This policy sets out how we collect, process and hold your personal data if you visit our event ticket shop or otherwise provide personal data to us. We are Cobble Tales. We are the data controller of your personal data.
Personal data we collect
As data processor FareHarbor collects and processes when buy tours with us online or over the phone, and some of this information is passed on to us, including your name, email address, and telephone number that we use for communication. We will use your name for personal communication during the tour, email address for booking confirmation, reminders and review prompts, and phone number for any urgent updates before the tour.
We will keep your information on record before until the next April after your booking.
You will have an option to opt in for our news letter but that is not necessary for the booking.
Payments collected through FareHarbor are processed by Stripe, a PCI Level 1-certified and TLS 1.2 compliant provider backed by both Visa and American Express.
FareHarbor is PCI certified as well, meaning they are compliant with the PCI Data Security Standards endorsed by Visa, MasterCard, AMEX, Discover, and JCB.
No sensitive cardholder data is stored in FareHarbor. Payments through Stripe are tokenized: the cardholders’ information is replaced with a series of randomly-generated numbers (a “token”) which can then be passed through FareHarbor without the actual details being exposed.
Cobble Tales do not receive details of your payment (card numbers, expiry dates, security codes) and have no access to this level of your personal data.
When you contact us by email or contact form, we may keep a record of our correspondence for 6 months following such contact.
Data we automatically collect
When you visit our website or the FareHarbor bookings processor, we, or third parties on our behalf, automatically collect and store information about IP address, your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns. We collect this information using cookies as detailed below, and we use the information we collect on an anonymous basis to improve our website, bookings system, our events and the services we provide, and for analytical and research purposes.
We will never use your personal data routinely to contact you for marketing purposes. You may receive a limited number of messages from us following our tour, inviting you to leave feedback on TripAdvisor or another review site, but your details will not be held or stored in a manner that is utilised for ongoing marketing, nor will those details be sold or otherwise made available to any other organisations for any purpose.
If you have otherwise booked a ticket with us or contacted us with a question or comment, we may retain your personal data for 6 months following such contact.
Lawful processing of your personal data
We will use your personal data in order to comply with our contractual obligation to supply to you the tour/event package that you have booked, including to contact you with any information relating to the event, to deliver the event to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have in relation to the event.
Who do we share your data with?
We may share your personal data with any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions.
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property, or safety.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer. The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are used by our website to identify when you revisit that website.
Most browsers are initially set up to accept cookies. You can change your browser settings either to notify you when you have received a cookie, or to refuse to accept cookies.
We also use Google Analytics to monitor traffic to our website. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to the site, where visitors generally came from, how long they stayed on the site, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal data. If you do not agree to this you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
We, and any third party services we employ to process your data on our behalf, shall process your personal data in a manner that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
However, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete. You also have the right at any time to require that we delete your personal data. To exercise these rights, or any other rights you may have under applicable laws, please contact us at firstname.lastname@example.org
If you have any questions about our responsibilities to you, please contact us at email@example.com.
If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the UK supervisory authority: The Information Commissioner, see www.ico.org.uk.