Privacy Policy

Last updated: July 05, 2024

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights under Applicable Data Protection Laws.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Collecting Your Personal Data

Types of Personal Data Collected

While using Our Service, We may collect, use, store and transfer different kinds of personal data that can be used to contact or identify You which may include, but is not limited to:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit) and includes the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How your personal data is collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
- Our Vendors and service providers who may collect information on our behalf, such as:

Companies who support our Site and Services, such as Shopify.
Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfil your orders and provide you with products or services you have requested, in order to perform our contract with you.
When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Technical Data from the following parties:
1. analytics providers;
2. advertising networks; and
3. search information providers:

Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
Identity and Contact Data from data brokers or aggregators.

Tracking Technologies and Cookies

Like many websites, we use Cookies on our Site. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy

Use of Your Personal Data

We will only use your personal data when the law allows Us to. The Company will most commonly use Your Personal Data for the following purposes:

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest	Third Party (Y/N) (if yes, then provide details).
To provide and maintain our Service	(a) Identity (b) Contact (c) Technical (d) Usage	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation	Elastic Creative has access to view personal data of members and website form submissions but does not use this data for any purposes. Google Analytics, any data is only used for visitor statistical analysis.
To manage Your Account	(a) Identity (b) Contact (c) Technical	Performance of a contract with you	Elastic Creative has access to personal data of members but solely for the purpose of maintaining user account logins to the members only area of the website.
For the performance of a contract	(a) Identity (b) Contact (c) Technical (d) Financial	Performance of a contract with You	n/a
To contact You	(a) Identity (b) Contact	Performance of a contract with You	Elastic Creative has access to view personal data of members and website form submissions but does not use this data for any purposes.
To manage Your requests	(a) Identity (b) Contact (c) Technical (d) Financial (e) Marketing and Communications	Performance of a contract with You	Elastic Creative has access to view personal data of members and website form submissions but does not use this data for any purposes.
To deliver targeted advertising to You	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)	Facebook Pixel – data is used for targeted advertising
For business transfers	(a) Profile (b) Usage (c) Marketing and Communications (d) Technical	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)	n/a
For other purposes	(a) Profile (b) Usage (c) Marketing and Communications (d) Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)	n/a

We may share Your personal information in the following situations:

With Service Providers: We may share Your personal information with Service Providers, including Shopify to perform services on Our behalf, to monitor and analyse the use of Our Service, to advertise on third party websites to You after You visited our Service, to contact You.
For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Our third party service providers, including Shopify, may also process Your personal information for their own purposes or hold Your personal data in accordance with their own Privacy Policy. For specific information about the Shopify privacy policy, see https://www.shopify.com/legal/privacy.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right to:

Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests.

You have the right to complain, in these instances we would like the opportunity to try and rectify the issues

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

We will share personal data with external authorities when We are required, requested or permitted to do so by law, regulation, court order, or supervisory, regulatory or similar authority.

We will provide personal data to Our third parties. Where We engage with a third-party to process personal data on Our behalf, We will undertake due diligence, monitoring and assurance activities to ensure that the personal data is appropriately protected, and contractual clauses will be agreed between the parties to ensure that data protection and confidentiality is maintained.

Disclosure of Your Personal Data

We may share your personal data with the parties set out below for the purposes set out in the table above.

Security of Your Personal Data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Links to Other Websites

Our Service may contain links to other websites, plug-ins and applications that are not operated by Us. If You click on a third party link or enabling those connections, You will be directed to that third party's site and may allow third parties to collect or share data about you. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights or wish to make a complaint then please contact us in the following ways:

Full name of legal entity: Skibo Limited
Email: membership@carnegieclub.co.uk
Postal address: The Carnegie Club, Skibo Castle, Dornoch, IV25 3RQ
Telephone number: 01862 894600

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.
Applicable Laws means the laws of Scotland, England and Wales and the European Union and any other laws or regulations, regulatory policies, guidelines or industry codes which apply to the provision of the Services.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Skibo Limited.

For the purpose of the GDPR, the Company is the Data Controller.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: United Kingdom.
Data Controller, for the purposes of the UK General Data Protection Regulation (GDPR), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the Service such as a computer, a mobile telephone or a digital tablet.
Facebook Fan Page is a public profile named The Carnegie Club at Skibo Castle specifically created by the Company on the Facebook social network, accessible from https://www.facebook.com/TheCarnegieClub.SkiboCastle
Personal Data is any information that relates to an identified or identifiable individual.
For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
It does not include data where the identity has been removed (anonymous data).

Service refers to the Website and online shop, powered by Shopify.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
Website refers to The Carnegie Club, accessible from https://www.carnegieclub.co.uk/
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.