Privacy Policy | Larchfield Estate | Larchfield Estate

Privacy Policy

This document sets out to help you understand the main elements of the data we collect about you as a customer, why we collect it and what we do with it.

Under the General Data Protection Regulation (GDPR) there is a requirement for data to be processed only for the purposes intended and not to be kept any longer than is necessary for that particular purpose. When you use our services, we want you to feel assured that we manage your data appropriately, confidentially, safely and securely.

Parental Guidance is advised to help you read and understand this notice if you are under 16 years of age.

Appendix 1 provides key definitions to help you understand some of the terminology used in this Notice.

As a customer, you are advised that personal and sensitive data about you may be collected, transferred, processed, stored, and retained in a manual and/or computerised form in a fair and lawful manner by the Company and/or by its third-party representatives. This is necessary for lawful purposes, for the performance of the contract /legitimate business interests so we can deliver our services to you.

You are advised that for reasons other than set out above, we are required to seek your consent to collect, hold, process and retain other data. If this applies you will be informed and you may opt not to consent. In any such circumstances, we will work out how we may best work with to you/deliver those services to you.

We may also use the information we collect to enable us to provide, maintain, protect and improve our services to you, as well as enabling us to develop new services and solutions to meet your needs.

Content of our Privacy Notice

  • The Types Data We Collect and Why We Collect It
  • Data Security
  • Data Disclosures
  • Contacting you
  • Your Rights
  • Making a Data Subject Access Request (DSAR)
  • Making a Complaint
  • Customer Data Schedule

The Data We Collect and Why We Collect It

We collect certain data to enable us to provide our services to you, deliver value and provide excellent customer service, as well as meeting out legal obligations. This relates to either information you provide to us or data we collect from you.

We collect personal information at the following points during our business relationship:

  • When you make an enquiry
  • We will collect personal information including name, contact telephone number and email address
  • When you make a booking/reservation for an event
  • We will collect personal information including full name, postal address, contact telephone number, email address and financial transaction information (such as credit/debit card)
  • When you make a booking/reservation for accommodation
  • We will collect personal information including full name, postal address, contact telephone number, email address, financial transaction information (such as credit/debit card). This information will be held on our online accommodation system

The Customer Data Schedule outlined later in this Notice provides further information on the types of data we collect, why we process it and what we do with it.

Data Security

We confirm that we have appropriate security measures in place to manage and restrict access to your personal information. This data is only available to authorised personnel who need to know that information in order to process it for us. These individuals are subject to strict contractual confidentiality obligations and may be subject to disciplinary and other action including termination of their contract/employment if they fail to meet these obligations.

We wish to reassure you that we also have processes in place to protect against your journey data being shared with someone who is not authorised, such as; someone who may endeavour to misrepresent themselves as having been the customer when they were not to try to access your information. Your confidentiality, safety and security are a priority for us.

Data Disclosures

The Company may also be required to disclose certain data/information to other persons. These kinds of disclosures will only be made when strictly necessary and for the purpose required. You are advised that for lawful purposes there are circumstances whereby we are required by law to share data (including sensitive data) including with other government agencies without the Individual’s consent. This includes our lawful requirement to provide sensitive information to external government bodies.

You are advised that we may share data with or other trusted third-party agents who are engaged to provide outsourced services directly on our behalf. This is necessary for legal reasons, for the performance of the contract/delivery of our services/legitimate business interests. Such third-parties are required to confirm compliance with our privacy policy, ensure confidentiality, take reasonable security measures, notify us immediately of any breach, process the data only for our purposes and only as instructed by us. Whereby a third-party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data is protected by appropriate safeguards.

Outside of the conditions set out above, we will obtain your consent before sharing the data.

Contacting You: We will only contact you in relation to following up on client satisfaction and/or dealing with complaints or lost property or to share information with you if you have signed up for our newsletter.

Your Rights

  1. Subject to certain exceptions, you have the following rights:
  2. To be informed through a Privacy Notice to ensure there is transparency over how we use personal data.
  3. To access your own personal data and supplementary data that we hold. It allows you to be aware of and verify the lawfulness of the processing.
  4. To rectification of your personal data if it is inaccurate or incomplete.
  5. To erasure/ ‘the right to be forgotten’ by requesting the deletion or removal of personal data where there is no compelling reason for its continued processing.
  6. To restrict processing by requesting a ‘block’ or suppression of the processing of your personal data. When processing is restricted, we are still permitted to store the personal data, but not to further process it. We can retain just enough information about the individual to ensure that the restriction is respected in future.
  7. To data portability which allows you to obtain and reuse your personal data for your own purposes. This only applies in the following circumstances:
    • that the information pertains to personal data that you have provided to us;
    • where the processing is based on your consent or for the performance of a contract; and
    • when processing is carried out by automated means.
  8. To object to the processing of data based on legitimate interests or the performance of a task in the public interest/exercise of official authority; direct marketing; and processing for purposes of scientific/historical research and statistics.

Data Subject Access Request (DSAR)

You have a right to access information we may hold on you to confirm the accuracy of data and check the lawfulness of its processing or to allow you to exercise your rights including to correct or object if necessary.

If you wish to make a request for information we hold on you, this should be made in writing addressed to the Data Co-ordinator Donna Allan, email: donna@larchfieldestate.co.uk including the following details:

  • Your full name, address and contact details
  • Any information used by us to identify you (such as customer account number)
  • Details of the specific information required and any relevant dates

We will normally respond to your request within one month. However, this may be extended by a further two months whereby a request is complex or numerous. If this applies we will write to you within one month of the receipt of the request and explain to you and explain why the extension is necessary.

The information will normally be provided to you free of charge. However, we reserve the right to charge a reasonable fee when a request is considered to be ‘manifestly unfounded’, ‘excessive’ or ‘repetitive.’ In such cases the fee will be based on the administrative cost of providing the information. In exceptional circumstances, we may refuse to respond to the request. If this applies we will explain to you why and inform you of your right to complain.

Making a Complaint

You have a right to complain to the ICO if you think there is a problem with the way we are handling your data.

Customer Data Schedule

In line with our GDPR policy, we have outlined the main types of personal and sensitive data that we may collect, process, manage, store and retain about you as a Customer. We have also outlined in summary, the main categories and reasons for why we collect and process this information and what we do with it. This information is not exhaustive but is intended to be reflective of the typical categories of data we collect, process, store and retain. The retention periods outlined are based on statutory and non-statutory recommended retention schedules as well as those deemed necessary for the performance of our contract / service and to ensure we can meet our legal obligations.

Data Storage: The information we hold in relation to our customers is stored securely on company software and hardware systems (Company Databases, computers, PDA’s/mobile devices, Driver and Customer devices), hosted platforms/third party applications/Cloud based servers.

Please note: Any personal and sensitive data is only accessible by appropriate and authorised personnel.

Legal Basis for Processing: A summary the main conditions that are most likely to apply in relation to data pertaining to your employment is outlined below.