Kingscote Barn Limited treats the privacy of it customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This policy explains show we protect and mange any personal data you share with us and that we hold about you, including how we collect, process, protect and share that data.
Personal data means any information that may be used to identify an individual, including, but not limited to, Company Name, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
How we obtain your personal data
Information provided by you
You provide us with personal data either via email, via on online application or over the telephone, as well as on a show round enquiry form. This includes name, contact numbers, email address and may include Payment card details. We use this information in order to manage and administer your financial transaction with Kingscote Barn Limited and for quotation purposes and marketing. We may also keep information contained in any correspondence you may have with us by post or by email. The lawful basis for us holding and processing your personal data is; Consent, Contract or Legal obligation.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name, address, email address etc), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR).
How we process your data
When you access any of our services we will store a record of your IP address along with details of your request in our logs. This information is stored and used by our system to ensure the integrity of our services. Whenever you login to one of our services we will use at least two cookies that will identify your session to our services. This is necessary to provide our service to you.
The browser_id cookie is a permanent cookie that uniquely identifies your browser to us and allows us to ensure that previous sessions from that browser are invalidated when logging in again. This is only used for the purposes of invalidating these sessions as well as allowing us to notify you when new sessions are created in new browsers.
The user_session cookie is, initially, a session-only cookie that contains a unique token that identifies your specific session. This data is not stored on our end and is only stored in a hashed form. If you choose to persist your login session, this cookie will be converted to a more permanent cookie with an expiry time at some point in the future. The actual time will depend on the service you are using.
In addition to these cookies, we also store IP addresses & user agents with your session. This allows us to look for anomalies in its use to help us protect your account and our systems. This data is stored until such time as the associated user account is deleted.
We use Google Analytics to help us track the details of visitors browsing our public websites. We do not use Google Analytics on any URLs once you have been authenticated. We do not send any personal data to Google’s services through Google Analytics and we configure our tracking codes to anonymise any IP addresses.
How we use your personal data
We use your personal data to manage and administer your requirements. We also act as controller and processor in regard to the processing of your card payment instructions. We undertake at all times to protect your personal data, including any financial details, in a manner which is consistent with the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data in storage.
Do we use your personal data for marketing purposes?
We will hold your personal data only for the purposes of administering and managing requirements with us, and from time to time we may send out information that we feel may be of relevance to you.
We will keep information about you confidential and we will from time to time share your personal data for the purposes of audit and compliance monitoring. We will only disclose your information with other third parties when it is required to fulfil your requirements.
How long do we keep this information about you?
We keep information in line with the retention policy of Kingscote Barn Limited. These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your requirements. They also take into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly and certainly within one month form the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
- Sources from which we acquired the information;
- The purposes for processing the information; and
- Persons or entities with whom we are sharing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing
Subject to exemptions, you, that data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
- The processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use
- We no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims
- You, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data or restriction of
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling: unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your persona data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to the Data Protection Officer, Kingscote Barn Limited, Tetbury, Gloucestershire, GL8 8YE
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to the Data Protection Officer at the Kingscote Barn Limited, Tetbury, Gloucestershire, GL8 8YE and we will do our best to help you. If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information’s Commissioner’s Office (ICO), you can contact them on 01625 545 745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
This document was last updated on June 13, 2018