Privacy Policy

The Welsh Government and New Vision Group Ltd (NVG) are joint data controllers for the purpose of compliance with the General Data Protection Regulation (GDPR). NVG operate the Wales Tourism Product Database (WTPD) on behalf of Visit Wales and the Guestlink Database on behalf of organisations promoting tourism and local businesses. The processing of your data is part of the Welsh Government’s public task to promote Wales through the website VisitWales.com / CroesoCymru.com. The lawful basis for processing your data by NVG is ‘Legitimate Interests’ or ‘Contract’. This privacy policy relates to data collected through the Website ProductListing.Wales. Your data is also subject to the Visit Wales privacy policy.

If you do not wish to be part of WTPD or Guestlink Database or wish to see the data we hold about your business, please contact the Visit Wales Data Steward on vw-steward@nvg.net.

1. INFORMATION WE MAY COLLECT FROM YOU

1.1 We may collect and process the following data about you and your business:

a) Information that you provide by filling in forms on our Website or provided to you by the Visit Wales Data Steward. This includes information provided at the time of registering to use the Website, subscribing to our service and any additional, posting material, contributions or requesting further services. We may also ask you for information when you enter a competition or promotion sponsored by us and when you report a problem with our Website.

b) If you contact us, we will keep a record of that correspondence for 30 months.

c) We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

d) Details of transactions you carry out through our Website.

e) Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.

2. IP ADDRESSES AND COOKIES

2.1 We may collect information about your device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

2.2 For the same reason, we may obtain information about your usage of the Website by using a cookie which is stored on the hard drive of your device. Cookies are used to make our Website work and to deliver a better and more personalised service. They enable us:

a) To estimate our audience size and usage pattern.

b) To store information about your preferences, and so allow us to customise our Website according to your individual interests and preferences.

c) To speed up your searches.

d) To recognise you when you return to our Website.

2.3 The cookies used on our Website are:

a) ASP.NET_SessionId - This cookie is essential for the operation and navigation of the website. The cookie is deleted when you close your browser.

b) ASPSESSIONIDSXXXXXXA - This cookie is used to report website 404 errors to our website host. This cookie is deleted when you close your browser.

c) _utma, _utmb, _utmc, _utmz - These cookies are used by Google Analytics to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

2.4 Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

2.5 This privacy policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit. Please read the ICO's reciprocal linking policy for more information.

2.6 We may embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your device once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. To find out more please visit YouTube’s embedding videos information page.

3. WHERE WE STORE YOUR DATA

3.1 Your data is stored in the WTPD and Guestlink databases. As our servers are located in the United Kingdom, the data that we collect from you is obtained, processed, stored and transmitted in compliance with data protection legislation. By submitting your data, you agree to this storage and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

3.2 All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

3.3 The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.

4. USES MADE OF THE INFORMATION

4.1 We use information held about you and your business in the following ways:

a) To ensure that content from our Website is presented in the most effective manner for you and for your device.

b) To provide your business with information, products or services that we feel may be of interest. Please note that if you do not have any contracts in place you can ask that we do not communicate with you. Contact vw-steward@nvg.net.

c) To carry out our obligations arising from any contracts entered into through our Website.

d) To allow you to participate in interactive features of our service when you choose to do so.

e) To notify you about changes to our service.

f) To facilitate the publication of your business details on VisitWales.com / CroesoCymru.com and tourism organisation websites using the Guestlink database.

4.2 We store accommodation, venue and other business details in our databases to facilitate publishing them on this website. Our legal basis for this processing is that it is necessary for the purpose of the legitimate interests pursued by the controller. Business details are, by their nature, already in the public domain and we are using them in a way the businesses would reasonably expect and could benefit from.

4.3 Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

5. DISCLOSURE OF YOUR INFORMATION

5.1 We may disclose your data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.

5.2 We may disclose your data to third parties:

a) In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

b) If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.

c) If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, confidential information or safety of our Website, customers, affiliates or others and in particular if we are required to prevent any fraud or fraudulent transactions. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6. YOUR RIGHTS

6.1 Your rights include asking us to not to process your data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at vw-steward@nvg.net.

6.2 If you are not satisfied with our response you may contact the UK supervisory authority, the Information Commissioner’s Office, https://ico.org.uk to report your concern.

7. ACCESS TO INFORMATION

7.1 A reasonable Subject Access Request (SAR) can be made without a fee being charged. It will be carried out within one month. As part of a SAR, you may request that your data is corrected or deleted.

8. RETENTION POLICY

8.1 If you cease to be published to VisitWales.com / CroesoCymru.com, data in WTPD will be deleted after 6 months. If you cease to be published to any website and have no contracts with Guestlink, your data will be deleted after 30 months.

9. CHANGES TO OUR PRIVACY POLICY

9.1 Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

10. CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to vw-steward@nvg.net.