WHO WE ARE
Rimington Leisure Park Ltd (“we”, “us”) is the operator of the websitewww.rimingtoncaravanpark.com. We collect, use and are responsible for certain information about you. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. The person responsible for how we handle personal information is Katie Collett – Data Protection Officer (DPO).
PERSONAL INFORMATION WE COLLECT AND USE
Personal information provided by you
In the course of operating our leisure business, we collect personal information when you provide it to us, such as your name, postal address, email address, phone numbers, date of birth and payment details.
We also collect personal information from you if you apply for a job with us or work for us for any period of time. In this context, personal information we gather may include: contact details, financial and payment details, details of education, qualifications and skills, marital status, nationality, NI number, job title, and CV.
Personal information provided by third parties
Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us provide services to you and to improve and personalise our service to you. If you apply for a job with us, we may receive information from the people who provide references.
Personal information about other individuals
If you give us information on behalf of someone else as an alternate contact, referee or next of kin, you confirm that the other person has agreed that you can:
give consent on his/her behalf to the processing of his/her personal data;
receive on his/her behalf any data protection notices; and
if relevant, give consent to the transfer of his/her personal data abroad.
enable us to follow up on enquiries made by you in relation to storing with us in accordance with industry guidelines and to give you our quote;
do a credit check—see ‘Credit checking’ section below;
prepare a storage agreement with you and arrange insurance cover if required;
manage any accounts you hold with us;
contact you for reasons related to the service you have signed up for or to provide information you have requested;
deal with payment for our services;
notify you of any changes to our website or to our services that may affect you; and
resolve disputes or collect overdue payments.
Sensitive personal information
We will not usually ask you to provide sensitive personal information. We will only ask you to provide sensitive personal information if we need to for a specific reason, for example, if we believe you are having difficulty dealing with your account due to illness. If we request such information, we will explain why we are requesting it and how we intend to use it.
Sensitive personal information includes information relating to your ethnic origin, political opinions, religious beliefs, whether you belong to a trade union, your physical or mental health or condition, sexual life, and whether you have committed a criminal offence. We will only collect your sensitive personal information with your explicit consent.
We do not currently hold data on children.
HOW AND WHEN DO WE COLLECT INFORMATION FROM YOU?
We may monitor and record communications with you (such as telephone conversations and emails). We may do this for a number of reasons, such as to check the quality of our customer service, for training purposes, to prevent fraud or to make sure we are complying with legal requirements.
If you visit our parks, some personal data may be collected from monitoring devices and systems such as closed circuit TV (CCTV) and barrier entry systems at the parks.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
REASONS WE CAN COLLECT AND USE YOUR PERSONAL INFORMATION
We rely on a different lawful basis for collecting and using personal data in different situations.
Where you make enquiries about buying a holiday home or lodge with us or booking a holiday and before you become a customer, we need to collect personal information about you so that we can take steps to enter into a contract with you. Once you have become a customer, we need to collect and use personal information to provide services to you and to claim our right to be paid in return for our services under our standard terms of business/contract with you. This includes collecting and using your personal information to:
If you apply for a job with us, we will collect and use personal information to process your application and check references. If you take a job with us, we will collect and use your personal information to enter into an employment contract with you and to administer the employment relationship, including making payments to you, accounting for tax, ensuring safe working practices, monitoring and managing staff access to systems and facilities, monitoring absences and performance and conducting assessments.
We collect and use personal information from our customers and staff to comply with our legal obligations. For example, we will take copies of documents that identify you so that we can comply with anti-money laundering and counter-terrorist financing requirements.
Legitimate business interests
Our priority is to make sure we give a high quality and secure service to customers and to follow up effectively on enquiries even though we accept that not all enquiries will lead to a business relationship or contract. We collect personal information to:
follow up on enquiries in accordance with industry guidelines and provide quotes for holidays or purchases of holiday home or lodges
conduct research and analyse website visitor behaviour patterns;
customise our website and its content to your particular preferences;
improve our services;
detect and prevent fraud;
prevent offensive, inappropriate or objectionable content being sent to or posted on our websites or to stop any other form of disruptive behaviour.
so we can fulfil our contractual obligation to deliver a secure and safe environment;
to establish whether you are doing something that breaches your contract with us; and
to assist in the establishment or defence of any crime or other investigation.
service providers under contract with us to support our business operations, [such as fraud prevention, debt collection, payroll, technology services]
our insurers and insurance brokers if you take out insurance cover through us;
trade associations of which we are a member;
law enforcement or government agencies in connection with any investigation to help prevent or detect unlawful activity;
any person or agency if we need to share that information to comply with the law or to enforce any agreement we may have with you or to protect the health and safety of any person;
any person who you have named as a person we can contact to discuss your account;
any person who is your agent or representative, such as the holder of a power of attorney, a legal guardian or person administering a will;
any person who we are negotiating with as a potential buyer of our business or property or if we are proposing to merge our business with another business;
credit card associations if specifically required;
It is a key feature of our parks that we operate CCTV within park area. We collect and process CCTV images
We will also communicate with you information about other services we can offer you and update you about our activities and promotions which may be of interest to you. If you would like to stop receiving these email newsletters, you can also click on the “unsubscribe” button at the bottom of the email newsletter. It may take a few days for this to take place. or if you do not wish to continue receiving these communications, you can opt out at any time. See ‘What rights do you have?’ below for further information. If you ask us to stop contacting you in this way, you can also ask us to start again at any time.
If we propose to use your information for any other uses we will ensure that we notify you first. If we need your consent to use your information for these other purposes, we will give you the opportunity to opt in or to refuse. If you opt in, you will be able to opt out at any time.
When will we contact any other person about you?
If you provide us with details of any other person we can contact to discuss your account, we may contact that person and discuss and share the details of your account with that person and deal with that person in relation to your account as if that person was you. We may particularly want to do this if we are unable to get in touch with you for any reason. If you change your mind, you can email or write to us and have this person taken off your account as an alternate contact person (see ‘How can you contact us?’ below).
If you provide us the details of a person who we can contact for a job reference, we may contact that person in connection with your job application.
Who your information might be shared with
We may disclose your personal data to:
If we pass data on to insurers, they may enter your data onto a register of claims which is shared with other insurers to prevent fraudulent claims. If we use an outside party to process your information, we will require them to comply with our instructions in connection with the services they provide for us and not for their own business purposes.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measure in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those people processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We will use technical measures to safeguard your personal data, for example:
we store your personal data on secure servers; and
payment details are encrypted on the secure server
any customer files or data are kept in secure access files with encrypted passwords.
email, call or write to us (see ‘How to contact us’ below)
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
let us know the information to which your request relates, including any account or reference numbers, if you have them
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.
While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
Our website contains links to websites and applications owned and operated by other people and businesses. These third party sites have their own privacy policies and use their own cookies and we recommend that you review them before you provide them with personal information. They will tell you how your personal information is collected and used whilst you are visiting these other websites. We do not accept any responsibility or liability for the content of these sites or the use of your information collected by any of these other sites and you use these other sites at your own risk.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
TRANSFERS OF YOUR PERSONAL INFORMATION OUT OF THE EEA
We will not transfer your personal data outside of the [United Kingdom OR European Economic Area] or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We usually hold your personal information as a customer or employee on our system for the period we are required to retain this information by applicable UK law, currently 7 years from the end of our contract or 6 months after any unsuccessful job application, unless you have told us you want us to delete the information earlier (see section “What rights do you have” below).
WHAT RIGHTS DO YOU HAVE?
Under the General Data Protection Regulation you have a number of important rights. These include the following rights:
request a copy of your information which we hold (subject access request);
require us to correct any mistakes in your information which we hold;
require the erasure of personal information concerning you in certain situations
require us to stop contacting you for direct marketing purposes;
object in certain other situations to our continued processing of your personal information;
restrict our processing of your personal information in certain circumstances;
object to decisions being taken by automated means which produce legal effects concerning you or which affect you significantly; and
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
Further information on each of these rights is available from the Information Commissioner’s Office.
If you would like to exercise any of these rights, please:
We will not charge any fee for any of these services in most cases.
HOW TO CONTACT US
If you wish to contact us, please send an email to firstname.lastname@example.org or write to us at FAO Katie Collett, Holgates Caravan Park Ltd, Middlebarrow Plain, Cove Road, Silverdale, LA5 0SH or call us on 01524 701508
The General data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority I the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113
This Privacy Notice was published on 25th May 2018 and last updated on 25th May 2018. We may change this Privacy Notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.
DO YOU NEED EXTRA HELP?
If you would like this policy in another format (for example: audio, large print, braille) please contact us (see ‘How can you contact us?’ above).
Holgates are is committed to ensuring confidentiality and safe storage of personal or sensitive data for all individuals engaging with an activity concerning the swimming lesson.
DEFINITION OF DATA
Data refers to information about an individual that may be used or processed by
Holgates for contact details. Data can be identified by two categories.
SENSITIVE PERSONAL DATA
Information which relates to an individual who is identifiable from the data or from the data along with additional information, which is already in possession, or likely to come into possession of Holgates. This includes information about the individual such as facts and opinions which can be held electronically or on paper.
Information about an individual relating to racial or ethnic origin, political opinions,
religious beliefs, physical or mental health or condition, sexuality, the commission or
alleged commission of any offence, criminal proceedings or convictions.
We will ensure that:
- Holgates is registered with Independent Commissioners Office (ICO)
- All staff whether permanent or temporary have access to this Policy and understand the principles of the Act.
- All records are accurate and up to date, including achievement data uploaded to the data base.
- All records are kept centrally, securely and password protected.
- No data is used for the purpose of marketing from third party businesses unless the individual provides written consent.
- Any e-mails which are sent to more than one individual are BCC ‘d (blind copied)
- No personal data is disclosed, written or verbal, to anyone outside of Holgates unless provided with written acknowledgement from the individual to do so.
- Only nominated members of staff have access to personal data and understand how to comply with the Regulations.
- For the purpose of the achievement data only authorised users will have access to the organisation portal and will have been vetted prior to organisation.
- Achievement data is not used for any other purpose than those permitted in this policy, including for marketing or financial gain.
How do we collect your data?
We collect the information below via email or through the website booking form some data is collected verbally e.g. if no DOB is given and we ask parents on poolside and add to this to our database
Why do we need the data we collect?
Adults name – We need to know the carer for the child.
Address – We need to know this for invoicing
Mobile number – We can send out text messages for urgent and important notices
Email address – We use this to communicate with our clients for child’s progress,
newsletters, invoicing, promotions and dealing with enquires.
Child’s Students details
Childs name – We use this to book them into classes
Age of child – We use this so we can teach to their development stage
Ability level – We use this to ensure they are put into the correct level of class
Medical/Learning – We use this to offer the appropriate support
Who accesses your data?
The Reception staff and Pool Staff have full access to all clients on our data base for the purpose listed above. All teachers have access to the data of all class through the data base and the purpose of which is to print registers and familiarise with swimmers needs and names/ages/ability.
How do we store your data?
We have a central data base which is stored centrally, and no other third party has access to your data and it is not shared with any other businesses. Email correspondence will be deleted on a termly basis to help us keep track of enquiries. If you require your data to be deleted sooner please let us know. Your details are stored on our data base and this is safeguarded so your data is protected from unauthorised access.
How can you keep your data up to date?
If you need to change any of the details that we have please email us on email@example.com
What happens to my data if I leave?
Your data will become inactive. We will continue to send you newsletters and
promotion emails for a further 12 months unless you ask us to stop sending emails to you. Please email us on firstname.lastname@example.org if you do not want to receive information from us.
How can my data be removed?
We keep the data on our database for 12 months until notified otherwise. We email to check annually and in the meantime if you wish to be removed from our data base, please email us on email@example.com
DATA PROTECTION STATEMENT – HOLGATES SWIMMING LESSONS
HOLGATES will use your personal data for the purpose of your child‘s learning during lessons and understand that by submitting my child’s data I am consenting to receive information about the course I have booked by post, e-mail, SMS/MMS, on-line or telephone unless stated otherwise, and will receive newsletters with the option to unsubscribe.
Under the General Data Protection Regulations 2018, all organisations that process
learner data must ensure that the learner is informed of how their information is
processed and shared. A privacy notice is a method of informing learners about how their information is collected, what it is used for and who is using the information. This policy and its procedures will be reviewed periodically in light of changing business priorities and practices to take into account any changes in legislation to ensure that it remains fit for purpose and reflects the requirements as set by GDPR and how the use of data is managed. The information contained within this Policy will also be reviewed against the requirements set out by the Independent Commissioners Office to ensure that data is compliant with GDPR.
DATA PROTECTION POLICY
1.1 We hold personal data about our employees, customers, suppliers and other individuals for a variety of business purposes.
1.2 We take seriously our obligations under the General Data Protection Regulation (GDPR) and all other relevant regulation and legislation in relation to the personal data we hold.
1.3 We have appointed Katie Collett as our Data Protection Officer (DPO) to have overall responsibility for monitoring how we collect and use personal data, data security and compliance with data protection regulations and laws.
1.4 This policy sets out how we seek to protect personal data and ensure staff understand the rules governing their use of personal data to which they have access in the course of their work. In particular, this policy requires staff to ensure that the DCM should be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
2.1 It is important that you understand the following terms:
2.1.1 Business purposes—the purposes for which personal data may be used by us, eg creating and administering customer accounts, personnel, administrative, financial, regulatory, payroll and business development purposes. These include the following:
(a) creating, and managing our contracts and accounts with our customers
(b) identification of new customers for anti-money laundering purposes
(c) contacting customers for reasons related to the services they have signed up for or to provide information they have requested
(d) contacting customers to notify them of any changes to our website or to our services that may affect them
(e) invoicing for and collecting payments due for services provided to customers
(f) collecting overdue payments
(g) compliance with our legal, regulatory and corporate governance obligations and good practice
(h) gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
(i) ensuring business policies are adhered to (such as policies covering email and internet use)
(j) operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
(k) investigating complaints and resolving disputes
(l) checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
(m) monitoring staff conduct, disciplinary matters
(n) improving services
(o) following up leads and marketing our business
2.1.2 Personal data—information relating to identifiable individuals, such as customers, alternative contacts, suppliers, marketing contacts, job applicants, current and former employees, agency, contract and other staff. Personal data we gather may include: individuals’ contact details, financial and payment details, details of education, qualifications and skills, marital status, nationality, job title, and CV.
2.1.3 Sensitive personal data—personal data about an individual’s racial or ethnic origin, sexual orientation, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, CCTV images and any other biometric data —any use of sensitive personal data should be strictly controlled in accordance with this policy.
3.1 This policy applies to all staff. You must be familiar with this policy and comply with its terms.
3.2 We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.
4 Who is responsible for this policy?
4.1 The DPO has overall responsibility for this policy and for ensuring this policy is adhered to by all staff.
5 Legal responsibilities
5.1 The GDPR imposes requirements that:
5.1.1 we only hold data if we have a lawful basis for doing so, for example, where we have a contract with a customer, to administer the customer’s account and provide the services the customer requires, to comply with our legal obligations, if we have a genuine and legitimate business interest in processing that information or we have the consent of the person to whom the data relates
5.1.2 we keep that data confidential and secure
5.1.3 we use it only for authorised purpose(s)
5.1.4 any data we hold is:
(c) not excessive
(d) accurate, and
5.1.5 we do not keep data for longer than is necessary
6 Our procedures
6.1 Fair and lawful processing – Privacy Notices
6.1.1 We must process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the processing is:
(a) necessary to perform legal obligations or exercise legal rights, or
(b) otherwise in our legitimate interests and does not unduly prejudice the individual’s privacy
In most cases this provision will apply to routine business data processing activities for our Business purposes.
6.1.2 Our Privacy Notice is a notice to customers on data protection. The notice:
(a) sets out the purposes for which we hold personal data on clients (ie for the provision of legal services and related purposes including legal and regulatory compliance)
(b) highlights that we may be required to give information to third parties such as law enforcement agencies or need to share it with service providers such as insurers, credit reference agencies, debt collection agents and payroll providers, and
(c) provides that individuals have a right of access to the personal data that we hold about them
6.1.3 Our Privacy Notice needs to be given to the customer at the first point of contact. Our website will direct customers to our Privacy Notice when they make an enquiry on-line. If a customer makes an enquiry in the store or signs up a licence agreement in store, then you must give them a copy of our Privacy Notice at that time. If enquiries are made by telephone, you will need to let them know we take the privacy of their data seriously and let them know that they can view our Privacy Notice on-line or we can send it to them by post or email.
6.2 Sensitive personal data
6.2.1 In almost all cases where we process sensitive personal data we will require the data subject’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (eg to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
6.3 Accuracy and relevance
6.3.1 We will ensure that any personal data we process is accurate, adequate, relevant and not excessive given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
6.3.2 Individuals may ask that we correct inaccurate personal data relating to them and we need to respond to them within one month.. If any person makes a request to correct inaccurate information, you must inform the DPO immediately giving details of the request. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and pass this on to the DPO when you report that the request has been made.
6.4 Right to stop direct marketing
6.4.1 You should abide by any request from an individual not to use their personal data for direct marketing purposes and notify the DPO about any such request.
6.4.2 Do not send direct marketing material to someone electronically (eg via email) unless the person has given their consent to this. You will need to follow industry guidance on following up on people who have made enquiries or asked for a quote for storage. [Please see our Policy on following up potential customers.]
6.4.3 Please contact the DPO for advice on direct marketing before starting any new direct marketing activity.
6.5 Right of access to personal data – subject access requests
6.5.1 Please note that under the Data Protection regulations, individuals are entitled (subject to certain exceptions) to request access to information held about them.
6.5.2 If you receive a subject access request, you should refer that request immediately to the DPO. We may ask you to help us comply with those requests.
6.5.3 Please contact DPO if you would like to correct or request information that we hold about you. There are also restrictions on the information to which you are entitled under applicable law.
6.6 Right to be forgotten or to restrict use of personal data
6.6.1 Please note that under the Data Protection regulations,, individuals are entitled (subject to certain exceptions) to request that we restrict how we use the personal information we hold about them or that we delete it altogether.
6.6.2 If you receive a request of this kind, you should refer that request immediately to