VLE Limited (VLE) Privacy Notice

1. Who we are

We are VLE Limited (VLE) and we respect your privacy. This policy describes how we use your personal information.

Click here to download a PDF version of our Privacy Policy 2018.

We are VLE Limited (company number 02149759 with registered address at The Battleship Building, 179 Harrow Road, London, W2 6NB). When you visit our website, make an enquiry about one of our properties, or make a booking with us either directly or via a third party, you trust us with your information. There are many ways this information can help us make our service better. For example, we can make sure you only see offers/products in which you're likely to be interested and we can remember your details in order to provide you with a better service.

We respect your privacy and we value the trust you've placed in us by sharing your information. This privacy policy sets out the way we use your information: what we collect, how we collect it, how we use it, why we use it, who we share it with and the rights to which you may be entitled.

For instance, if you provide your contact details and make an enquiry through our site we will use this information to get in touch with you to discuss the property you have enquired about.
We're committed to protecting the privacy of any personal information you give to us and we will comply with all relevant data protection legislation and related applicable UK legislation. For the purposes of relevant data protection legislation, VLE is the data controller of personal information that we hold and process about you.

We have tried to keep this document as clear and direct as possible. If you have any questions or anything in this policy is unclear, please get in touch at the following email address: tom.storer@limitededition.virgin.co.uk

2. Your information

Data Collection and Usage
We will collect and use your personal information when you visit our website, subscribe to our services, make an enquiry about one of our properties, or make a booking with us either directly or via a third party as set out in more detail in this section.
Your information may be shared with members of our group and some third parties.

Please click the expanders below for further details on how we use your information and with whom we may share it.

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

What we collect

1. Information that you give us to purchase or enquire about our services, whether online or over the phone including:

• Your contact details including: your name, address, country of residence, email address, phone number;
• Your passport number;
• Your bank account details;
• The names of any additional guests;
• Your Virgin group loyalty card membership number;
• Your arrival and departure time;
• Details of the holiday purchased

2. Information that you give us when you visit one of our properties including:

• Information you provide on registration (e.g. your name, email address, home address, phone number, passport details and date of birth and swimming capability);
• Information you provide when you give us feedback (e.g. your name and contact details, your arrival date, departure date, address, email address, what you liked about your visit and what we can do to improve);
• Activities you book as part of your stay with us;
• Your preferences (e.g. your favourite bottle of wine/ room).

3. Information about the way you use our services including:

• What you've purchased;
• When and where you've made the purchases;
• What you paid and how;
• Whether you've opened electronic communications from us.

4. Information when you communicate with us whether in person, through our website or via email, over the phone, or via any other medium, including:

• Your contact details;
• The details of your communications with us;
• The details of our messages to you.

5. Information provided as part of your account including:

• Your username;
• Your password;
• Your account settings;
• Your account preferences;
• Your email address.

6. Information that we collect through your use of our website including:

• Device information such as operating system, unique device identifiers, the mobile network system;
• Hardware and browser settings;
• Date and time of requests;
• The requests you make;
• The pages you visit and search engine terms you use;
• IP address.

7. Information that we collect from third party booking partners which could include:

• Your contact details including: your name, address, country of residence, email address, phone number;
• Your passport number;
• Your bank account details;
• Details of any dietary, mobility / disability or room requirements;
• Your medical status;
• The names of any additional guests;
• Your arrival and departure time; and
• Details of the holiday purchased.

8. Information that we collect about you if are visiting one of our properties for our business purposes (e.g. a journalist or B2B contacts) which could include:

• CVs (if you travel to the BVI)
• Passport information
• Name and age of children who travel with you.

How we use it

1. We use this information, including to:

• Provide our services;
• Manage and administer our services;
• Process your booking;
• Take payment from or give you a refund;
• Register you as a guest;
• Send personalised offers or holiday ideas;
• For business development and business analysis purposes.

2. We use this information including to:

• Provide our services;
• To reply to the feedback you provide us;
• Carry out internal and group reporting on our performance;
• Send personalised offers or holiday ideas;
• For business development and business analysis purposes.

3. We use this information, including to:

• Develop new services;
• Improve our services;
• Identify products and marketing that may be of interest to you;
• Personalise our service of things you're interested in and how you use our services.

4. We use this information, including to:

• Answer any issues or concerns;
• Monitor guest communications and experiences for quality and training purposes;
• Send you our newsletter if you have signed up to receive it;
• Develop new services;
• Improve our services;
• Personalise our service.

5. We use this information, including to:

• Provide our services;
• Manage and administer our systems;
• Identify how you'd like to use your account.

6. We use this information, including to:

• Provide our services, including making our website and other related content available to you;
• Develop new services;
• Improve our services, including to make the website more relevant for you and our other visitors;
• Identify issues with the website and user's experience of it;
• Monitor the way our website is used.

7. We use this information, including to:

• Provide our services;
• Manage and administer our services;
• Process your order;
• Take payment from or give you a refund;
• Register you as a guest;
• Help us ensure that our guests are genuine and to prevent fraud;
• Send personalised offers or holiday ideas.

8. We use this information, including to:

• Make a reservation for you (and your children if applicable) at the properties
• Obtain work permits where required.

Why we use it

1. Our legal basis for processing include:

• It is necessary to perform the contract (i.e. to provide, manage and administer our services, process your booking, take payment and provide refunds);
• Consent (to marketing);
• Legitimate interests (to improve and provide you with a quality service, to develop our services)

2. Our legal basis for processing include:

• It is necessary to perform the contract (i.e. to provide our services).
• Consent (to marketing).
• Legitimate interests (to improve and provide you with quality services across the group)

3. Our legal basis for processing include:

• We have a legitimate business interest to improve our service and better understand how customers use it.

4. Our legal basis for processing include:

• We have a legitimate business interest in understanding customer feedback and in responding to customer communications in a consistent way.

5. Our legal basis for processing include:

• It is necessary to provide an account;
• We have a legitimate business interest in enabling you to update your preferences and settings online.

6. Our legal basis for processing include:

• We have a legitimate business interest in understanding how our website is accessed, how it is used and any problems users have with it across multiple devices.

7. Our legal basis for processing include:

• It's necessary to perform the contract;
• Consent (to marketing); Where we rely on your consent to marketing, you will have the right to withdraw the consent by contacting the Head of Privacy.

8. Our legal basis for processing include:

• It's necessary to perform the contract;
• Legal obligation (to obtain a work permit for you in the BVI);
• Legitimate interests (to improve and provide you with a quality service and to ensure we obtain quality reviews)

Legitimate Interests
A legitimate interest will only apply where we consider that it is not overridden by individuals' interests or rights which require protection of their personal data. If you require further information regarding our legitimate interests as applied to your personal data, you may contact the Head of Privacy.

Legal requirements
Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

Special information we collect
Certain types of personal information are more sensitive than others. "Special information" about you includes information about health, dietary requirements, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion.

We may collect and receive special information about you. We have identified here the types of special information we may collect or receive, how we will use it and why we will use it.

What special information we collect

1. Information that you give us or that we receive when you make a booking or when you complete a registration form at the properties:
• Dietary or allergy requirements that imply specific religious beliefs or medical conditions;
• Health / accident/ mobility / disability records.

2. Information that you give us or we receive in relation to potential criminal activities.

Why we use your special information

• Legal basis for processing; because you have consented that we may process this information for those reasons. Where we rely on your consent, you will have the right to withdraw the consent by contacting the Head of Privacy.

• Legal Basis for processing: It is necessary for the prevention or detection of an unlawful act under the UK Data Protection Act 2018 (Schedule 1, Part 3 section 31).

We will process your data in accordance with our Data Privacy Rules and Governance Policy and Records Retention Policy

Minors
Protecting the online privacy of children is especially important to us. Outside of required guest details and relevant medical information (i.e. medical information and disability information), we do not intentionally gather personal information about minors save for the data required in order to facilitate you and your child's stay with us. If you believe we have inadvertently collected personal information about your child, please contact us, and we will attempt to remove this information. If a minor (according to applicable laws) has provided us with personal information without parental or guardian consent, the parent or guardian should contact us to remove the relevant personal information and unsubscribe them from our website and/or services.

How long we keep your information
We will keep your information for as long as it is reasonably necessary and to deal with claims. It will depend on factors such as whether you've made a booking or an enquiry with us or have interacted with recent offers. We will also retain your information as necessary to comply with legal, accounting or reporting requirements.

Information we share
There are certain circumstances where we may transfer your personal data to employees, contractors and to other third parties.

• We share information about you with employees at the properties and other members of our group of companies. They are bound to keep your information in accordance with this privacy policy.

• We may also share your information with certain contractors or service providers. They may process your personal data for us, for example, if you book an activity package provided by a third party supplier at a VLE property. Other recipients/service providers include database management providers, website digital agents, IT systems specialists and email providers.

• Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function.

• We may also share your information with certain third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include other partners we do business with such as charity organisations, Virgin group loyalty membership schemes and third party activity suppliers approved by VLE.

• We will share a copy of your passport and your CV with the BVI tourist board if you are a journalist or a B2B contact who has provided us with a copy of your CV for the purposes of obtaining a work permit in the BVI.

• In the event that you suffer an accident or an injury whilst visiting one of our properties details of your accident including your health information will be shared with our on site nurses (where applicable) or our third party medical providers.

Your personal information may be transferred to other third party organisations in certain scenarios:
1). If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
2). If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
3). If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
4). If we are defending a legal claim your information may be transferred as required in connection with defending such claim.

Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.

Where your information will be held

When we share your information your information may be transferred outside the European Economic Area.

We store our information on servers located in the EU. This data will be transferred to the VLE properties and third parties (as identified above). In some circumstances this may result in data being transferred outside of the EEA to countries which do not have an equivalent level of data protection laws to those applicable in Europe. The transfer of this information is governed by a contract including standard contractual clauses (SCCs) approved by the European Commission in accordance with Article 46(c) of the General Data Protection Regulation.

We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place.

We are happy to provide you with copies of the regulator-approved SCCs which you can request from our Head of Privacy whose contact details are below in the section titled 'How to contact us'.

Your rights

You may have certain rights in relation to your information including a right to access or to correct the information we hold on you.
Other rights may be available in certain circumstances.

Some rights will only apply in certain circumstances. For example, the right to be forgotten or the right to request that we transfer your information to another company. Generally, these rights will not be available if you have an outstanding booking with us, if we are required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise, or discuss any of these rights, please contact the Head of Privacy.

Where we receive a request to exercise one of these rights, we shall provide information on the action we take on the request within one month of receipt of the request. This may be extended by a further two months in certain circumstances, for example where requests are complex or numerous.

The information will be provided to you free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise you of any fees prior to proceeding with a request.

We may ask you to verify your identity before carrying out a request.

Where we do not carry out your request, we shall inform you without delay and within one month of receipt of the request, together with our reasons for not taking the action requested. You shall have a right to raise a complaint with a supervisory authority or seek a remedy from a Court.

We've listed the rights you have over your information and how you can use them below. These rights are subject to restrictions in the GDPR and, subject to the exemptions in that law, may only apply to certain types of information or processing.

Your right and how to use it

1. We need your consent for some of the ways we use your information, for example for marketing.

You can remove that consent at any time.

How to use it
You can email your request to our Marketing Team

2. You can ask us to confirm if we are processing your information and, if we are, you can ask for access to that information as well as further details regarding for example, why we are using your information and what we are doing with it.

How to use it
You can email your request to our Head of Privacy

3. You can ask to correct your information if it's wrong.

How to use it
You can email your request to our Head of Privacy

4. You can ask us to delete certain of your information.

You have a right to be forgotten and you can ask that our systems stop using your information.

How to use it
You can email your request to our Head of Privacy

It may not always be possible for you to use this right, for example, if it is still necessary for us to perform the contract or we need to keep the information by law or because of a legal dispute.

5. You have the right to request that we suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

How to use it
You can email your request to our Head of Privacy

6. You can ask us to help you move certain of your information to other companies.

To help with that you have a right to ask that we provide your information in an easily readable format to another company.

How to use it
You can email your request to our Head of Privacy

7. You can ask us to stop using your personal information, but only in certain cases.

This applies where we are processing your personal information based on a legitimate interest (or those of a third party) and you may object to processing on this ground. However we may be entitled to continue processing your information based on the our legitimate interests. You also have the right to object where we are processing your personal information for direct marketing purposes.

How to use it
You can email your request to our Head of Privacy

8. You also have a right to lodge a complaint with a supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where you work or where an alleged infringement of Data Protection law has taken place.

How to use it
You can get in touch with either:
• the UK Information Commissioner's Office; or
• your local regulator in the EU.

How to contact us
If you have any questions about this policy please contact our Head of Privacy: tom.storer@virginimitededition.com or +44 (0) 208 600 0442, or Virgin Limited Edition, The Metro Building, Hammersmith, London W6 8DL.

Changes to the policy
This policy will be changed from time to time.
If we change anything important about this policy (the information we collect, how we use it or why) we will highlight those changes at the top of the policy and provide a prominent link to it for a reasonable length of time following the change.

Links to third party websites
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including our partner networks, advertisers and other group companies and/or social networks as offered to you and supported by your browser.

The personal data that you provide through these websites is not subject to this Privacy Policy and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy policies which will set out how your information is collected and processed when visiting those links. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of entities through which you chose to share.

Other policies

Cookies
We use cookies that identify your browser or device. They collect and store information when you visit our website about how you use it.

Security
We are committed to keeping your personal information safe. We've got physical, technical and administrative measures in place to prevent unauthorised access or use of your information.