site for how we can work together.
Our Groups and Travel Trade website www.discoverdurham.co.uk contains details on planning visits for large organised groups of consumers wishing to visit attractions and stay at key accommodation.
What type of personal information do we collect and how do we collect it?
We collect the following information about you:
- Postal Address
- Telephone Number
- E-mail address
- Social Media
We collect information about you in the following ways:
- Online competitions
- Account sign up
- E-newsletter sign up
- Booking Online
- Google Analytics
- Business Details
- Brochure / information requests via telephone
What is our power to obtain and use the personal data?
When we collect and use your personal information we rely on one of the following:
Lawful Basis (Article 6)
- Consent: You or a legal representative have given consent.
- Contract : You have entered a contract with us.
- Legitimate Interests – the processing is necessary for the purpose of legitimate interests
What is your personal information used for?
We will process your personal data in accordance with the [United Kingdom's Data Protection Legislation]. We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, fire walls and server authentication to protect the security of your data. For all Visit County Durham companies, all of our staff and whenever we hire third parties to provide support services, we will require them to observe our privacy standards and to allow us to audit them for compliance.
Visit County Durham collects and processes information about you for the following purposes:
- Online purchases and booking
- Visitor Profiling & Statistics
- User Generated Content
When you book accommodation, buy attraction/event tickets or order items from our online shop, our order form asks you to give us information specific to that order, including your billing address, shipping address, credit card information and email address. The information that you provide is processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. We also use the information to contact you if there is a problem with your order. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enters into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
All of our transactions automatically take place on a secure server. All of your personal information is encrypted before it is transmitted over the Internet.
Visitor Profiling & Statistics
When you buy from us online, our system automatically gathers purchase data, and we also record information about purchases made through our telemarketing, mail order and other marketing operations.
We use this information in two ways: We review what kinds of products and services appeal most to our visitors as a group. This statistical information helps us improve our offerings in the same way that other companies change their catalogue based on what sells best. We use information such as the number of purchases visitors make and the categories of goods and services they buy to make offers to them we believe will be of interest. We do not give out any information about you, as an individual, to anyone, except to complete your transactions, or to comply with valid legal process such as a search warrant, subpoena or court order.
The legal basis for this processing is legitimate interest.
We may process information that you provide to us for the purpose of visitor registration, brochure requests, e-newsletters subscriptions and competition entry. This data may be processed for the purposes of sending you the relevant notifications and media.
- When ordering brochures from us online, you are agreeing to receive requested information by post, and where an email address is also supplied, relevant follow up information from Visit County Durham, which can be unsubscribed from at any time. For brochures requested over the telephone, you are agreeing to receive relevant materials and added to our database for direct and email marketing purposes.
- Visitor Registration - by completing our Visitor Registration page you are agreeing to store information about yourself based on personal interests and marketing preferences
- Competitions - If you enter one of our competitions you will see two boxes where you have the option to receive e-mails from us (VCD) or from the prize provider.
- Your data (name and e-mail address only) will be shared with the company who has provided the prize, only if you tick the box to give consent for us to do so.
- The first e-mail you receive from the prize provider will carry an unsubscribe link.
- Your details will never be shared with any other company.
- If you do not consent to being contacted we will store your details for 2 months and then remove them from our system. You will not be contacted within this period, unless you have successfully won a competition.
- Email - We will only send you marketing emails if you specifically give us your consent to do so. The information we collect will depend on the nature of your enquiry with us.
- We collect information only when you supply it to us by entering your details via an online form.
- When we collect information from you, we will provide an option for you to join our mailing list. If you opt to join our mailing list we will send you the monthly Durham e-newsletter with ideas for your next break, special offers, news and events.
- While we may occasionally send solus emails on behalf of carefully selected partners, we will never share your details with any third party, unless you explicitly give us permission to do so via opting in, as mentioned above.
- Marketing e-mails that you receive depending on your options may be from 'This is Durham' which is our visitor-facing brand name, ‘The Wednesday Grapevine’ which is news for tourism businesses or ‘Discover Durham’ which is news for groups. Every email you receive will carry a unsubscribe link, allowing you to opt out of any future communications. If you have any issues when trying to unsubscribe or wish to discuss data protection matters further please contact email@example.com
The legal basis for this processing is consent and legitimate interest.
At no time will your information be passed to organisations external to us and our partners for marketing or sales purposes or for any commercial use without your prior express consent.
User Generated Content
If you use any of our social network pages or applications or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For instance:
- If you click on a ‘like’, ‘+1’ or ‘tweet’ or similar button in one of our websites or services, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive information about further interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you
- If you ‘like’, ‘+1’ or similar one of our pages on a social network site, we may receive information about your social network profile, depending on your social network account privacy settings.
Reviews, comments and content
Where you have uploaded product reviews, comments or content to our websites or services and made them publicly visible, we may link to, publish or publicise these materials elsewhere including in our own advertisements.
Each time you create or reply to a post or thread on a website forum from us, in addition to providing this forum service, we may also record the forum name and the time and date of your post or thread with your account details. We do this to better understand the ‘typical users’ of our forums and to select or tailor our marketing communications to reflect your forum activity. We do not use the actual content of your forum posts or threads for purposes of sending marketing communications.
The legal basis for processing this information is for legitimate interest.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with regulatory and legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Will your personal information be shared?
When we share your information we do it when:
- You have given consent to be opted in to third party marketing
- We may use other third party service providers to provide certain data processing services for us (acting as our authorised data processors).
Examples of authorised data processors could include billing and fulfilment partners, IT solution providers, data analytics providers who process information on our behalf for the purposes outlined above. For example, we may use the services of third parties to personalise content, fulfil orders, deliver packages, send postal mail and emails, send text messages (SMS), provide marketing assistance, process credit card payments, provide fraud checking services and provide customer services.
When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.
In addition to the specific disclosures of personal data set out in this section, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
International transfers of your personal data.
We store your data on our secure servers in the United Kingdom and retain it for a reasonable period or as long as the law requires. However, your data may be transferred to, stored at, and processed at a destination inside or outside the European Economic Area by our partners or service providers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
How do we keep your personal information secure?
The security of your personal information is important to us. This is why we follow a range of security policies and procedures to control and safeguard access to and use of your personal information.
How long will we keep your personal information?
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
- Personal data that we process shall not be kept for longer than is necessary for that purpose or those purposes.
- Your personal data will be retained for 5 years following the date you cease to be a client, or longer as required to meet our regulatory obligations.
- We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests.
Links to third party sites
Some of our websites may contain links to other third party websites that are not operated by us. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those third party websites. We strongly encourage you to view the privacy and cookie policies displayed on those third party websites to find out how your personal information may be used.
A cookie is a simple text file that is stored on a user’s computer (or mobile device) that is created when a user visits a website using a program called a browser (Chrome, Internet Explorer, Firefox or Safari).
A cookie isn't a program itself and doesn't actively do anything on a user's computer. A cookie cannot be used to identify a user personally but they do contribute to improving a user's experience of a website.
A cookie simply allows the website to read the contents of the cookie text file. The text file itself simply contains a unique identifier code; the site name and some digits and numbers.
Why are Cookies used?
Cookies do lots of different jobs, such as:
- remembering what items a user may have added to a shopping basket or an itinerary as the user moves between pages on a website
- saving a user's preferences to allow them to customise a website
- measuring what users do on a website to ascertain which parts of a website are popular, how long they spend on a website, how often users return, where they come from etc
What Cookies are used by this site?
Cookies are set by this website (first party cookies) but may also be set by other websites (e.g. YouTube) that run content on the website’s pages (third party cookies).
Cookies can be set to remember a visitor for the duration of their visit (session cookies) or to remember a visitor for repeat visits (persistent cookies).
Is your personal information processed outside the European Economic Community (EEC)?
We do not process your personal information outside the EEC your personal information.
What are your Information Rights?
In this Section we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity. For this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address.
In practice, you will usually either expressly agree (opt in) in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
To exercise any of these rights please contact the relevant service in the first instance.
You also have the right to request a copy of the personal information council holds about you. To do this, you can apply online or download an application form from the DCC website or you can contact the data protection team at firstname.lastname@example.org
To learn more about these rights please see the ICO website.
If something goes wrong with your personal information, or you have questions about how we use it, please contact Roger Goodes the Data Protection Officer at DPO@durham.gov.uk or by contacting Visit County Durhams Data Protection Officer:
Visit County Durham,
2nd Floor, Salvus House
Tel: 03000 261 221
If we have not been able to deal with your complaint, you can also contact the Information Commissioner's Office.
Information Commissioner's Office
Telephone: 0303 123 1113 (local rate) or 01625 545 745