Red Kite Cottage holds personal data relating to clients/customers/service users/ suppliers and other individuals for different business purposes.
The aim of this policy is to protect personal data relating to individuals.
- To outline how Red Kite Cottage will collect and use your data.
Our business purposes for the processing of personal data are:
- Correspondence purposes, with customers/clients/service users/employees/previous employees and suppliers.
- Business development and marketing Red Kite Cottage.
- Operational reasons, including recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information.
- Guest/Visitor hospitality planning and management
- Customer service, investigating complaints and improving services and standards.
- Personal DataIn the EU’s General Data Protection Regulation (GDPR), Personal Data is defined as “ . . . any information relating to an identified or identifiable natural person (“data subject”).An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identify of that person.
Personal data is information relating to identifiable individuals, including job applicants, employees and former employees, agency workers, volunteers, consultants, contractors, clients, suppliers and marketing contacts.
This personal data may include an individual’s contact details, educational background, financial and pay details, certificates and diplomas, education and skills, marital status, nationality, job title and CV.
Sensitive Personal Data
Information relating to an individual’s racial or ethnic origin, political opinions, religion and beliefs, trade union membership, physical or mental health, criminal records history must be strictly protected and controlled in accordance with this policy.
Where exceptional circumstances apply, or we are required to hold this data by law, explicit consent will be clearly sought with an explanation on why the information is being collected and to whom it will be disclosed.
- Procedures and Principles
- Personal data must be processed fairly and lawfully and for no longer than is necessary.
- The processing of data must necessary to deliver the goods and services which we provide.
- We must not unduly prejudice an individual’s privacy.
- Our Terms of Business contain a Privacy Notice on data protection which provides the purposes for which we hold personal data on customers/service users.Our Terms of Business also explain what information we share with third parties and why (this includes, expert witnesses, professional advisers, service providers, regulatory bodies) Customers are informed that they have a right of access to the personal data that we hold about them.
- New employees receive an Employee Privacy Notice on induction which explains what personal data we hold and why and also that they have a right of access to the personal data that we hold about them.
- We will ensure that any personal data remains accurate and relevant and only used for the purpose or purposes, for which it was obtained.
- Personal data must not be transferred anywhere outside the UK without the express permission of the Data Protection Officer.
- All personnel, contractors, volunteers and work experience placements are required to report any actual or potential breaches in data protection and privacy to the Data Protection Officer so that an investigation and preventative action can be undertaken.
- A failure to comply with this policy will be investigated and may be subject to disciplinary action.
- Red Kite Cottage may wish to contact customers/clients/service users for marketing purposes, however contact will only be made where additional consent for the purpose of marketing products/services has been given by the intended recipient.
- Software and equipment meet information security standards by scanning hardware and software regularly and the provision of secure cloud based storage.
- The organisation’s IT systems have been set up to ensure data is protected from loss or misuse by design and default.
- Servers containing personal data are kept in a secure location, away from general office space and are regularly backed up in accordance with Company/the organisation’s back up procedures.
- Servers and networks are protected by security software designed for business and a protective firewal
We may need to share your data with third parties contracted by Red Kite Cottage.
Red Kite Cottage only engages with third parties to take your booking request who are contractually obliged to store your details securely and only process them if responding to a request by you to:
- Take your booking via a third booking agent;
- On completion of the request, third parties will dispose of your personal data securely in accordance with our terms and conditions of engagement with them.
- We only pass on personal data to a third party where we have your explicit consent, or where we are legally required to do so.
If you wish to see the personal data that we hold on you and know how we process it and for what purpose, you may contact our Data Protection Officer and request this. The Request is known as a Data Subject Access Request (DSAR) and you must make your request in writing.
In order to meet your request insert organisation name will require proof of identity. You may provide a photo driving licence/passport and a utility bill dated within the last three months.
Barbara Clarke E-mail firstname.lastname@example.org
Address Tel. 01970 890221
Nant Yr Arian Farm
To make using our website easier, small data files are placed on your computer. These are known as Cookies. Most commercial websites do this too.
Cookies improve such things as:
- Remembering settings, so that you do not have to keep re-entering them whenever you visit a new page.
- Remembering personal information that you have provided, such as your address and postcode to save you from re-typing the data.
- Monitoring how you use the website, such as the first page you looked at, so that we can make sure that it meets your needs.
Our cookies are not used to identify you personally. They are just here to make the website work better for you. You can mange and/or delete these small files as you wish and you can opt out of Google Analytics cookies for all sites.
- First Party Cookies
There are also cookies that store basic data on your interactions with Mr Site/WordPress, the CMS running the website.
- Third Party Cookies
These are cookies set on your machine by external websites whose services are used on our website. Cookies of this type are the sharing buttons across the site that enable visitors to share content onto social network websites. Cookies are currently used by Twitter, Facebook, and Google+. If you wish, you can prevent sites setting third party cookies.
- Log Files
Log files enable us to record the use of the website. These logs are automatically generated from all our visitors. We use these files to make improvements to the layout of the website and to the information on it, based on the way that visitors move around the website. Log files do not contain any personal information.
- Links to Other Websites