Privacy

North Hayne Farm Privacy Policy

Definitions

  • In line with the Data Protection Act 1998 principles and GDPR, North Hayne Farm Cottages will ensure that personal data will:
    • Be obtained fairly and lawfully and shall not be processed unless certain conditions are met
    • Be obtained for a specific and lawful purpose
    • Be adequate, relevant but not excessive
    • Be accurate and kept up to date
    • Not be held longer than necessary
    • Be processed in accordance with the rights of data subjects
    • Be subject to appropriate security measures
    • Not to be transferred outside the European Economic Area (EEA)
  • The definition of ‘Processing’ is: obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer.
  • The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. North Hayne Farm will abide by this code in relation to all the personal data it processes, i.e.
    • Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data
    • Visibility: Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data
    • Consent: The collection and use of personal data must be fair and lawful and in accordance with the DPA’s eight data protection principles and the GDPR definition. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.  Signing of our booking form provides us with consent to hold your contact and booking details for the sole purpose of communicating with you regarding your booking
    • Access: Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data
    • Stewardship: Those collecting personal data have a duty of care to protect this data throughout the data life span

Type of information processed

  • North Hayne Farm Cottages processes the following personal information directly from it's customers using our booking form:
    • Data is held relating to contact information and age, no specific request is made for gender or date of birth
    • Information is used only by ourselves for the express purpose of sending booking information to the customer
    • Information is never sold to 3rd Parties
  • Personal information relating to customers is held on paper and occasionally email
  • Email addresses are held so as to contact our customers with specific details of their booking
  • Groups of people within the organisation who will process personal information are: Employed staff only

Gathering and checking information

  • Before personal information is collected, we will consider: it's relevants, lawfulness, accuracy, consent
  • We will inform people whose information is gathered about the following:
    • Any desire to sell their information to third parties, their rights to check information we hold about them
  • We will take the following measures to ensure that personal information kept is accurate:
    • Make it clear that we must be notified of changes of address
  • Personal sensitive information will not be used apart from the exact purpose for which permission was given i.e. enabling us to provide booking information and reminders

Data Security

  • North Hayne Farm will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure
  • The following measures will be taken:
    • 5 lever locks to all external doors
    • information kept out of sight
    • Strong firewall defence
    • Up to date antivirus software
    • Strong passwords
  • Any unauthorised disclosure of personal data to a third party by an employee will result in fine/sack, we will promptly inform any customer who has been affected by such a disclosure

Subject Access Requests

  • Anyone whose personal information we process has the right to know:
    • What information we hold and process on them
    • How to gain access to this information
    • How to keep it up to date
    • What we are doing to comply with the Act
  • They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong
  • Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files
  • Any person wishing to exercise this right should apply in writing to Roger Dixon
  • The following information will be required before access is granted:
    • Reasonable proof of identity
  • Queries about handling personal information will be dealt with swiftly and politely
  • We will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided well within the 30 days required by the Act from receiving the written request

Review

This policy will be reviewed at intervals of 1 year to ensure it remains up to date and compliant with the law.

Accessing our Website

No personal information is collected as a result of using our website. Our hosting service collects non identifiable information relating to your type of operating system, browser used and country of origin. This information is standard throughout the internet industry and can never be used to identify an individual.  The use of Google analytics is for the sole purpose of measuring site activity and performance.  Data gathered by Google (data controller) does not identify any individual; data is not stored more than is necessary to provide meaningful analytics.

As already stated above we never obtain information without your permission and never resell any such information.

All photos published on the website of family members only takes place with the permission of parents/guardians. A photo will never be used if the person can be identified through a visible name tag.

We will immediately remove any photo (even if permission was previously given) upon request by the parent/guardian.

Photos are published for the express enjoyment of the families that visit North Hayne Farm. We are happy to forward on high quality photos by email or Dropbox to the family concerned when asked. Where consent has been given for photos used in printed publications we will ensure that no further publications are printed following a withdrawal request.

Using Social Media

The use of social media forms an additional means by which we are able to interact with our guests and prospective guests through platforms of their choice and interactions of their choosing.  We do not engage in the use of paid ads or other paid services with any of our social media channels nor do we pay for information potentially gathered by these sites.  All necessary privacy measures have been taken with each site used by us to ensure appropriate levels of privacy are safeguarded as a result of visiting them.  The use of such sites places the responsibility of Data Processor upon us and as such we comply with our responsibility.  No subscription services exist within our control; by your use of any of the social media platform you remain in control and responsible for limiting access or unsubscribing entirely.