Privacy Policy


Last updated: 16th July 2019

Burns Tours Dumfries
43 Barnton Road,



GDPR Compliance Policy

Burns Tours Dumfries handles personal data on an ad-hoc basis and is aware of its responsibilities in respect of complying with GDPR regulations and is fully committed to maintaining information security to protect customers, suppliers and individuals.
We understand the importance of this and have a robust system in place to ensure compliance.
We have informed and educated our employees in respect of how it impacts our business, what process we have to follow and why it is important we do so.
As a data processor we are responsible for the safe handling, transfer and destruction of personal files and have the following in place to ensure this is carried out securely:
For the purposes of clarification we have expanded on the following:



Burns Tours Dumfries is the data processor and our customer is the data controller or processor. We undertake to carry out personal data services based on our customer having either explicit consent to use this information or having agreed legitimate interest. Therefore the onus is on our customer to have this consent and the controls in place to process the information legitimately and we will not assume liability if this transpires not to be the case.


Data subject rights:

Individuals have the right (subject to conditions) to the following under GDPR –
To object to the processing of their personal data
For data portability
To request that their data is updated and corrected
For the erasure of their personal data
To restrict the processing of their personal data
To withdraw their consent to the processing of that data
To lodge a complaint with the data protection authority
We will observe all of the above and facilitate those rights in a timely,
efficient and professional manner within GDPR guidelines.