Effective Date: 5th June 2018
This policy applies to the following:
- Individuals making a party or event booking
- Individuals making a group booking such as a school or community group booking
- Individuals making a booking to stay
- Subscribers to our mailing lists (following a mailing for a reason listed above)
- Individuals who make contact with us through another means: Website or email enquiry
This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
This policy specifically does not apply to employee data or that of volunteers, work experience, interns or contractors working for Marshview-Dairy. We have separate policies and guidance for those individuals.
The privacy and security of your personal information is extremely important to us. Here we explain how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information, knowing we will take good care of it.
We’ll keep this policy updated to show you all the things we do you with your personal data.
You can be assured that we will never sell your personal data to anyone and we are not in the practice of sharing information with any other organisation for any reason, but should that change we will advise you and seek your permission to do so.
Who are “we”?
We are MarshView-Dairy. which is the trading name of MarshView LLP with a registered address at 317, Wisbech Rd, March, Cambs, PE15 0BA
Separately, the Data Protection Officer for all personal data relating to job applicants, employees, former employees, volunteers, interns, work experience students and contractors is the HR manager. We take great care to train our staff in their responsibilities with regard to data protection to keep you safe.
What personal data do we collect?
“Personal data” is any information that relates to an individual who can be identified from that information.
We may collect a number of items of personal data in connection with specific activities such as booking a pitch or reserving a room or cottage. Sometimes you’ll share your data when you make contact to ask us a specific question or we order something special for you we take your details to call you to keep you fully informed. The categories of data are explained in the table below.
“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, sex life and biometric data. It may also include “criminal records data” which means information about an individual’s criminal convictions and offences, and information relating to criminal allegations and proceedings.
How do we use your personal data?
We’ll only use your personal data on relevant lawful grounds as permitted by the General Data Protection Regulation (effective 25th May 2018).
Personal data provided to us will be used for the purposes defined below.
|Category||What personal data do we collect||How do we use your data?|
Our wardens will only make contact with you if they have reason to do so, for example, if you have left property with us. Our Marketing Team will also add you to the Guest e-newsletter subscriber list in order to keep you informed of exclusive members news, events and special promotions at MarshView-Dairy. We would also like to be able to send you special offers to mark your birthday, but sharing your date of birth with us is optional. For those Guests who do not have email addresses, we may post out communications to you from time to time. as a Guest, you can unsubscribe from the member mailing list at any time.
We will use postcode data to carry out geographically related offers/promotions and to send you special offers to mark your birthday if you have given us your date of birth. You can unsubscribe from this list at any time.
Whilst we rely upon what we and the law calls our “legitimate purpose” to use your data as described in the table above, to fulfil our contract with you to provide your membership for the year, or to fulfil your group or party booking, when it comes to marketing our wider services to you, we need to ask your permission to do so, if they are outside of the scope of the permissions you have given to us above.
At every opportunity in our transactions with you, we will ask you to confirm to us if you wish to join our mailing list for broader marketing mailings and offers. Our marketing mailing list will never be shared with third parties or sold on and we never transfer your data outside the EU or make automated decisions on your behalf. We will only send you information directly related to Pensthorpe Natural Park.
If you have consented to join our marketing mailing list, you can easily opt-out again at any point by unsubscribing on any of the e-newsletters you receive from us.
We do use all categories of data collected to profile our visitors so that we are better able to tailor our offering to suit our wide range of visitors. We do not usually ask third parties to do this on our behalf, but if we do, we will ensure that they can satisfy us that they meet the stringent standards of the data protection legislation at all times and work within our own principles regarding the integrity of the data we hold about you.
Interacting with Our Website
Where do we keep your information?
Guest data is kept Online with a hosting service offering 128 bit SSL security certification and payments are processed directly by our payment merchant.
We use MailChimp as our e-newsletter processor which includes the collection (e.g., via sign-up forms) and storage of personal data (e.g., within our MailChimp account in order to allow us to create and use distribution lists and send marketing email campaigns) and the transfer of personal data to certain MailChimp’s sub-processors (who, as described in MailChimp’s Data Processing Agreement, perform some critical services, such as helping MailChimp prevent abuse and providing support to our customers).
Payment Card Security
We have an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.
Our online payment solutions are carried out using a ‘payment gateway’ through Worldpay which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with your bank and the bank passes your payment to us. We do not process or hold your bank details.
Our Venue has CCTV and you may be recorded when you are with us. This is to ensure the safety and security of you as our visitor and for our staff. CCTV is only ever viewed if there is a valid reason to do so, for example, if we believe a crime has been committed or there has been an accident or incident that we need to investigate. We will place notices in clear sight where we use CCTV.
How long do we keep your data?
As a guest we retain your data unless you request us to remove it, we retain it to allow us to easily rebook plots of rooms at your convenience.
If you book a party or group stay, we’ll hold your data during the booking and planning period and for three months afterwards to ensure we have delivered the event to your satisfaction. After that time we will write to you to ask if you would like to remain on our marketing database so that we can let you know our news and share offers with you. If you don’t wish to keep in touch, we will delete your details after three months.
What happens if you don’t want us to hold your data?
You can choose to opt out of communications with us at any time, but in certain circumstances, we do need to continue to hold and process your data to fulfil our obligations with you, such as to enable us to administer your booking. We keep our data requirements to a minimum and we hope that in this Privacy Notice we have reassured you that your data is safe with us. Should you withdraw permission at any time, certain services may necessarily cease.
Subject Access Rights
You have the right at any time to ask to see the data we hold about you. To do this, please contact the Data Protection Officer at email@example.com or sent to Data Protection Officer, MarshView-Dairy, Marshview LLP, 317 Wisbech Rd, March, Cambs, PE15 0BA. We will ask you for certain information to identify yourself so we can be certain we are giving your information only to you. We will respond to any request within one month, or if we are unable to do so, we will write to you within one month and explain any delay.
If you are not happy with what you find, you have the right to insist your data is amended or deleted from our systems.
If at any time you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
We may need to amend this policy from time to time as systems and processes are updated or replaced. We will ensure that this policy is always available on our website and is always accurate and current.
This is Version 3 released 5th June 2018