How we collect your personal information
We and our third-party service providers may collect personal information when you provide such information to us:
- By visiting troutbeck.com;
- By visiting our hotel or restaurant or using any of the services at our physical location;
- By logging into or using our wifi network;
- By purchasing items from us; and/or
- Through other sources such as joint marketing partners; online travel/restaurant companies; booking engines; and other third parties with whom we work.
The information we collect allows us to better respond to your needs, develop our services, and improve your experience at Troutbeck.
When you visit our website
We collect navigational information about where users navigate on www.troutbeck.com. This information allows us to better understand usage patterns, areas of interest, and to assess the functional elements of the site. Additional non-personally identifiable information (for example, domain type, browser version, service provider, IP address) may be collected, which provides additional information regarding the use of this Web site, such as how long a user will spend on a particular page, how many times a page is visited by our users and to distinguish between new and returning users. Troutbeck values this information for the purposes of analyzing the effectiveness of the site and in its regular maintenance of functionality.
The information you provide and what we do with it
Should you provide us with your email address on property, through registration, booking your stay with us or if you subscribe to our newsletter you will periodically receive newsletters and promotional emails from email@example.com. Should you wish to be removed from our marketing list, you may use the “unsubscribe” option at the end of all such emails or, contact us directly at firstname.lastname@example.org.
Troutbeck will never sell or otherwise distribute the information that you provide to us on our website or by any other means. We use the third-party services of www.constantcontact.com to maintain and manage our subscriber information.
We may keep and use information, including personal information, we collect from you to:
- Respond to your inquiries and fulfill your requests;
- Send administrative information to you, such as information regarding your bookings and changes to our terms, conditions and policies;
- Complete and fulfill your booking or other purchases, including, for example, to process your payment, communicate with you regarding your purchase and provide you with related customer service;
- Send you marketing communications if you have indicated that these would be of interest to you;
- Personalize your experience by presenting products, services, and offers tailored to you;
- Facilitate social sharing functionality;
- For our business purposes, such as data analysis; market research; surveys; customer satisfaction; audits; fraud monitoring and prevention; developing new products and services; enhancing, improving or modifying our services; identifying usage trends;
- In any manner that we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state/country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your state/country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
General Data Protection Regulation (GDPR)
If you are a data subject covered by the European Union’s General Data Protection Regulation (GDPR) or similar laws in other countries, you may have certain rights in relation to your Personal Information. Such rights may include the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information when there is no longer any reason for Troutbeck to continuing to process it. You may also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also may have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party. This enables you, or a third party you have chosen, to seek to have your personal information provided in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to exercise any of these rights and will respond to all requests in a timely manner. We may need to contact you about your request to verify your identity, confirm certain information, or clarify the request before it can be fulfilled. If you are a data subject covered by GDPR and would like to exercise these rights or otherwise have questions about your rights please contact email@example.com.
Certain data protection laws such as GDPR and other similar regulations require that data only be processed if there is a specific legal basis for doing so. We process your data for the following reasons:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- Where we need to comply with a legal or regulatory obligation.
You have the right to withdraw consent to marketing at any time by selecting that option in communication of that type. The Company is the controller and is responsible for your Personal Information.
California Consumer Privacy Act (CCPA)
The following only applies to California residents.
The California Consumer Privacy Act (CCPA) provides consumers, who are California residents, with specific rights regarding their personal information. The following describes your CCPA rights and explains how to exercise same.
Access to Specific Information
You have the right to request that we disclose certain information to you about the collection and our use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you the following:
- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for either collecting or selling that personal information;
- The categories of third parties with whom we share that personal information;
- The specific pieces of personal information we collected about you;
- If we either sold or disclosed your personal information for a business purpose, two (2) separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
CCPA Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception is applicable.
We may deny your deletion request if retaining the information is necessary for either us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (California Penal Code §1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may render either impossible or seriously impair the research’s goal, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; and/or
- Make other internal and lawful uses of that information, which are compatible with the context in which you provided it.
Exercising Access and Deletion Rights (CCPA)
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by contacting us at firstname.lastname@example.org. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for either access or deletion once within a twelve (12) month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or are an authorized representative of said person; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
Response Timing and Format
We endeavor to respond to all requests in a timely manner and in any event within forty-five (45) days, if even said response is to request additional time to fully respond. We do not charge a fee to either process or respond to your verifiable consumer request, unless it is excessive, repetitive or manifestly unfounded.
We will not discriminate against you for exercising any of your CCPA rights.
Other California Privacy Rights
California Civil Codes Section §1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to us at email@example.com.
Sensitive Personal Information
We ask that you not send us and that you not disclose any Sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) to us.
Use of “Cookies”
We may use third party services for things like making reservations, processing payments, or hosting data. It is our policy to only share personal information with service providers and other third parties who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
We may also disclose your personal information to a third party when you ask us to do so or when we believe it is required by law.
We may use the following third-party service providers named below to process and store your data:
- Google Analytics, which we use to measure the performance of this website. For information on how Google Analytics collects and processes information about you and information on how to opt out from Google’s collection of information from you, go to Google Analytics Opt-out Browser Add-on.
Changes in Policy
Acceptance of Terms
We seek to use appropriate organizational, technical and administrative measures to protect personal information within our organization, including: (a) ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services and (b) ensuring we can restore access to personal information in a timely manner if a physical or technical incident occurs. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure and we cannot ensure the security of the information that you transmit. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us using details in the “Contacting Us” section.