Privacy Policy

1. Definition of Data Processing

Data processing can include:

2. Definition of Personal Identification Information

In the context of GDPR, personal data is any information that relates to you and/or that can be used to uniquely identify you either directly or indirectly.

3. Definition of Data Controller

If you decide, why and how personal data is processed then you are a data controller. If you determine the purposes and means of processing personal data then you are a data controller. Any individual or business entity (corporation, partnership, limited liability company) can be a data controller.

4. Definition of Data Processor

If you process personal data on behalf of a controller then you are a data processor. Any individual or business entity (corporation, partnership, limited liability company, sole proprietor) can be a data processor.

What that means, under GDPR, all consultants, agencies and freelancers are most likely a data processor, as they process personal data, on behalf of their clients,

5. Definition of Data Subjects

In the context of GDPR, a data subject is the person, whom personal data is about. A data subject can be any person within the border of EU at the time of processing of their personal data. All though Data subjects are primarily EU citizens, but you don’t have to be an EU citizen to be considered a data subject.

6. Definition of Consent

GDPR expects that you ask for ‘explicit consent’ from ‘data subjects’ instead of ‘implicit consent’ wherever possible. Explicit consent needs to be very clear, concise and specific statement.

7. Does GDPR affect you?

YES. Because you have a website, or landing pages, with Analytics, AdWords, enquiry forms, cookies, an email marketing list, etc.

8. Services & GDPR

The table below provides GDPR-related comments for services that your website or landing pages might use. You might use others that aren’t covered here.

Service Comments
Google Analytics & equivalent analytics services Personal identifiable information might be stored in session IDs (e.g. an e-commerce transaction ID), a query parameter (e.g. an email address), an event dimension, or other parameters and dimensions.

New! Data retention control settings in Analytics. This sets how long Google will keep your data on its server. It won’t affect aggregated data. Available now, active from May 25th 2018. Default: 26 months. This appears to mean that older data will be automatically deleted on the 25th unless you/we change the setting.

New! User deletion tool in Analytics. This tool will allow us to delete common ID information in Analytics.
In addition, Analytics also provides other relevant settings and tools, such as customised cookies, data sharing controls, privacy settings, IP anonymisation, and data deletion.
They can also request that their data is deleted – this includes data that Google holds in Analytics.
Google will be providing a self-deletion tool that will need to be hooked up to your website once it’s available.

Google AdWords Personally, identifiable information can be associated with conversion tracking and remarketing in AdWords.

The cookie policy and pop-up consent must be used (see below).

Google Tag Manager GTM does not store any personally identifiable information. Currently this seems to be GDPR compliant.
Remarketing pixels (Google, Facebook, etc.) Explicit user consent is required for remarketing. This means a cookie permissions pop-up is required (see below).
Heatmap services (HotJar etc.) IP anonymisation or explicit consent is required.
Email Marketing These services usually include email address collection and storage.

You may not do email marketing to people without appropriate consent. You must ensure that consent is explicitly given for the purpose that you use personal data (includes an email address).

You may need to re-ask for marketing consent if your email list was created with lead magnets and consent was not separately and explicitly given for marketing.

All marketing emails must have an unsubscribe opt-out facility.

Website/landing page widgets / integrations Many third-party plugins, social media sharing tools, comment/chat tools, and video players have embedded tracking.

You will need consent if you have such things on your website/landing
pages.

Hosting IP addresses are stored in server logs and they are stored in Analytics. This can be turned off.

SSL based connections are recommended.

Cookie policy All websites need a cookie policy. This can be a component of the privacy policy.
Cookie permission pop-up All websites need a GDPR compliant cookie permission pop-up.
Privacy policy All websites need a GDPR compliant privacy policy.

9. Acquiring Consent

You need to inform your prospects of the kinds of data you’re collecting, what you’re doing with it, who else will see it, and how long would you retain it.

In the simplest terms possible, compliance with the GDPR means you must switch from an “opt-out” approach to an “opt-in” approach.

10. GDPR Compliant Privacy Policy

You must clearly answer the following questions in detail and should make those easily accessible (linked to from your request from consent, even):

Title Remarks
Who is your data controller? This is probably your business. In the event another party is charged with making decisions regarding the data you collect, they must be identified.
What decisions do you make with data collected? If you make automated decisions with personal data collected — e.g. using for adverting purposes, promotional activities etc.
What are you collecting? Outline everything you’re going to use that data to accomplish. For our purposes, this will include ad personalization.
How long will the data be stored? Outlines how long would data be retained on the client side etc.
Is the data it mandatory for your service to function? Can someone use your service without providing you access to personal data?
How will the lack of personalization impact their experience?
Do you transfer data to third party? If so, for what purposes and what protections are in place?
Who else has access to it? Do you share collected data with other parties? If so, which data and for what purposes?
How to ask us to delete your data Inductions on how to remove user level data when requested

11. Let us help!

If you use a website developed by Antyra Solutions (Private) Limited or our Internet Booking Engine, we recommend the below amendments and declarations to your privacy policy and website.

Simply fill the below template with the areas marked in <yellow> and the approval status. Antyra will update your privacy policy and implement a cookie notice. Areas marked in <blue> are to be filled by Antyra. Please note as GDPR compliance specifics maybe influenced by industry / business usage, please review carefully and notify us in writing of specific changes / additions you may desire. The below guide is merely a reference and an attempt to make implementation easier. Please note, review of the final policy and sign-off is the responsibility of the company owning the website / booking engine deployment instance.

Important Note: We do not provide legal consultancy nor take responsibility for GDPR compliance, as GDPR extends beyond the website. How information is stored and used in your internal systems, the purposes for which you use them for and similar all relate to your compliance status. We strongly advise the below recommended changes are vetted by your legal department and your total compliance of GDPR to be assessed independently.

11.1 Website

IDENTITY OF THE HANDLER

www.eigerholdings.com is published by EIGER HOLDINGS (PRIVATE) LTD. PV-106152.

Website hosting is provided by Antyra Solutions Pvt Ltd , PV 103313 Access to the Website and use of its content takes place within the framework of the terms of use described below.

Browsing the Website constitutes unconditional acceptance by the Internet user of the following provisions.

NATURE OF PERSONAL DATA

Personal data refers to any personal information you may provide to Eiger Holdings (Private) Ltd, which allows us – directly or indirectly – to identify you as an individual.

EIGER`S COMMITMENTS FOR THE PROTECTION OF PERSONAL

DATA

Transparency and purpose: No personal information will be collected without your knowledge. Prior indication will be made of the optional or compulsory nature of information communicated to AQUA Forte, via the Website. We will collect and process your personal data only for the purposes described in this Policy and inform you of the recipients of the data.

Proportionality and relevance: We only collect and process the personal data necessary for the proper processing of your application or customization of the services proposed to you.

Necessity: We will retain your personal data only for the period required to process it.

Security and Confidentiality: We commit to taking the necessary measures to ensure the confidentiality of the data and prevent its disclosure to unauthorized third parties. In the event of a transfer of data to authorized third parties, we will take appropriate measures to guarantee the security of the transfer.

WHAT PERSONAL DATA IS COLLECTED?

Transparency and purpose: No personal information will be collected without your knowledge. Prior indication will be made of the optional or compulsory nature of information communicated to EIGER, via the Website. We will collect and process your personal data only for the purposes described in this Policy and inform you of the recipients of the data.

You will be informed of the compulsory or optional nature of the information requested during the collection process through the use of an asterisk. The requested information marked with an asterisk is required in order to process your requests. The other information is designed to enable us to get to know you better, for us to improve the services offered to you. It is, therefore, optional.

In particular, we collect and process your name, address, mailing address, billing address, email address, password, phone number, IP address, connection data and navigation data. Some data is collected automatically as a result of your actions on the Website.

In addition, we collect other personal information in certain cases, such as;

Surveys & Net Promoter scores: We may request demographic data or other personal information in customer surveys.

Social Media: If you choose to participate in EIGER’s social media activities or offerings, we may collect certain information from your social media account consistent with your settings within the social media service, such as location, check-ins, activities, interests, photos, status updates and friend list. We may also allow you to enter into contests to provide photos, such as of your stay with us, which you may share with your connections on social media for votes, shared offers or other promotions.

Employment Applications: If you choose to apply online for employment with EIGER we ensure EIGER is committed to the responsible management, use and protection of personal information. Where local laws impose greater obligations or restrictions on the use of personal information, or require additional information to be provided to you, the data collected will be supplemented by local policies or procedures that are specific to a particular region, country or entity.

We do not knowingly collect sensitive information, such as information concerning your race or ethnicity, political opinions, religious or philosophical beliefs, trade union memberships, health or sexual orientation.

WHEN IS YOUR PERSONAL DATA COLLECTED?

Your personal data may be collected in various ways, including when:

WHAT ARE THE PURPOSES?

SHARING YOUR PERSONAL DATA

Your personal data collected by EIGER HOLDINGS, is not passed to a third party without your prior consent.

SENSITIVE TRANSACTIONS

Sensitive transactions (bank details, etc.) are transmitted securely through encryption and authentication algorithms. These secure transactions can be identified by the presence of a closed padlock in most browsers.

DATA RETENTION

We will retain your personal data for as long as we deem it necessary to enable you to use our services, to provide our services to you (including maintaining the online user account (if created)), to comply with applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities. All personal data we retain will be subject to this Privacy Statement. If you have a question about a specific retention period for certain types of personal data we process about you, please contact us via the contact details provided below.

HOW DOES EIGERHOLDINGS.COM TREAT PERSONAL DATA OF CHILDREN?

The services offered by eigerholdings.com are not directed at children under 18 years. For children younger than 18 year old, the use of any of our services is only allowed with the valid consent of a parent or a guardian. If we become aware that we process information of a child under 16 years old without the valid consent of a parent or guardian, we reserve the right to delete it.

RIGHTS OF ACCESS, RECTIFICATION, DELETION AND OPPOSITION

You have the right to access and rectify information concerning you through a written request. You may also, for legitimate reasons, oppose the processing of data concerning you.

To exercise any of these rights and obtain details of the information concerning you, simply contact:

Business address: Eiger Holdings (Private) Ltd. No. 113/3, Horahena, Rukmale, Pannipitiya 10230, Sri Lanka. Contact no.: 0094 11 711 2377

COOKIES

www.eigerholdings.com website, certain information relating to navigation on your computer terminal may be stored in files called ‘Cookies’ installed on your device, subject to the choices you have expressed regarding Cookies, which you can change at any time.

A Cookie is a small text file which is stored in a dedicated area of your computer’s hard drive when you consult an online service through your browser. It allows the sender to identify the terminal wherein it is stored, for the duration of the Cookie’s validity or registration.

Cookies from partner companies (third-party Cookies) can be placed on your computer via the pages of our website or via the content broadcast within our advertising space. This space contributes to funding the content and services we offer you. Only the issuer of a Cookie is liable to read or modify the information contained therein.

COOKIES ON OUR WEBSITE ISSUED BY EIGER HOLDINGS,

The Cookies that we issue are used for the purposes described below, during the period of validity of the Cookie in question, subject to your choices resulting from the settings of your browser software when you visit our website, which you can change at any time.

The Cookies we issue allow us to:
Adapt the presentation of our Website, spaces and advertising content to your device’s display preferences (language used, screen resolution, operating system used, etc.), as appropriate, depending on the location data sent by your device with your prior permission, as well as your personal data;

Store information about the forms completed on our Website or about products, services or information chosen via our Website; manage and secure access to restricted and personal spaces;

Establish statistics and volumes related to our Website traffic and the use of its various components (sections and content consulted) in order to enhance the value and usability of our services;

COOKIES ISSUED ON OUR WEBSITE BY THIRD PARTIES

The issue and use of Cookies by third parties are subject to these third parties’ privacy policies. We will inform you of the purpose of the Cookies of which we are aware and the means available for you to make choices regarding these Cookies.

(a) Social networks
We may include third-party IT applications on our website which allow you to share content from our website with others or to inform them of your inquiry or opinion regarding our website content. This is true, in particular, of the ‘Share’ and ‘Like’buttons from social networks such as Facebook, Twitter, etc.

The social network providing these application buttons may identify you using these buttons, even if you do not use them when you visit our website. Indeed, this type of application button can allow the social network in question to track your navigation on our website if your account on this social network is enabled on your terminal (open session) at the time you visit our website.

(b) Targeted advertising Cookies issued by third parties.

Our websites may contain cookies issued by third parties (advertising agencies, audience measurement companies, targeted advertising providers, etc.) allowing them, during the period of validity of such cookies, to:

– Collect navigation information relating to the terminals connecting to our websites;
– Determine advertising content likely to correspond to the centers of interest identified in relation to prior navigation via the terminal in question.

YOUR CHOICES CONCERNING COOKIES

Several options are available to you for managing Cookies. Any settings you modify are likely to change your Internet browsing and your conditions for accessing
certain services requiring the use of Cookies.

You can choose, at any time, to express and modify your wishes regarding Cookies, through the means described below.

The choices you are offered by your browser
You can configure your browser so that Cookies are stored on your device or, on the contrary, rejected, either systematically or depending on their issuer. You can also set your browser so that you will be offered the choice of whether to accept or reject Cookies each time a Cookie is liable to be stored on your device. For more information, see the section on ‘How to exercise your choices, depending on the browser you use’.

(a) Agreeing on Cookies
Registering a Cookie in a terminal essentially depends upon the desires of the terminal user, which can be expressed or modified at any time, free of charge, through the choices offered by the browser. If, through your browser, you accepted the registration of Cookies in your terminal, the Cookies integrated in the pages and content you view can be stored temporarily in a dedicated space on your device. They will be readable only by their issuer.

www.eigerholdings.com website site uses the following different types of cookies Your consent applies to the following domains and subdomains: www.eigerholdings.com and shop.eigerholdings.com

Name Provider Purpose Expiry Type
Google Analytics Google Records your customer journey Session HTTP Cookie
Google Tag Manager Google
Facebook Pixel Facebook 30 days
AdWords Conversion Tracking Pixel Google Adwords 30 days
Bing Conversion Tracking Pixel Bing Ads 30 days
Conversion Tracking Pixel TripAdvisor 30 days
Conversion Tracking Pixel [affiliate advertising service] 7 days
Hotjar Hotjar Session
[Live Chat] [Live Chat provider] Session
[onsite-retargeting] [onsite-retargeting provider] Session
CookieConsent WordPress Stores the users cookie consent state for the current domain HTTP Cookie

11.2 Internet Booking Engine

IDENTITY OF THE HANDLER

is published by EIGER HOLDINGS (PRIVATE) LTD., [PV106152] The booking engine is maintained and managed by EIGER HOLDINGS (PRIVATE) LTD., [PV106152]. Booking engine’s hosting is provided by [Provider Name] , [registration] {CORPORATE} and { CORPORATE} has access to the management and data.

NATURE OF PERSONAL DATA

Personal data refers to any personal information you may provide to EIGER HOLDINGS, which allows us – directly or indirectly – to identify you as an individual.

EIGER`S, COMMITMENTS’ FOR THE PROTECTION OF PERSONAL DATA

Transparency and purpose: No personal information will be collected without your knowledge. Prior indication will be made of the optional or compulsory nature of information communicated to EIGER, via the Website. We will collect and process your personal data only for the purposes described in this Policy and inform you of the recipients of the data.

Proportionality and relevance: We only collect and process the personal data necessary for the proper processing of your application or customization of the services proposed to you.

Necessity: We will retain your personal data only for the period required to process it.

Security and Confidentiality: We commit to taking the necessary measures to ensure the confidentiality of the data and prevent its disclosure to unauthorized third parties. In the event of a transfer of data to authorized third parties, we will take appropriate measures to guarantee the security of the transfer.

WHAT PERSONAL DATA IS COLLECTED?

You may be asked to provide your personal data when you visit the Website. The data collect may include but will not be limited to personal information at every touch point or guest interaction, and in conducting every aspect of our business, we may collect personal information.

You will be informed of the compulsory or optional nature of the information requested during the collection process through the use of an asterisk. The requested information marked with an asterisk is required in order to process your requests. The other information is designed to enable us to get to know you better, in order for us to improve the services offered to you. It is, therefore, optional.

In particular, we collect and process your name, address, mailing address, billing address ,email address, password, phone number, invoice details, information related to your reservation, stay or visit to a property ,IP address, connection data and navigation data. Some data is collected automatically as a result of your actions on the Website. We may ask for details on joint travellers, including their names and where required, age.

In addition, we collect other personal information in certain cases, such as; We do not knowingly collect sensitive information, such as information concerning your race or ethnicity, political opinions, religious or philosophical beliefs, trade union memberships, health or sexual orientation.

WHEN IS YOUR PERSONAL DATA COLLECTED?

Your personal data may be collected in various ways, including when:

WHAT ARE THE PURPOSES?

SHARING YOUR PERSONAL DATA

Your personal data collected by EIGER, may be passed on to subcontractors and suppliers of EIGER HOLDINGS, to which EIGER HOLDINGS has recourse in the context of managing your account, processing your orders and delivering the services offered via the Website.

SENSITIVE TRANSACTIONS

Sensitive transactions (bank details, etc.) are transmitted securely throughencryption and authentication algorithms. These secure transactions can be identified by the presence of a closed padlock in most browsers.

DATA RETENTION

We will retain your personal data for as long as we deem it necessary to enable you to use our services, to provide our services to you (including maintaining the online user account (if created)), to comply with applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.

All personal data we retain will be subject to this Privacy Statement. If you have a question about a specific retention period for certain types of personal data we process about you, please contact us via the contact details provided below.

HOW DOES EIGERHOLDINGS.COM TREAT PERSONAL DATA OF CHILDREN?

The services offered by eigerholdings.com are not directed at children under 18 years. For children younger than 18 years old, the use of any of our services is only allowed with the valid consent of a parent or a guardian. If we become aware that we process information of a child under 16 years old without the valid consent of a parent or guardian, we reserve the right to delete it.

RIGHTS OF ACCESS, RECTIFICATION, DELETION AND OPPOSITION

You have the right to access and rectify information concerning you through a written request. You may also, for legitimate reasons, oppose the processing of data concerning you.

To exercise any of these rights and obtain details of the information concerning you, simply contact:

Business address: Eiger Holdings (Private) Ltd., 113/3, Horahena, Rukmale, Pannipitiya 10230 Sri Lanka Contact no.: 0094 11 711 2377

COOKIES

www.eigerholdings.com website, certain information relating to navigation on your computer terminal may be stored in files called ‘Cookies’ installed on your device, subject to the choices you have expressed regarding Cookies, which you can change at any time.

A Cookie is a small text file which is stored in a dedicated area of your computer’s hard drive when you consult an online service through your browser. It allows the sender to identify the terminal where in it is stored, for the duration of the Cookie’s validity or registration.

Cookies from partner companies (third-party Cookies) can be placed on your computer via the pages of our website or via the content broadcast within our advertising space. This space contributes to funding the content and services we offer you. Only the issuer of a Cookie is liable to read or modify the information contained therein.

COOKIES ON OUR WEBSITE ISSUED BY [EIGER HOLDINGS],

The Cookies that we issue are used for the purposes described below, during the period of validity of the Cookie in question, subject to your choices resulting from the settings of your browser software when you visit our website, which you can change at any time.

The Cookies we issue allow us to:
Adapt the presentation of our Website, spaces and advertising content to your device’s display preferences (language used, screen resolution, operating system used, etc.), as appropriate, depending on the location data sent by your device with your prior permission, as well as your personal data;

Store information about the forms completed on our Website or about products, services or information chosen via our Website; manage and secure access to restricted and personal spaces;

Establish statistics and volumes related to our Website traffic and the use of its various components (sections and content consulted) in order to enhance the value and usability of our services;

COOKIES ISSUED ON OUR WEBSITE BY THIRD PARTIES

The issue and use of Cookies by third parties are subject to these third parties’ privacy policies. We will inform you of the purpose of the Cookies of which we are aware and the means available for you to make choices regarding these Cookies.

(a) Targeted advertising Cookies issued by third parties

Our websites may contain cookies issued by third parties (advertising agencies, audience measurement csompanies, targeted advertising providers, etc.) allowing them, during the period of validity of such cookies, to:

– Collect navigation information relating to the terminals connecting to our websites;
– Determine advertising content likely to correspond to the centers of interest identified in relation to prior navigation via the terminal in question.

YOUR CHOICES CONCERNING COOKIES

Several options are available to you for managing Cookies. Any settings you modify are likely to change your Internet browsing and your conditions for accessing certain services requiring the use of Cookies.

You can choose, at any time, to express and modify your wishes regarding Cookies, through the means described below.

The choices you are offered by your browser

You can configure your browser so that Cookies are stored on your device or, on the contrary, rejected, either systematically or depending on their issuer. You can also set your browser so that you will be offered the choice of whether to accept or reject Cookies each time a Cookie is liable to be stored on your device. For more information, see the section on ‘How to exercise your choices, depending on the browser you use’.

(a) Agreeing on Cookies Registering a Cookie in a terminal essentially depends upon the desires of the terminal user, which can be expressed or modified at any time, free of charge, through the choices offered by the browser. If, through your browser, you accepted the registration of Cookies in your terminal, the Cookies integrated in the pages and content you view can be stored temporarily in a dedicated space on your device. They will be readable only by their issuer.

(b) How to exercise your choices, depending on the browser you use The configuration of each browser, for the purpose of Cookie management and your choices, is different. This is described in the help menu of your browser, which allows you to find out how to change your requirements regarding Cookies.

www.eigerholdings.com website site uses the following different types of cookies Your consent applies to the following domains and subdomains: www.eigerholdings.com and shop.eigerholdings.com

Name Provider Purpose Expiry Type
Google Analytics Google Records your customer journey Session HTTP Cookie
Google Tag Manager Google
Facebook Pixel Facebook 30 days
AdWords Conversion Tracking Pixel Google Adwords 30 days
Bing Conversion Tracking Pixel Bing Ads 30 days
Conversion Tracking Pixel TripAdvisor 30 days
Conversion Tracking Pixel [affiliate advertising service] 7 days
Hotjar Hotjar Session
[Live Chat] [Live Chat provider] Session
[onsite-retargeting] [onsite-retargeting provider] Session
CookieConsent WordPress Stores the users cookie consent state for the current domain HTTP Cookie