Data Protection Policy

Date:	1st January 2023
Author:	Directors
Date for renewal:	1^st January 2024
Issue number:	4

1 Introduction

1.1 This policy describes how Mill on the Brue collects, processes, shares and stores personal data.

1.2 Mill on the Brue Ltd is registered with the Information Commissioner’s Office.

2 Personal data we hold

2.1 Mill on the Brue receives personal data from a number of sources. We collect the minimum amount of data that is required in order for us to provide our services and to meet our statutory obligations.

2.2 For school and other residential and day visits:

Names and medical details of group members are provided to us by the party leader. They are shredded one month after the completion of the visit.
Images to be used for marketing purposes are only taken when permission has been expressly granted.
Photographs are taken of children with specific medical or dietary needs to enable quick identification. These are destroyed after their visit.
We will keep the name and contact details (email address, phone number and name and address of the school) of the name of the person placing a booking. If they do not wish to complete the booking this information will be deleted.

2.3 For summer camps and unaccompanied children:

Children’s details (name, age, etc), names of parents/guardians, home addresses, and any other personal data such as medical details are collected from the parent/guardian. This information is destroyed at the end of the summer camp period.

2.4 Personal details of people attending birthday parties, hen/stag parties, day visits by unaccompanied children, special events or weddings will be destroyed after the visit.

2.5 We maintain a database of contact information of customers who are interested in receiving marketing information from us. Individuals need to expressly ‘sign up’ to receive these communications. We will only contact individuals with information relevant to them. Individuals are able to remove themselves from this marketing list at any time by contacting our office by email or phone, or through ‘Unsubscribe’ links included within all email marketing.

2.6 Personal data of current staff and volunteers, including names, date of birth, home addresses, phone numbers, next of kin contact details, pre-employment checks, pay details and qualifications and records from their employment/volunteering (appraisals and disciplinary actions, etc) will be stored under lock and key.

2.7 The minimum amount of personal data of staff and volunteers no longer with Mill on the Brue will be retained as required by law. Names and end of term reviews will be kept for three years for reference applications unless the member of staff/volunteer requests for the information to be deleted before that.

2.8 We do not retain any banking information belonging to our customers.

2.9 Reports of Accidents involving customers are retained for a minimum of 3 years and up to 40 years in order for us to meet our legal obligations. Accident records are kept under lock and key.

2.10 CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry. CCTV imagery is retained for 7 days before it is automatically deleted.

3. Sharing of information with third parties

3.1 Mill on the Brue will not disclose personal data of any customer or staff member to a third party unless legally required to do so.

3.2 Our own employees are given details of personal information on a ‘need to know’ basis.

4. Storage of personal data

4.1 Mill on the Brue has put in place appropriate technical and organisational measures to protect all data we hold against unauthorised or unlawful processing or against accidental loss or destruction or damage.

5. Data breaches

5.1 In the event of a data breach, Mill on the Brue will adopt current guidance and best practice as advised by the Information Commissioner’s Office.

6. Accessing the data we hold

6.1 In accordance with our legal obligations, we will make available the data we hold on an individual. Requests to view this data should be made in writing and addressed to the Centre Manager. We will respond to requests within 21 days.

6.2 Mill on the Brue reserves the right to require proof of identification before providing an individual access to their personal data.

7. Compliance with the regulations

7.1 The Centre Manager at Mill on the Brue is responsible for implementing this policy, including the training of staff, and compliance with all relevant current regulations.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_3638697_34	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.