Any personal data collected through this website will be treated as confidential in line with the principles of the Data Protection Act 1998 and soon to be GDPR.
WHAT WE COLLECT
We do not store credit card details nor do we share customer details with any third parties.
All data we collect is deleted or anonymised after 12 months.
We may collect the following data about you:
Information you give us. You give us information about you by buying our product, completing forms on our site or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, sign up for our newsletter, place an order or otherwise contact us. The information you give us may include your name, address, email address and phone number and financial and credit card information.
Information we collect about you. With regard to each of your visits to our site, we may automatically collect data from cookies.
A cookie is a text file which asks permission to be placed on your computer’s hard drive.
We use traffic log cookies to identify which pages are being used. This helps us to analyse data about web page traffic and to improve our website in order to tailor it to customer needs. We only use this information for statistical analysis.
Overall, cookies help us provide you with a better website. You can choose to accept or decline cookies. For further information about cookies visit www.aboutcookies.org.
COOKIES USED ON OUR SITE
PHPSESSID - This cookie is a reference to a unique session ID set by our website for the current browsing session. No personal data is stored in it. The session is ended when a user’s browser is closed. This allows us to link you to the website if you are logged in and processing through the checkout and enable core site functionality.
Add This (_atuvc, _atuvs) - The site uses Add This to allow the user to share content from the website over multiple social networks. Add This set a few cookies on your computer to improve user experience. The Add This cookie is used to track the content you view and share.
WHAT WE DO WITH THE INFORMATION WE GATHER
We gather this information to understand your needs and provide you with a service, and in particular for the following reasons:
- We may use the information to improve our products and services.
- If you have signed up to our newsletter, we will send emails about new products, special offers or other information which we think you may enjoy. This information is collated using a third party service, Rocket Science Group LLC (trading as 'Mailchimp'). Mailchimp will have access to and will store and process your email, but will only do so on our instructions. MailChimp helps us to track the reception of our newsletters. If you have not signed up to our newsletter, we will not disclose your personal information to Mailchimp.
- If you have signed up to our newsletter, we may use your data to tailor adverts and marketing messages to you on third party websites like Google and Facebook.
- From time to time, we may also use your information to contact you for market research purposes.
- If requested, we may contact you by email, phone or mail.
- We may use the information to customise the website according to your interests.
- From time to time we may provide anonymised information to our customer service agencies for research purposes so that we can monitor and improve the goods and services we provide.
HOW WE PROTECT YOUR INFORMATION
We have put in place the following security measures to safeguard your personal information:
PCI DSS are a set of standards to help protect businesses and shoppers from data theft and fraud. It is mandatory for all businesses who accept card payments to comply by getting a PCI certificate. This applies to all types of card payments: online, by mail, over the phone or using card machines.
Mercat Tours recertify every year.
TLS Transport Layer Security
Transport Layer Security (TLS) is technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems (for example our website and your browser). This prevents others from reading or modifying any information transferred, including personal details.
Mercat Tours recertify every three years.
Cyber Essentials Certificate
Cyber Essentials is a Government-backed scheme that helps protect our website against a range of the most common cyber-attacks.
Mercat Tours recertify every year.
All accounts created on our website have encrypted password data, making it unreadable. Server and database access is IP address limited with tight access controls.
Firewall and anti-malware scans
A firewall reduces the ability for unauthorized data access. Mercat Tours ensures a maintained firewall to increase the security surrounding your data. Additionally, our systems constantly look to detect malware.
NOTIFICATIONS OF CHANGES
Mercat Tours are prepared to address any requests made by our customers related to their individual rights:
- Right to be forgotten: You may terminate your account with us at any time, in which case we will permanently delete your account and all data associated with it.
- Right to object: You may opt out of inclusion of your data in any way simply email email@example.com.
- Right to rectification: You may access and update your account settings at any. You may also contact us at any time to access, correct, amend or delete information that we hold about you.
- Right of access: This policy describes what data we collect and how we use it. If you have specific questions about data, you can contact us for further information at any time.
- Right of portability: We will export your data to a third party at any time upon your request.
This website contains links to other sites. Please be aware that Mercat Tours are not responsible for the privacy practices of any other sites. This privacy statement applies solely to information collected by this website.
HOW TO CONTACT US
If you would like to contact us with any queries or comments: firstname.lastname@example.org
Mercat Tours, 28 Blair Street, Edinburgh EH1 1QR
Updated 23 May 2018