Privacy Policy

Here at Highland Kings we take your privacy seriously and will only use your personal information to administer your booking and to provide the products and services you have requested from us.

However, from time to time we would like to contact you with details of upcoming events, offers and information relating to developments at Highland Kings. 

1. How we use your personal data

We are committed to protecting your personal data.

We will use your personal data to process your order, record medical information for health & safety purposes, dietary requirements for health, safety and catering purposes and send information relating to upcoming events, offers and developments at Highland Kings.  We will also use your personal data to comply with any legal obligations.  

We will use your personal data to (i) register you as a client, (ii) manage payment, (iii) collect and recover monies owed to us (iv) to manage our relationship with you, (v) send you details of our goods and services.

The personal data you provide on any consent forms is required by law and is necessary for us to be in receipt of this information prior to engaging in any of our services/events/courses.  Failure to comply may result in the cancellation of your booking without any refund.

Our legal grounds for processing your data are in relation to points (i) to (iv) above are for performing our services to you and in relation to (iii) and (v) above, necessary for our legitimate interests to develop our services and grow our business and to recover monies owed.

We will not share your personal data with third parties for marketing purposes.  

2. Disclosure of your personal data

We may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers auditors and insurers (iii) HMRC and other regulatory authorities (iv) third parties to whom we sell, transfer or merge parts of our business or assets.

We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law.  They are only allowed to process your personal data on our instructions.

3. International transfers

Some of our third-party providers are businesses outside of the EEA in countries which do not always offer the same levels of protection for your personal data.  We will do our best to ensure a similar degree of security by ensuring that contracts, code of conduct or certification are in place which give your personal data the same protection it has within Europe.  If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.

4. Data security

We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data.  They will only process your personal data on our instructions and are subject to a duty of confidentiality.  We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator where we are legally required to do so.

In certain circumstances you can ask us to delete your data.  See the section entitled ‘your rights’ below for more information.

5. Data retention

We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it.  We may retain your data to satisfy any legal, accounting, or reporting requirements.

You have the right to ask us to delete the personal data we hold about you in certain circumstances.  See section 6 below.

6. Your rights

You are able to exercise certain rights in relation to your personal data that we process.  These are set out in more detail at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it.  We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.

If you wish to make a Subject Access Request, please send the request via the contact form on our website.

7. Keeping your data up to date

We have a duty to keep your personal data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.

If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by emailing the address set out in section 6 above.

8. Complaints

We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.