Date: | 1st January 2023 |
Author: | Directors |
Date for renewal: | 1st January 2024 |
Issue number: | 4 |
1.1 This policy describes how Mill on the Brue collects, processes, shares and stores personal data.
1.2 Mill on the Brue Ltd is registered with the Information Commissioner’s Office.
2.1 Mill on the Brue receives personal data from a number of sources. We collect the minimum amount of data that is required in order for us to provide our services and to meet our statutory obligations.
2.2 For school and other residential and day visits:
2.3 For summer camps and unaccompanied children:
2.4 Personal details of people attending birthday parties, hen/stag parties, day visits by unaccompanied children, special events or weddings will be destroyed after the visit.
2.5 We maintain a database of contact information of customers who are interested in receiving marketing information from us. Individuals need to expressly ‘sign up’ to receive these communications. We will only contact individuals with information relevant to them. Individuals are able to remove themselves from this marketing list at any time by contacting our office by email or phone, or through ‘Unsubscribe’ links included within all email marketing.
2.6 Personal data of current staff and volunteers, including names, date of birth, home addresses, phone numbers, next of kin contact details, pre-employment checks, pay details and qualifications and records from their employment/volunteering (appraisals and disciplinary actions, etc) will be stored under lock and key.
2.7 The minimum amount of personal data of staff and volunteers no longer with Mill on the Brue will be retained as required by law. Names and end of term reviews will be kept for three years for reference applications unless the member of staff/volunteer requests for the information to be deleted before that.
2.8 We do not retain any banking information belonging to our customers.
2.9 Reports of Accidents involving customers are retained for a minimum of 3 years and up to 40 years in order for us to meet our legal obligations. Accident records are kept under lock and key.
2.10 CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry. CCTV imagery is retained for 7 days before it is automatically deleted.
3.1 Mill on the Brue will not disclose personal data of any customer or staff member to a third party unless legally required to do so.
3.2 Our own employees are given details of personal information on a ‘need to know’ basis.
4.1 Mill on the Brue has put in place appropriate technical and organisational measures to protect all data we hold against unauthorised or unlawful processing or against accidental loss or destruction or damage.
5.1 In the event of a data breach, Mill on the Brue will adopt current guidance and best practice as advised by the Information Commissioner’s Office.
6.1 In accordance with our legal obligations, we will make available the data we hold on an individual. Requests to view this data should be made in writing and addressed to the Centre Manager. We will respond to requests within 21 days.
6.2 Mill on the Brue reserves the right to require proof of identification before providing an individual access to their personal data.
7.1 The Centre Manager at Mill on the Brue is responsible for implementing this policy, including the training of staff, and compliance with all relevant current regulations.