PRIVACY STATEMENT LEONARDSLEE
Privacy Statement for Members and Customers and Contacts of Leonardslee House and Gardens
Leonardslee House and Gardens (Clarbow Ltd t/a – the data controller) is committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us by individuals themselves.
Collection and use of personal data
Our policy is to collect only the personal data (which is any information relating to an identified or identifiable living person) necessary for agreed purposes. This data is typically restricted to contact details, bank details (for those of you who pay us via direct debit), visiting history, purchasing history and a history of our relationships (eg how long a member, when you use our facilities) and it includes information collected about you when you use our site such as IP address and mobile device identifiers.
We use personal data for the following purposes:
- to provide our services/allow our members and customers to make the fullest use of our facilities
- to administer, manage and develop our businesses and to provide information that we think will be of interest
- to comply with any requirement of law or custom, in particular retention of information for HMRC and purposes.
We do not share this information with any persons outside of our group of companies (please note that our group of companies does include businesses in South Africa all of which are subject to the same high level of protection as within the EEA) although:
a) we do use third parties to support us in providing our services such as providers of information technology, cloud based software, data back-up, order fulfilment, payment processing and security. All such servers are located in secure data centres around the world, and personal data may be stored in any one of them;
b) we may need to share the information with our advisers and any specific body to whom we are accountable (eg HMRC, our external auditors).
We retain the personal data processed by us for as long as is considered necessary. Our retention period for records is largely driven by HMRC requirements so we keep records for at least 7 years.
You have a number of rights relating to your information e.g. to see what we hold, to ask us to share it with another party, to ask us to update incorrect or incomplete details, to restrict processing and to make a complaint. For a complaint or any query please contact our Data Protection Lead (currently Charles Rees) or other data protection officers on firstname.lastname@example.org and you always have the right to contact the Information Commissioner.