Privacy Policy

Scotland – A Path Less Known Tours
Effective Date: 29/08/2025
Version: 1.1

1. Who We Are

A Path Less Known Tours (“we”, “our”, “us”) provides guided tours across Scotland. We are committed to safeguarding your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:
Jamie Robertson
Email: info@apathlessknown.com
Website: https://apathlessknown.com

For any data protection enquiries, please contact Jamie Robertson, Data Protection Lead, at the email address above.

2. What Data We Collect

We may collect and process the following types of personal data:

Identity data: name, date of birth, nationality.
Contact data: email address, phone number, billing address.
Booking details: tour selection, dietary requirements, accessibility needs.
Payment information: processed securely via Checkfront and third-party payment providers (e.g., Stripe, PayPal); we do not store full card details.
Health information (optional): relevant details to ensure your safety (e.g., allergies, mobility issues).
Technical data: IP address, browser type, device information, and site usage data (via cookies and analytics tools).

We only collect data that is relevant, limited, and necessary for the purposes described below.

3. How We Use Your Data

We process your personal data to:

Manage, confirm, and administer your tour booking.
Communicate with you before, during, and after your tour.
Handle payments, invoicing, and accounting.
Ensure your health, safety, and accessibility needs are met.
Send occasional marketing emails (only if you’ve opted in).
Improve our website, customer experience, and services.

Automated decision-making:
We do not use your data for automated decision-making or profiling that produces legal or significant effects.

4. Lawful Basis for Processing

We process your personal data under the following legal bases:

Contract: to fulfil your tour booking and provide requested services.
Legal obligation: to comply with UK tax, accounting, and record-keeping requirements.
Legitimate interest: to improve our services and maintain efficient operations (without overriding your privacy rights).
Consent: for optional marketing communications and when collecting special category data (e.g., health information).

Health data:
We only process health information with your explicit consent, or where necessary to protect your vital interests during your tour (e.g., in an emergency).

5. Data Sharing

We only share your personal data when necessary for the operation of our services, for example with:

Payment providers (e.g., Stripe, PayPal).
Accommodation or transport partners required for your tour.
Professional service providers (e.g., accountants, insurers, IT support).

All third parties are required to process your data securely and only according to our instructions.
We never sell or rent your personal data.

6. International Data Transfers

Some of our trusted third-party service providers (such as email or cloud storage providers) may store data outside the UK.

Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

Adequacy regulations (countries approved by the UK government), or
UK Standard Contractual Clauses (SCCs) that ensure equivalent protection of your data.

You can contact us for details of specific safeguards used.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above or to comply with legal requirements:

Booking and payment records: 7 years (legal requirement).
Marketing data: until you unsubscribe or withdraw consent.
Health information: securely deleted immediately after your tour.
Website analytics: retained in anonymised form where possible.

After these periods, your data will be securely deleted or anonymised.

8. Your Rights (UK GDPR)

You have the right to:

Access your personal data (Subject Access Request).
Rectify inaccurate or incomplete data.
Request erasure (“right to be forgotten”).
Restrict or object to certain processing.
Data portability (receive your data in a structured, machine-readable format).
Withdraw consent for marketing or health data processing at any time.

We aim to respond to all valid requests within one month, as required by law.

To exercise your rights, email: info@apathlessknown.com

9. Cookies & Analytics

Our website uses cookies to enhance your browsing experience and collect anonymous analytics data.

Essential cookies: enable site functionality and cannot be disabled.
Analytics cookies: help us understand site use (e.g., Google Analytics) and improve performance.
Marketing cookies: used only if you consent, to measure the effectiveness of advertising.

Non-essential cookies will only load after you give consent through our cookie banner. You can manage or withdraw consent at any time via your browser or our cookie settings.

For full details, please see our Cookie Policy.

10. Data Security

We use appropriate technical and organisational measures to protect your personal data, including:

Encrypted connections (HTTPS).
Secure cloud storage and access controls.
Regular software updates and backups.
Restricted access to authorised personnel only.

We review our security practices regularly and ensure that all third-party processors meet equivalent standards of security and confidentiality.

11. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk/

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our business practices. The latest version will always be available on our website and identified by its effective date and version number.

Last Updated: 29/08/2025
Version: 1.1