By personal data we mean identifiable information about you. Generally, this is likely to include information such as your name, email address, correspondence address and your IP address if you access our website.
We may collect, use, store and transfer different kinds of personal data about you:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as it does not directly or indirectly identify you. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this Privacy Policy.
We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request and we shall make this clear to you at the point of collection of the personal data.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this and we may also report this to the appropriate authorities.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
We do not knowingly collect personal data of any individual under the age of 18 years old.
If you choose to give it to us, we may receive personal data about your health. This may be because you have certain special needs or requests that you would like us to pass on to our travel and accommodation providers.
When you use our website, we may automatically collect and store information about your Technical Data and Usage Data for the purposes of research and analysis.
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy.
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties to try to confirm your identity.
We may also receive personal data about you from our third party service providers, including our analytic service providers.
From time to time, our travel and accommodation partners may provide information about you to us.
We will only use your personal data where we have a lawful basis to do so. The lawful purposes that we rely on under this Privacy Policy are:
| PURPOSE/ACTIVITY | TYPE OF DATA | LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST |
| To enable you to access our website | Contact Identity |
Performance of a contract with you Legitimate interests |
| To manage our relationship with you such as notifying you about changes to our Terms of Use or this Privacy Policy | Contact Identity |
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests |
| To assist you to make a booking by passing information to our travel and accommodation providers | Contact Identity | Consent |
| To deliver relevant website content and advertisements to you and measure and understand the effectiveness of the advertising we serve to you | Contact Identity Usage Marketing Technical |
Necessary for our legitimate interests (to analyse how customers use our website and manage our business accordingly) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Technical Usage |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| To send you marketing information | Contact Identity Usage Marketing | Consent |
| To administer and protect our business and this website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting and hosting of data) | Technical | Necessary for our legitimate interests (for running our business security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation |
If you ask us to do so, then we may share your Identity Data and Contact Data with our travel and accommodation partners. They will process your personal data as a controller under the applicable data protection legislation and so you should read their Privacy Policy before you ask us to pass your details to them.
For our legitimate interests, we may share any of personal data with our service providers, sub-contractors, consultants and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, group companies, accountants, auditors and lawyers.
We shall provide our service providers, sub-contractors, consultants and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
If we need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety then in doing so, we may share your personal data with third party authorities and regulatory organisations and agencies.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell of all or a portion of our business by or into another company then the new owners may use your personal data in the same way that we do as set out in this Privacy Policy.
Some or all of your personal data may be stored or transferred outside of the United Kingdom for any reason, including for example, if our email server is located in a country outside the United Kingdom or if any of our service providers are based outside of the United Kingdom.
Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
You may consent to receive marketing email messages from us about our website and our services, website, events, sales and business. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. If you still have an account with us, we shall continue to email you in relation to your account only.
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive, and we may ask for identification from you before we can fully respond to your request.
If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You do also have the right to contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority.
Subject to the provisions of this Privacy Policy, we will retain personal data in accordance with applicable laws.
We may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise. To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
For the avoidance of doubt, we may use anonymous data, such as usage data for research or statistical purposes indefinitely without further notice to you.
Our website may contain links to third party websites, plug-ins and applications. We are not responsible for the content of such third party content, or their privacy statement. If you provide any information to the third party, then you should check the third party website to find the applicable privacy policy.
If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.
This Privacy Policy was last updated on 25 January 2021
Biostays is an eco-travel booking website. Every hotel or experience on this website is eco-friendly and hand-picked by us. And if you book a stay on our website, 2 acres of rainforest get saved automatically. Grab your adventure boots and join the revolution!
Copyright © 2021 Biostays®️is a registered trademark. All rights reserved.
