Data Protection Policy
The Company needs to hold and use information about its employees, job applicants, clients/customers, prospective clients/customers, members and suppliers, in order to carry out its business. Where the information stored constitutes personal data that relates to a living individual, we are obliged to comply with the requirements of the Data Protection Act (DPA), as amended.
This Policy sets out what data will be retained and how this data will be managed.
Data Protection Principles
- Under the DPA, the Company is required to ensure that personal data is:
processed fairly and lawfully;
- processed only for specific purposes;
- adequate, relevant and not excessive;
- accurate and kept up to date;
- kept for no longer than is necessary;
- kept in accordance with your rights; and
- kept securely and not transferred outside the European Economic Area unless an adequate level of protection for your rights is in place.
In essence, this means that we aim to tell you, in writing, what information we hold about you, the legal reason we hold it, as below, from whom we have obtained it, to whom we will disclose it, where the data is being transferred to (if outside the UK), how the data is to be protected, and the retention period of the data.
Personal Data, and the legal reasons why we hold it
The following are the legal options for holding your data
You give your consent
- Processing is necessary for the implementation and performance of a contract with you
- Compliance with a legal obligation
- Processing is necessary to protect the vital interests of yourself or another Person
- The data is necessary for the performance of a task carried out in the public interest
- The data is necessary for the purposes of legitimate interests pursued by the controller (likely to be the Company holding the data) or a third party (could be someone acting on the Company’s behalf).
Much of the personal or sensitive personal data stored by an organisation will relate to employment.
In terms of employment, these are the reasons why we keep and process data
- considering your suitability for employment;
- administration of the payroll;
- provision of employee benefits and equipment;
- compliance with legal requirements;
- performance monitoring;
- absence management;
- in connection with disciplinary matters;
- to establish your training and/or development requirements;
- to establish a contact point in an emergency.
Sensitive Personal Data
In addition, the Company may hold, use and otherwise process sensitive personal data. Sensitive personal data is, according to the DPA, personal data which consists of the following
- your racial or ethnic origin;
- your political opinions;
- your religious or similar beliefs;
- your membership or otherwise of a trade union;
- your physical or mental health or condition;
- your sexual life;
- your commission or alleged commission of any offence; or
- proceedings relating to such an offence.
We envisage processing sensitive personal data in the following circumstances
- information relating to your physical or mental health or condition, for health monitoring purposes, assessing your suitability for work and for equal opportunities monitoring;
- information relating to your racial or ethnic origin where relevant to any application for a work permit and for equal opportunities monitoring;
- information relating to your membership or otherwise of a trade union for the purpose of undertaking consultations with employees where we are required to by law;
- information relating to your commission or alleged commission of any offence and proceedings relating to such an offence where appropriate for determining your suitability for employment initially and on an ongoing basis.
A high level of security will be in place for this type of data and limited access will apply.
Obligations relating to your Personal Data
Personal data and sensitive personal data will be held, both manually and on computer. Such data shall only be kept for as long as necessary, in accordance with legislation and the Company’s Data Retention Policy.
In order to enable us to comply with the obligation to keep data up to date, you are required to immediately notify the Company of any changes to your personal details including, without limitation, any changes to your name, address, emergency contacts (employees only) and bank details.
Obligations relating to the Personal Data of Others
The Company will not make use of, divulge, or communicate to any person, any personal data or sensitive personal data relating to any third parties, including without limitation the following
- applicants for employment (successful and unsuccessful);
- employees and former employees
- other individuals who are doing work or have done work for the Company
Breach of this requirement will be treated very seriously and, where appropriate, disciplinary action will be taken against the relevant employees. You should also be aware that, in certain circumstances, someone making an unauthorised disclosure of personal data, could be committing a criminal offence.
The Company will carry out a Data Protection Impact Assessment when implementing new technology or dealing with processing involving high risk for individuals.
Data Subject Rights
The DPA gives employees certain rights in connection with personal and sensitive personal data which relates to them.
These are your rights in relation to your personal data
- to be informed of what data we hold, why we hold it and where it came from.
This will be explained at the point of requesting the information.
- to make a subject access request and (subject to certain legal exemptions) to receive copies of your personal data which we hold. If you wish to exercise this right, you must make a request in writing to a senior member of staff. There will normally be no charge for providing the information you have requested, and it will normally be provided within one month from the date of request.
- to have any inaccurate data corrected or erased.
- to restrict processing.
- data portability.
- to object to the data being held and processed. This may, however, not result in us withdrawing our holding and processing of the data.
- to withdraw consent under certain circumstances.
- Other rights in relation to automated decision making and profiling.
- to lodge a complaint with a supervisory authority.
Where the Company decides to use an external data processor, this will be detailed in the written contract. This will ensure that both sides understand their responsibilities.
Data relating to children may require the parents’ consent.
The Company is obliged to report data breaches within 72 hours. Disciplinary action will be taken against you should you not report a breach immediately you are aware one has occurred.
The Company is committed to processing personal information about its customers and partners in ways that comply with its legal and regulatory obligations, and to being clear with customers and partners about what it does with their personal information.
This Policy explains how we use any personal information we may collect about you when you use our websites; or when you use or are a recipient of our services.
Personal information that the Company may collect about you.
The Company may collect personal information which we receive when:
• you use our website
• you use our services
• you contact us
We may collect the following types of information:
• your name, address, email address, telephone number(s) and other contact details
• information required to provide you with a service, and details of our services that you have used
• your company’s name, your position in the company; the company’s address, company’s email address and telephone number
• your payment information such as credit or debit card details, if relevant
• information collected through your use of the Company website. Please see the Cookies Policy below for more information
• details of any enquiry or complaint you make to the Company
Why the Company collects personal information
The Company collects your personal information to:
• provide you with products and services that you may request from us or selected third parties
• enhance or improve customers’ experience of our products and services and our website
• improve and develop its services
• protect security e.g. to check your identity when you use our services, if relevant
• meet its legal and regulatory obligations.
If you call any of our telephone numbers, we may record your call. These recordings are used for training and quality control, to ensure that we continuously monitor and improve our customer service standards.
How the Company collects personal information
The Company collects personal information:
• directly from customers: e.g. when a customer signs up to receive our services or registers on a Company website,
• from third parties e.g. when we acquire third party marketing lists or information from the electoral roll; get authorisation for a payment you make, or when undertaking an identity check, if relevant.
• when products or services are provided together with a business partner and the information is collected by the business partner in order for the Company to provide you with the product or service, if relevant.
Who sees the information which the Company holds?
Customers’ personal information may be provided to selected third parties:
• where customers have indicated they wish to receive information about products, services or promotions that may be of interest to them.
• where services are provided together with a business partner and it is necessary to disclose the information to them in order to provide the services
• for the prevention of fraud against the Company, third parties and customers
• for the purposes of identity verification
• to prevent money laundering
• where products and services are provided to third parties by the Company e.g. for the purposes of identity verification and fraud prevention, and it is necessary to disclose information to them in order to provide the service.
Other third parties (including the police, law enforcement agencies, credit reference and fraud prevention agencies and other bodies) to protect our or another person’s rights, property, or safety e.g.
• to exchange information to protect against fraud and to reduce payment risks, if relevant
• in connection with the prevention and detection of crime.
Transfer of personal information outside of the UK
The Company may need to transfer personal information about customers to third parties located outside the UK. If we do, we will ensure that information is protected to a level which meets the requirements of UK law.
Keeping personal information secure
The Company is committed to keeping customers’ and partners’ personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
How long we keep personal information
The Company will only retain customers’ personal information for as long as it needs it to carry out a particular purpose or meet a particular obligation.
Keeping personal information accurate
The Company will ensure that personal information is kept accurate and up to date as far as is reasonably possible. However, the Company relies on customers and partners to ensure that some of the information it holds about them is accurate and up-to-date. We encourage customers and partners to inform the Company of any changes to their information.
We have installed CCTV systems in some locations used by staff, residents and members of the public, for the purposes of public and staff safety, crime prevention and detection and business-related functions. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme.
We will only disclose CCTV images to others who intend to use the images for the above described purposes. CCTV images will not be released to the media for entertainment purposes or placed on the internet. Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images (please see ‘Your Rights’ of how to access CCTV images).
Access to personal information
The Company provides customers and partners with access to their personal information and the opportunity to amend and update their details or preferences (including consent to receive marketing communications) in order to keep the information up-to-date and accurate.
You can request details of personal information the Company holds about you, including on our websites’ databases, by contacting us.
Requests must be made in writing. Proof of identification is required in order to protect your information. We also require sufficient details to be able locate your information. For example, dates and details of the website, products or services that you have used. An optional application form may be provided to assist us in locating the information you require.
A customer may request the Company to provide them with information about products and services which may be of interest to them. We will not provide information that does not meet your requirements.
We will make it easy for you to opt out of any information requests if you no longer wish to receive them.
Cookies are text files placed on your computer when you use a website. If you would like details of the Cookies used by the Company website, please request this from us.
How to contact us
Customers with queries or complaints relating to products or services provided by the Company can contact the Company in writing, at the address below:
For requests, complaints or queries relating to the use of your personal information please write to
Waungadog Farm Caravan & Camping
Tel: 01554 890244