Data Protection Policy

Date: 1st January 2023
Author: Directors
Date for renewal: 1st January 2024
Issue number: 4

1 Introduction

1.1 This policy describes how Mill on the Brue collects, processes, shares and stores personal data.

1.2 Mill on the Brue Ltd is registered with the Information Commissioner’s Office.

2 Personal data we hold

2.1 Mill on the Brue receives personal data from a number of sources. We collect the minimum amount of data that is required in order for us to provide our services and to meet our statutory obligations.

2.2 For school and other residential and day visits:

  • Names and medical details of group members are provided to us by the party leader. They are shredded one month after the completion of the visit.
  • Images to be used for marketing purposes are only taken when permission has been expressly granted.
  • Photographs are taken of children with specific medical or dietary needs to enable quick identification. These are destroyed after their visit.
  • We will keep the name and contact details (email address, phone number and name and address of the school) of the name of the person placing a booking. If they do not wish to complete the booking this information will be deleted.

2.3 For summer camps and unaccompanied children:

  • Children’s details (name, age, etc), names of parents/guardians, home addresses, and any other personal data such as medical details are collected from the parent/guardian. This information is destroyed at the end of the summer camp period.

2.4 Personal details of people attending birthday parties, hen/stag parties, day visits by unaccompanied children, special events or weddings will be destroyed after the visit.

2.5 We maintain a database of contact information of customers who are interested in receiving marketing information from us. Individuals need to expressly ‘sign up’ to receive these communications. We will only contact individuals with information relevant to them. Individuals are able to remove themselves from this marketing list at any time by contacting our office by email or phone, or through ‘Unsubscribe’ links included within all email marketing.

2.6 Personal data of current staff and volunteers, including names, date of birth, home addresses, phone numbers, next of kin contact details, pre-employment checks, pay details and qualifications and records from their employment/volunteering (appraisals and disciplinary actions, etc) will be stored under lock and key.

2.7 The minimum amount of personal data of staff and volunteers no longer with Mill on the Brue will be retained as required by law. Names and end of term reviews will be kept for three years for reference applications unless the member of staff/volunteer requests for the information to be deleted before that.

2.8 We do not retain any banking information belonging to our customers.

2.9 Reports of Accidents involving customers are retained for a minimum of 3 years and up to 40 years in order for us to meet our legal obligations. Accident records are kept under lock and key.

2.10 CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry. CCTV imagery is retained for 7 days before it is automatically deleted.

3. Sharing of information with third parties

3.1 Mill on the Brue will not disclose personal data of any customer or staff member to a third party unless legally required to do so.

3.2 Our own employees are given details of personal information on a ‘need to know’ basis.

4. Storage of personal data

4.1 Mill on the Brue has put in place appropriate technical and organisational measures to protect all data we hold against unauthorised or unlawful processing or against accidental loss or destruction or damage.

5. Data breaches

5.1 In the event of a data breach, Mill on the Brue will adopt current guidance and best practice as advised by the Information Commissioner’s Office. 

6. Accessing the data we hold

6.1 In accordance with our legal obligations, we will make available the data we hold on an individual. Requests to view this data should be made in writing and addressed to the Centre Manager. We will respond to requests within 21 days.

6.2 Mill on the Brue reserves the right to require proof of identification before providing an individual access to their personal data.

7. Compliance with the regulations

7.1 The Centre Manager at Mill on the Brue is responsible for implementing this policy, including the training of staff, and compliance with all relevant current regulations.