Date: 29 January 2020
The intention of this policy is to clearly define to any individual how Upper Oaks processes ‘personal data’ for which it has responsibility.
The definition of ‘personal data’ is that as defined by the Data Protection Act 2018 (GDPR). This is primarily pieces of data that identify an individual.
In circumstances where any individual supplies ‘personal data’ about themselves to Upper Oaks, we will become responsible for it legally as the ‘Data Controller’ and will process your data in accordance with the principles and legal requirements of the Data Protection Act 2018 (GDPR).
In circumstances where data is supplied to Upper Oaks about individuals by another party who is legally the ‘Data Controller’, we will legally have responsibility as the ‘Data Processor’ and conduct processing of that data under a legal contract with the ‘Data Controller’.
The definition of a ‘Data Controller’ or ‘Data Processor‘ is that as defined by the Data Protection Act 2018 (GDPR).
Company Contact Details
Upper Oaks Farm, The Oaks, Pulverbatch, Shrewsbury, Shropshire SY5 8EG
The appointed Data Protection Officer or Manager for Upper Oaks is Hannah Edwards, owner and founder.
Why do we need your data?
We require personal data from you to be able to supply any products or services which you have requested from us or provide information about them.
We will only ask for and keep the data needed to ensure we provide you with an efficient level of service and support and any legal commitments we have as a business.
We may also use personal data we have gathered to contact and inform you of products and services which we believe will be of genuine interest to you and/or your organisation.
The Privacy Notice Matrix at the end of this policy gives details of what types of data we may store about you and the lawful basis for this.
What do we do with your data?
We have a responsibility to protect data we hold about you and ensure it is not accessed by anyone who is not authorised to use it for the reasons we legitimately hold it. We also have a responsibility to ensure that your data is accurate, retrievable and is not kept any longer than is necessary or legally required.
We have assessed the risks to the security of your data and implemented appropriate levels of technical and organisational measures to protect it. We will not store your data outside of the European Union.
Access to your data will be limited to only those who need it to provide you with the services you have requested or consented to receiving or have legal authority to request access to it. We will ensure that we have in place a confidentiality agreement with anyone having access to your data.
We will sometimes need to pass your data to other parties or businesses, who we use for specific parts of supplying products & services to you or provide us with related services. These third parties will only receive your data from us when we have assessed the risks in giving them access to it, are assured they have an adequate level of data security and have agreed a legal contract detailing how they should protect your data. They will not be permitted to store your data outside of the European Union.
We will not pass your data to third parties to use for marketing of their own services.
The Privacy Notice Matrix at the end of this policy gives details of how long we may need to keep your data.
What happens if we lose your data or it is accessed by unauthorised persons?
If we detect that ‘personal data’ we are holding as a Data Controller has been lost or accessed by unauthorised persons to create a data breach, and that this will potentially infringe your rights or cause you harm, we will inform you immediately of the data breach.
We will also be required legally to inform the Information Commissioner’s Office (the Government’s data protection regulator) within 72 hrs of detecting the breach, who may then investigate our compliance with data protection legislation and effectiveness of our controls.
What rights do you have?
Data protection regulations give you a legal right to:
1. request information on what data is held about you
2. have your data changed or deleted from our records
3. withdraw any consent given
4. have your data transferred
5. restrict processing of your data and/or objection to its processing
To make a request under these rights please email: firstname.lastname@example.org.
Under normal circumstances we will not charge you for processing these requests and will respond to you within 30 working days. If we believe your request is complex and will be chargeable; we will first contact you before proceeding.
To lodge a complaint with the Information Commissioner’s Office
To make a complaint to the ICO (Information Commissioner’s Office), use the link or call their hotline on 0303 123 1113.
If you would like to make any general enquiries about our data protection policies please email email@example.com or call 07966168723.
Links to other websites
Our website may contain links to other websites of interest. You should note that we do not have any control over those websites, and so cannot be responsible for the protection and privacy of any information which you provide while visiting them.
A cookie is a small file sent to your computer’s hard drive by a web page that you visit. Cookies allow web applications to recognise your device (IP address), as you move from one page on the site to another, or if you revisit the site within a certain period of time. If you express a preference on a web page, for instance, that preference can then be recalled in the future. A cookie in no way gives us access to other files on your computer or to any other of your device’s functions.
We use traffic log cookies to compile statistics about the popularity of pages on our site and about how people have arrived here. This helps us improve our website. We only use this information for statistical purposes.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, however, you can usually modify your browser settings to decline or block cookies if you prefer.
Acceptance of these terms
We reserve the right to make changes to this privacy notice at any time.
Privacy Notice Matrix – Please note this matrix is best viewed on larger screen formats like tablet or desktop computer
|Processing activity||Personal data required or held||Retention time||Lawful basis for processing|
|Supply of products &|
|Name, phone number(s), work or home address, email address(es)||Seven years||Contractual – in order to provide the products or services you have ordered.|
|Marketing||Name, email address(es)||Until consent withdrawn by you||Consent – you have given your consent to receive information about products & services which are of interest to you.|
|Credit card payments||Card holder name, card number, security number||Duration of the transaction||Consent – you have agreed to give these details in order to pay for products or services ordered|
|Third party contractors: deliveries||Name, phone number(s), work or home address(es)||Retained until the service has been completed||Contractual – in order to provide the products or services you have ordered|