- In line with the Data Protection Act 1998 principles, North Hayne Farm Cottages will ensure that personal data will:
- Be obtained fairly and lawfully and shall not be processed unless certain conditions are met
- Be obtained for a specific and lawful purpose
- Be adequate, relevant but not excessive
- Be accurate and kept up to date
- Not be held longer than necessary
- Be processed in accordance with the rights of data subjects
- Be subject to appropriate security measures
- Not to be transferred outside the European Economic Area (EEA)
- The definition of ‘Processing’ is: obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer.
- The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. North Hayne Farm will seek to abide by this code in relation to all the personal data it processes, i.e.
- Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data
- Visibility: Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data
- Consent: The collection and use of personal data must be fair and lawful and in accordance with the DPA’s eight data protection principles. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained
- Access: Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data
- Stewardship: Those collecting personal data have a duty of care to protect this data throughout the data life span
Type of information processed
- North Hayne Farm Cottages processes the following personal information from it's customers:
- Data is held relating to contact information and age, no specific request is made for gender or date of birth
- Information is used only by ourselves for the express purpose of sending booking information to the customer
- Information is never sold to 3rd Parties
- Personal information relating to customers is held on paper and occasionally email
- Email addresses are held so as to contact our customers with specific details of their booking
- Groups of people within the organisation who will process personal information are: Employed staff only
Gathering and checking information
- Before personal information is collected, we will consider: it's relevants, lawfulness, accuracy
- We will inform people whose information is gathered about the following:
- Any desire to sell their information to third parties, their rights to check information we hold about them
- We will take the following measures to ensure that personal information kept is accurate:
- Make it clear that we must be notified of changes of address
- Personal sensitive information will not be used apart from the exact purpose for which permission was given
- North Hayne Farm will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure
- The following measures will be taken:
- 5 lever locks to all external doors
- information kept out of sight
- Strong firewall defence
- Upto date anti virus software
- Strong passwords
- Any unauthorised disclosure of personal data to a third party by an employee will result in fine/sack
Subject Access Requests
- Anyone whose personal information we process has the right to know:
- What information we hold and process on them
- How to gain access to this information
- How to keep it up to date
- What we are doing to comply with the Act
- They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong
- Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files
- Any person wishing to exercise this right should apply in writing to Roger Dixon
- The following information will be required before access is granted:
- Reasonable proof of identity
- Queries about handling personal information will be dealt with swiftly and politely
- We will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided well within the 40 days required by the Act from receiving the written request
This policy will be reviewed at intervals of 1 year to ensure it remains up to date and compliant with the law.
Accessing our Website
No personal information is collected as a result of using our website. Our hosting service collects non identifiable information relating to your type of operating system, browser used and country of origin. This information is standard throughout the internet industry and can never be used to identify an individual.
As already stated above we never obtain information without your permission and never resell any such information.
All photos published on the website of family members only takes place with the permission of parents/guardians. A photo will never be used if the person can be identified through a visible name tag.
We will immediately remove any photo (even if permission was previously given) upon request by the parent/guardian.
Photos are published for the express enjoyment of the families that visit North Hayne Farm. We are happy to forward on high quality photos by email or Dropbox to the family concerned when asked.