fbpx

Privacy Policy

Our Policy

Thank you for visiting our web site. This privacy policy tells you how we use personal information collected on this site. Please read this privacy policy before using this site or submitting any personal information. By using this site, you are accepting the practices described in this privacy policy. These practices may be changed, but any changes will be posted and changes will only apply to activities and information on a going forward, not retroactive basis.

You are encouraged to review the privacy policy whenever you visit this site to make sure that you understand how any personal information you provide will be used.

Note: the privacy practices set forth in this privacy policy are for this web site only. If you link to other web sites, please review the privacy policies posted at those sites.

Collection of Information

If you contact us through an online form, in person, on the phone or by email, we will only retain the data which is relevant to effectively providing relevant tours or services.

How do we use that information?

We use that information to contact you as needed during the enquiry process, such as to provide you with booking confirmations, invoices or reminders of the start of your tour.

Your data is shared with a third party booking application, and the relevant banking services during the payment process.

The data we collect is only used to fulfil our duties to help ensure that tours are provided as described, and will not be used in another other manner unless you give us permission to.

How long do we keep your data?

We keep your data for 10 years. The reason for this is so we can identify and keep track of returning customers and analyse trends.

Distribution of Information

We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.

Commitment to Data Security

Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. All emails and newsletters from this site allow you to opt out of further mailings.

Website visitor tracking

Like most websites, this website uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our website, so we can better understand how they find and use our web pages and see their journey through our website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this.

We consider Google to be a third-party data processor. GA makes use of cookies, details of which can be found on Google’s developer guides. On our website, we use the analytics.js implementation of GA.

If you wish, you may disable cookies in your internet browser. This will stop GA from tracking any part of your visit to pages within this website.

The Facebook Pixel

The Facebook Pixel may at times be installed on this website

Email newsletter

If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third-party data processor (see below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.

Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.

If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.

While your email address remains within the MailChimp database, you will receive periodic newsletter-style emails from us.

Contact forms and email links

Should you choose to contact us using one of the forms on our website, or email us directly, none of the information / data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors (see below). Instead the data will be sent in an email to us using the Simple Mail Transfer Protocol (SMTP).

Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way.

Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.

What are your rights over your personal data?

You have the right to request:

– Access to the personal data we hold about you, free of charge in most cases.

– The correction of your personal data when incorrect, out of date or incomplete. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.

– That we stop using your personal data for direct marketing (either through specific channels, or all channels).

– That we stop any consent-based processing of your personal data after you withdraw that consent.

You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate. To ask for or update your information, please contact Jenny McLay, Director, at The Chocolatarium Ltd, 3-5 Cranston Street, Edinburgh, EH8 8BE.

If we choose not to action your request we will explain to you the reasons for our refusal.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Who do we share your personal data with?

We sometimes share your personal data with trusted third parties.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of third parties we work with are:

  • IT companies who support our website and other business systems.
  • Direct marketing companies who help us manage our electronic communications with you.
  • Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.

Our third-party data processors

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen.

  • Google (Privacy policy)
  • Mailchimp (Privacy policy)
  • Facebook (GDPR Information)

Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Data controller

The data controller of this website is:

The Chocolatarium Ltd.
3-5 Cranston Street
Edinburgh
EH8 8 BE

Privacy Contact Information

If you have any questions, concerns, or comments about our privacy policy you may contact us using the information below: By e-mail:

[email protected]

We reserve the right to make changes to this policy. Any changes to this policy will be posted.