We are Dukes Barn Company Ltd registered in England No: 4033961 charity registration No: 1081656. We operate as Dukes Barn Company Ltd and our registered office is School Lane, Beeley, Derbyshire, DE4 2NU. Dukes Barn Company Ltd are committed to protecting and respecting your privacy. We only collect and use personal information for legitimate legal reasons. This information is gathered to enable the company to provide good and or services and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that the centre complies with its statutory obligations.
The purpose of this policy is intended to ensure that personal information is dealt with correctly and securely in accordance with the data Protection Act 1998 (DPA) and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibilities by adhering to these guidelines.
We comply with the DPA and GDPR in respect of the collection, holding, storage, use, and processing of personal data about our staff, clients, suppliers, contractors, volunteers, supporters and other individuals where necessary to fulfil our contractual or legal obligations.
2. Personal data that we may collect
(a) We may collect and use the following types of personal data.
(b) We may receive personal information from third party websites such as BT My donate who would have obtained permission to share the information with us.
3. How we use personal data
To enable us to deal with your enquiries;
To allow us to fulfil our pre-contract and contractual duties with you;
To send relevant marketing material in line with your communications preferences;
To enable us to comply with our legal and regulatory responsibilities, to respond to legal process or requests for information issued by government authorities or other third parties, to prevent and detect crime and fraud, or protect your, our or others’ rights.
4. Data Protection Principles
The Data Protection Act 1998 and the GDPR 2016 establishes eight enforceable principles that we adhere to, which are:
· Personal data will be processed fairly and lawfully;
· Personal data will be obtained only for one or more specified and lawful purposes;
· Personal data will be adequate, relevant and not excessive;
· Personal data will be accurate and where necessary, kept up to date;
· Personal data collected for any purpose shall not be kept for longer than is necessary to fulfil that purpose that it was collected for;
· Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998 and GDPR 2016;
· Personal data is secured by the appropriate degree of security;
· Personal data will not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
5. Legal basis for processing personal data
There are different lawful grounds that we rely on to use your personal information. We collect and use your personal information in the following situations:
Where you have given us consent. We will rely on your consent to use your personal information for marketing purposes by phone, email or post. Where we rely on consent for the use of your personal information, you have the right to withdraw your consent at any time as described in 'Your rights' section of this policy.
Where our use of your personal information is necessary to perform a contract or contracts that you are a party to, or to take steps that you request before entering into a contract.
Where our use of your personal information is within our legitimate interests. For example, administrative purposes, identifying information, goods and services that are most likely to interest you as well as to detect, prevent, or otherwise address fraud, security, safety or privacy issues;
Where we believe it is necessary to use your personal information to comply with a legal or regulatory obligation to which we are subject;
6. Storing and holding your personal data
We do not retain personal information in an identifiable format for longer than is necessary.
If we have a provided goods and or services to you, we hold your personal information for 7 years from the date our relationship ends. We hold your personal information for this period to establish, bring or defend legal claims.
Where we have obtained your personal information following a request made by you, for information on any of our goods or services, we hold your personal information for 24 months from the date we collect that information, unless during that period you enter into a contract with us.
The only exceptions to the periods mentioned above are where:
The law requires us to hold your personal information for a longer period, or delete it sooner;
Where you have raised a legal claim, complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law, see ‘Individual rights’.
7. Individuals’ rights
Individuals have certain rights in respect of the personal data that we hold about them.
(a) Access. We will confirm to individuals whether or not we are processing and using personal data about them, at their request and, if so, provide them with access to and a copy of such personal data and the other details to which they are entitled.
(b) Rectification. We will correct any inaccurate personal data and complete any incomplete personal data (including by providing a supplementary statement) that we hold about individuals without delay at their request.
(c) Prevention of processing likely to cause damage or distress. We will respect our individuals’ rights to require us to cease or not to begin processing their personal data for a specific purpose, or in a specific way, that is likely to cause unwarranted damage or distress, either to the relevant individual or a third party.
(d) Erasure. We will erase personal data concerning a individual at their request without undue delay in certain circumstances, (for example, among other things, if their personal data is no longer needed for the purpose for which or was collected or otherwise used).
(e) Restriction. We will restrict the processing of individuals’ personal data in certain circumstances (for example, among other things, if they believe that their data held by us is inaccurate), if requested by them to do so.
(f) Data portability. We will respect the rights of the individual to receive personal data about them that they have provided to us in a structured, commonly used and machine-readable format and to transmit such personal data to another data controller without hindrance from us in certain circumstances.
(g) Right to object. We will respect the general rights of individuals’ to object to the processing of their personal data in certain circumstances.
(h) Right to object to marketing. We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time individuals ask us not to do so.
(i) Automated individual decision-making, including profiling. Where requested, we will not make decisions based on automated processing, including profiling and we will ensure that you can always obtain a review by one of our staff members of any automated decisions and are able to express your point of view and contest any such decisions.
7.1 We will not make any automated decisions based on sensitive personal information unless we have obtained your explicit consent to do so, or this is otherwise necessary for substantial public interest reasons based on applicable law.
7.2 We will process all personal data in line with individuals rights in each case to the extent required by and in accordance with applicable law only (including, without limitation, in accordance with any applicable time limits and requirements regarding fees and charges).
7.3 We will respect individuals’ rights regarding use of their personal data for direct marketing purposes. In particular, we will not begin or we will cease processing any personal data of individuals for direct marketing purposes if at any time an individual asks us to stop.
7.4 Individuals can exercise their rights by contacting us using the contact details set out below in the “Contacts and complaints” section of this Private Policy.
8. Contact and complaints
If you wish to ask a question, exercise your rights or make a complaint you can contact us in a number of ways.
Telephone: 01629 733 039
By post or in person:
The Centre Manager
Dukes Barn Company
8.2 We are not a ‘public authority’ and we will not therefore respond to requests for information made under that Act.
If we change our privacy policies and procedures, we will post the changes to this page. If the changes materially change how we treat your personal information, we will endeavour to provide you with reasonable notice of such changes, such as via prominent notice in Dukes Barn Company Ltd Platform or to your email address of record, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.