Privacy Policy

Welcome to the Privacy Policy of Mystic Highlands Adventures. This policy explains how we collect, use, and protect your personal data when you use our website and services. We are committed to protecting your privacy and ensuring the security of your information.

1. Information We Collect

We collect several types of information to provide and improve our services:

• Personal Information: This includes your name, email address, phone number, postal address, and any other information you provide when booking a tour, contacting us, or subscribing to our newsletter.
• Booking Information: Details of the tours and experiences you book with us, including dates, number of participants, and any special requests.
• Payment Information: Credit card details or other payment information used to process your bookings. Note that we use secure payment gateways, and we do not store your full credit card details on our servers.
• Website Usage Data: Information about how you use our website, including your IP address, browser type, operating system, pages visited, and the time and date of your visit. We use cookies and similar technologies to collect this data.
• Communications: Records of any correspondence you have with us, whether by email, phone, or through our website's contact form.

2. How We Use Your Information

We use your information for the following purposes:

• Providing Services: To process your bookings, provide customer support, and deliver the tours and experiences you have requested.
• Communication: To communicate with you about your bookings, send you updates and important information about our services, and respond to your inquiries.
• Marketing: To send you promotional emails about our tours, special offers, and news, provided you have opted in to receive such communications. You can unsubscribe from these emails at any time.
• Improving Our Services: To analyze website usage data and customer feedback to improve our website, services, and customer experience.
• Legal Compliance: To comply with legal obligations and regulations.
• Personalization: To personalize your experience on our website and tailor our offerings to your interests.

3. Data Sharing and Disclosure

We may share your information with the following third parties:

• Service Providers: We share information with third-party service providers who assist us in providing our services, such as payment processors, email marketing platforms, and website analytics providers. These providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.
• Tour Operators: We may share your booking information with local tour operators who are involved in delivering the tours and experiences you have booked.
• Legal Authorities: We may disclose your information to legal authorities if required by law or in response to a valid legal request.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction, subject to the terms of this Privacy Policy.

4. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your information from unauthorized access, use, or disclosure. These measures include:

• Encryption: We use encryption to protect sensitive data during transmission and storage.
• Access Controls: We restrict access to your personal data to authorized personnel only.
• Regular Security Audits: We conduct regular security audits to identify and address potential vulnerabilities.
• Employee Training: We provide training to our employees on data privacy and security best practices.

5. Your Rights

You have the following rights regarding your personal data:

• Access: You have the right to access the personal data we hold about you.
• Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Erasure: You have the right to request that we erase your personal data, subject to certain exceptions.
• Restriction of Processing: You have the right to restrict the processing of your personal data in certain circumstances.
• Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Objection: You have the right to object to the processing of your personal data in certain circumstances, including for marketing purposes.
• Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

To exercise these rights, please contact us using the contact information provided below.

6. Cookies and Similar Technologies

We use cookies and similar technologies to collect information about your use of our website. Cookies are small text files that are stored on your device. We use cookies for the following purposes:

• Essential Cookies: These cookies are necessary for the functioning of our website and cannot be disabled.
• Analytics Cookies: These cookies allow us to analyze website usage and improve our services.
• Marketing Cookies: These cookies are used to track your browsing behavior and deliver targeted advertising.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may retain your data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us, and we will take steps to delete the information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post any changes on our website and, where appropriate, notify you by email. Please review this Privacy Policy periodically to stay informed about how we are protecting your information.

10. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Mystic Highlands Adventures
42 Castle Street, Inverness, IV2 3EG
Scotland
Email: privacy@mystichighlandsadventures.com
Phone: +44 58 2371 8093

Our Data Protection Officer is Alistair MacLeod, who can be contacted at the email address provided above.

11. Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy.

Specifically, when we transfer your personal data out of the UK and the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK government.
• Where we use certain service providers, we may use specific contracts approved by the European Commission or the UK government which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

12. Automated Decision-Making

We do not use automated decision-making, including profiling, in a way that produces legal effects concerning you or significantly affects you.

This Privacy Policy was last updated on October 26, 2023.