Being transparent and providing accessible information to individuals about how we will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR) May 2018.
The first principle of data protection is that personal data must be processed fairly and lawfully. The DPA says that in order for the processing to be fair, the data controller (Ragdale Hall Spa) has to make certain information available to the data subjects (the individuals whom the data relates to), so far as practicable.
The code of best practice uses the term ‘privacy notice’ to describe all the privacy information that we make available or provide to data subjects when collecting information about them. For simple terms, please refer to the relevant privacy notice for the services you are requesting, which sets out the following criteria:
These techniques allow us to give data subjects greater choice and control over how their personal data is used and demonstrates that we are using personal data fairly and transparently.
In broader terms, an individual’s data will be collected to administer the products, services or information requested.
Ragdale Hall Spa collects data for the purpose of legitimate interest and this may include (but not be limited to) title, first name, surname, address, telephone numbers, email address and where provided, status of health, age and gender. In certain circumstances, in order to administer a booking or services being purchased/requested, we may request some personal details of the other guests within the reservation or the recipient of other goods or services.
Once data has been collected it will be stored in a secure database and will only be used to confirm reservation and pre-arrival details, to complete transactions for purchases, to advise of offers/promotions or any other relevant information in administrating and fulfilling requests.
Data will be retained for a period of time that is deemed suitable for the purpose of being relevant, which may vary according to the services requested.
Personal data will not be shared, sold or passed to third parties for any marketing purposes. We may give access to your information to our service providers in order to fulfil activities e.g. data cleansing and distribution, on our behalf. In such instances we only disclose information necessary to deliver the service required and we have a contract in place that states that our partners must keep information secure and confidential, and cannot use it for their own marketing purposes.
Data subjects have a right of access to the data we hold and should contact us in writing with any requests for access. Data subjects may also exercise their right to erasure provided they do so in writing, including any evidence or proof why we should no longer hold their data.
All requests will be considered and a response given within 72 hours. In exceptional cases, we may not agree to full erasure if a legitimate/legal reason for doing so exists.
People’s expectations about personal data are constantly changing and data subjects are increasingly willing to share information on social media platforms. Where data has not been consciously provided by data subjects in this way, the requirement to be fair and transparent still arises. In such cases we will continue to be transparent about the processing of data and comply with the legal requirements to provide privacy information via our Privacy Impact Assessment (PIA). This is a methodology for assessing and mitigating the privacy risks involving personal data.
We will also consider the effect of our processing on the data subjects concerned to include the following main elements of fairness:
We will ensure that data subjects are given appropriate control and choice. Where we need consent from an individual in order to process their information we will explain what we are asking them to agree to and why. To comply with the code, we will also make sure that where people do have a choice, they are given a genuine opportunity to exercise it and it will be given freely, be specific and allow the individual to be fully informed. Consent will also be revocable.
We collect Personal Information from You when registering as a user of our guest WiFi services, including:
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. Please note that cookies can’t harm your computer and don’t store personally identifiable information. These pieces of information are used to improve services for you through, for example:
Please be aware that restricting cookies may impact on the functionality of any website.
If you wish to opt-out of third-party website owners collecting any statistical visit data regarding your interaction on our website, please refer to their websites for further information – Facebook, Google etc