At Travel Ecosse we are committed to maintaining the trust and confidence of our visitors to our web site. In particular, we want you to know that Travel Ecosse is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
Our Core Beliefs Regarding User Privacy & Data Protection
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
When someone visits www.travelecosse.com we use a third party service, Google Analytics, to collect standard information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
When a user sends us a message using one of the contact forms on the site this is then sent on to the relevant mailbox. This email is retained within the websites contact form system as an entry for no longer than 24 hours before being automatically deleted. The message is sent from the mailbox to a separate Gmail account for review and replying to the message. The message is not retained on the website mailbox server. However, it is retained in the Gmail account for the sake of further correspondence with the potential client. A copy of your emails retained on the system can be requested if necessary, please find details for this in the “Access your personal information section”.
As detailed above, if you submit an email via the contact forms on this website some personal information will be stored within this website’s database. This is currently the only occasion where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). However, as stated above this is only retained with the database for 24 hours before being purged. In the near future we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.
We use an HTTPS connection on our website (Hypertext Transfer Protocol Secure, the communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer SSL). To ensure all data that is input using forms or collected through analytics is done in a strictly encrypted fashion. This is authenticated using an SSL certificate issued through Let’s Encrypt Authority X3. This certificate can be viewed when accessing the site in your browser, please visit the link below for details on how to go about this:
In regards to email retention – these are kept in a single Gmail account that is secured using an 113 Bit Hex Password, with 2 step verification enabled. A copy of your emails retained on the system can be requested if necessary, please find details for this in the “Access your personal information section”. These emails are not forwarded or sent to anyone else unless with the consent of the original sender and those who may have been included in any follow up replies.
Should you choose to contact us using the contact forms on this site, none of the data that you supply will be stored by this website for more than 24 hours. None of this data will be passed to / be processed by any of third party data processors. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
Our Website Server
Our website is currently hosted by TSO Host, a UK based Webhosting company. More information on their server security policies and systems can be found at this link: TSO Host
We will report any unlawful data breach of this website’s database to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Access to your personal information
You are entitled to view, amend, or delete the personal information that we hold (if any), to do this please email your request to firstname.lastname@example.org, please use the email address that you had used on our website. After sending your request we will send an email to confirmation your identity, upon confirmation the system will forward along any data within our system that is linked to your email address. To request deletion of your data, please send a separate email using the same email address as used on our website, stating within that you would like your data purged, you will be sent an email to confirm your identity which – upon validation – you will then have your data purged.