Heath Village Barn – Privacy Policy

PLEASE READ THIS PRIVACY POLICY STATEMENT CAREFULLY

About this Policy

We at Heath Village Barn take your privacy seriously. This policy and notice have been drafted in accordance with the requirements of the General Data Protection Regulations (“GDPR”), with the support of the legal team at www.legalo.co.uk.

This privacy notice explains how we handle your personal data (in all situations where we collect it), sets out your privacy rights, and explains how the law and our approach to privacy and personal data protect you.

This privacy notice supplements any other privacy notices that we may provide to you at the point that we collect data from you and should be read in conjunction with those notices.

Our status and details

For the GDPR, we are the data controller, and any enquiry regarding the collection or processing of your data should be addressed to us using the contact details below:

Contact: Barrie Simpson,
Email address: info@heathvillagebarn.co.uk
Postal address: Heath Village Barn, Eastern Way, Heath and Reach, Bedfordshire, LU7 0AA

By using the Website, you consent to this policy.

Information we collect

We will collect, process, and store personal data only if you directly provide it to us. You may do this as a user of this website, by enquiring about our services, becoming a customer or supplier, or as a potential customer or supplier.

Personal information covers any information which relates to you as an identifiable person. Below are examples of the type of data that this may include:

  1. Including forename, last name, maiden name, date of birth, gender, marital status, and username or similar identifier.
  2. Contact Data may include invoicing, purchase orders, home or work addresses, email addresses and telephone numbers, personal or job titles, and positions.
  3. Transaction Data may include payments made for services you have purchased from us or in relation to payments we have made to you.
  4. Technical Data may include internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access this website.
  5. Profile and Usage Data may include your enquiries, purchase information, feedback and survey responses, and how you use our website services.

We may also collect non-personal data, such as Aggregated Data, which may be obtained from your personal data but does not directly or indirectly identify you. This may include Usage Data detailing how you use our website and the features and areas you have interacted with.

How do we collect your personal data?

A range of different methods may collect data, which may include the following methods:

  1. Direct interactions with us in person, by post, phone, email or otherwise. You may give us your identity, contact information, and financial information.
  2. Automated technologies or interactions with our website can be done using the web enquiry form. You may provide us with your identity and contact information.
  3. Third parties or publicly available sources, third parties may be used in processing identity, contact and Financial categories of personal data.

Data Accuracy

It is important that the data we hold about you is accurate and up to date. If your data changes, please notify us so that we can update our records.

Use of your information

We may hold and process personal data that you provide to us under the GDPR.

The information that we collect and store relating to you is primarily used:

  1. This data may include identity, contact, financial, and transactional data to enable us to provide our services to you, communicate with you, and meet our contractual commitments to you.
  2. We want to notify you about any changes to our business, such as improvements to our website or service/product changes, that may affect our service or relationship with you. This may include identity and contact data.
  3. If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale to you. This may include identity and contact data.
  4. Where you have consented to receive such information, we may use your identity, contact, and marketing data to provide information on other parties’ products or services that we feel may interest you. Where we need to comply with a legal obligation, we may use your identity, contact, and transactional data.
  5. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights, do not override those interests. This may include all types of data.

We will never share your personal data with any third party for their marketing purposes.

We will only use your personal data for a purpose other than the purpose for which we originally collected it if we need to use it for that other purpose and have a legitimate interest.

Disclosure of your information

We may disclose your data to third parties in a range of circumstances. These include:

  1. Regulatory bodies. We may disclose your data to regulatory bodies to comply with the law, assist in fraud protection, and minimise credit risk. This may include identity, contact, and transactional data.
  2. Our Suppliers. We may disclose your data to third parties involved in fulfilling our services to you. This may include identity, contact, and transactional data.

Controlling the use of your data

Where we rely on consent as the lawful basis for processing your data, you can revoke or vary that consent.
If you do not want us to use your data or want to vary the consent you have provided, you can write to us at the address detailed in the ‘Our status and details’ or email us at info@heathvillagebarn.co.uk.

Data storage and transferring your data

As part of the services offered to you, for example, through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”.It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host or payment processing provider, or work for us when temporarily outside of the EEA.
A transfer of your personal data may happen if any of our servers are in a country outside of the EEA or one of our service providers is in a country outside of the EEA.

If we transfer or store your personal data outside the EEA in this way, we will ensure that your privacy rights remain protected, as outlined in this privacy policy. Where we use suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

Security

Information transmitted via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee data security when you transmit it to our site; any such transmission is at your own risk.
We have implemented security measures to prevent your data from accidental loss or disclosure. Once we receive your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

In the event of a data breach, we will notify the ICO and you if the breach results in any likelihood of loss or damage to you.

Data retention

The length of time we keep and store data depends on the purpose for which it was collected. We will only store data for as long as necessary to fulfil that purpose or to satisfy legal requirements.
Keeping certain data about our customers and suppliers for at least six years is legally required. This data includes contact, identity, financial, and transaction data.

Use of cookies

We detail our use of cookies in our Cookies Policy, available from the following link

Your rights

The GDPR gives you a range of rights concerning the personal data we collect from you. You have the right to

  1. Access your personal data. This right is commonly known as the ‘data subject access request’ and enables you to receive a copy of the personal data we hold about you. You will not need to pay a fee to access your personal data unless we can justifiably demonstrate that the request is repetitive or excessive. We will respond to all legitimate data access requests within one month. Still, we may need further information from you to confirm your identity and the request’s legitimacy.
  2. Request an update of the personal data. This enables you to correct any incomplete or inaccurate data.
  3. Erasure of your personal data. This enables you to ask us to delete personal data where there is no justifiable reason for us to continue to keep and process it. We may not always be able to delete the data, such as if there is an ongoing contractual relationship between us or if we are legally required to keep the data.
  4. Object to processing your personal data where we rely on consent or our legitimate interests (or those of a third party) as the justification for processing the data.
  5. You can restrict the processing of your personal data. This enables you to ask us to change the processing of your personal data. For example, you may wish to vary the basis on which we contact you.
  6. Request the transfer of your personal data to you or a third party. We will provide your personal data in a structured, machine-readable format to you or a third party you have chosen.
  7. Withdraw consent. You may withdraw consent when we rely on consent to process your personal data. If you withdraw your consent, we may not provide you with certain products or services. We will advise you if this is the case when you withdraw your consent.

You can exercise these rights by writing to us at the address detailed above or by email to info@heathvillagebarn.co.uk

Third-party links

You might find links to third-party websites on our website. If you click a link to a third-party website and visit that site, you may be allowing that site to collect and share certain data about you. These websites should have their privacy policies, which you should check. We do not accept any responsibility or liability for their policies, as we have no control over them.

Complaints

If you wish to complain about our use of your personal data, In that case, you can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

www.ico.org.uk

If you wish to file a complaint, we welcome the opportunity to discuss your concerns before contacting the ICO to see if we can resolve the issue for you.

Changes to this policy

We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.

We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please get in touch with us by email at info@heathvillagebarn.co.uk

This policy was last updated on 10th December 2024