Caistor Equestrian Centre - Privacy & Security Policy

Go back

Privacy and Security Policy

Caistor Equestrian Centre is committed to respect and uphold everybody's right to privacy, to process personal data securely and to comply with legislation prevailing in the UK.

This policy describes what we do to achieve this.

Definition of terms used in this policy

'We', 'Us' and 'Our' refer to Caistor Equestrian Centre .
'You' and 'Your' refer to a client of Caistor Equestrian Centre . This may be a customer, supplier or member of our emailing list.
'Processing' means collecting and storing data, and using it to contact you if consent is given.
'Our website' means http://www.caistorequestriancentre.com.
'Device' means any computer, tablet, smart phone or other equipment equipped with a web browser and connected to the internet.
'GDPR' means the General Data Protection Regulation.
'PCI-DSS' means Payment Card Industry Data Security Standard.
'HMRC' means Her Majesty's Revenue and Customs, the UK tax authority.
'Full card details' means the card number, expiry date, name of account holder and CVC number of any debit, credit or charge card.
'Information' and 'Data' are used interchangeably.

The data controller and data protection officer for Caistor Equestrian Centre can be contacted via email, or at the address shown at the foot of every page.

Cookies

Like most websites, ours uses 'cookies' to make various features work. Cookies are small text files, some of which contain personal data, that our website places on your device. If you do not wish to give consent for cookies to be received you can set your web browser to block them, but this may prevent this and many otherwebsites from working correctly.

For a full explanation of the cookies we use, see our Cookie Policy.

Why do we process personal data?

We need to collect and store your personal information so that we can fulfil your order or competition entry, and contact you in the event of any query about it. If you have given consent, we also add your email address to our emailing list.

If we have purchased items from you, we need a record of the provenance of those items for security reasons.

Our legal basis under Article 6 of the GDPR for processing personal data in any given instance is one or more of:

6.a) Consent has been given for the specific purpose of joining our emailing list to receive occasional news and updates from us. You may give consent by completing our newsletter sign up form, or by contacting us by email. You may withdraw consent at any time - see below.

6.b) Processing is necessary for the performance of a contract to which you are party, specifically the supply of goods by or to Caistor Equestrian Centre

6.c) Processing is necessary for compliance with a legal obligation to which we are subject, in particular the retention of records for a specified time for tax purposes - see below.

6.f) Processing is necessary for the purposes of legitimate interests pursued by the data controller, specifically the collection of statistical data to assist in improving our offer and website to the mutual benefit of you and us.

How do you opt out?

If you have previously opted in to our emailing list, you can withdraw consent 'opt out' by:
- Using the 'Unsubscribe' link in a marketing email you have received from us.
- Contacting us via our 'Contact Us' page.
- Contacting us by email, mail or telephone.

What data do we process?

The personal information we collect and store is limited to:
- Your invoice name and address
- Your delivery name and address if different
- Your telephone number
- Your email address
- Your payment reference or method in abbreviated form - see below.
- A list of the items you purchased from us or sold to us
- An indicator to show if you have opted in to our emailing list.
- Emergency contact details. These are only used to contact a nominated person in the event of a client being deemed involved in a scenario which Caistor Equestrian Centre staff feel constitutes an emergency.

If you have opted in to receiving our occasional emails but have not purchased anything from us or sold anything to us, the only personal information we store is your name and email address.

In addition we use Google Analytics, a third party service, to collect data and report statistics about visitors to our website. The data includes:
- The number of visitors to our website and the number of pages viewed
- The number of visitors from different countries and regions
- A list of pages viewed by each visitor and the time spent on each
- The type of device, operating system and browser used by each visitor

Visitors are defined only by masked IP addresses and it is not possible to identify individual persons from this data, and no other personal data is collected. As the data is anonymous it falls outside the scope of the GDPR. Information is stored only on the Google.com secure servers and is deleted on a 'last in, first out' basis, typically 6 weeks after collection.

Online payments and financial data

Online payments are made through the secure website of our Payment Service Provider PSP. The PSP is PayPal, PayPal is PCI-DSS compliant to the highest level, ensuring that your card details are secure. We never see your full card details because you enter them directly through the PSP website.

Offline payments and financial data

We will not collect and store your bank account number or full card details. If you pay by cheque we may show the cheque number and your branch sort code on our invoice for your reference. If you pay by bank transfer we show the payment reference, if any, on our invoice.

How is personal information stored?

Personal information is stored electronically and is encrypted to prevent unauthorised access. Any personal information in the form of printed copies of sales orders and invoices is kept in a secure storage facility.

Your right to rectification

In accordance with article 16 of the GDPR, if you notice that we have stored any of your personal data incorrectly, please let us know and we will correct it straight away.

How long do we keep your data for?

HMRC rules require us to keep records for at least 5 years after the tax return submission date. To make sure we comply, we keep sales and purchase invoices for 6 years before deleting or destroying them.

If you have opted in to our emailing list you may request that your email address is removed from the list at any time. If we have not had any contact with you for 6 years, all your personal data will automatically be deleted including your entry in our emailing list.

Your 'right to be forgotten'

In accordance with article 17 of the GDPR, your personal data will be deleted when:
a) The information is no longer necessary for the purposes for which it was collected, or
b) You withdraw consent and there is no other legal ground for processing under Article 6 (see 'Why do we process personal data?' above.

Can we supply a copy of the data we hold?

Yes, just write to us and we will send a copy of all your personal data that we hold straight away. In some cases we may need to ask for proof of identity before doing so.

Do we share your personal data

No. We never share your personal data with third parties, except:
- with payment service providers as detailed above
- with Google.com in the form of anonymous statistical data as detailed above
- if required to do so by law.

Data breach

In the unlikely event of a data breach, we will contact the UK supervising authority (Information Commissioner's Office) and yourself in accordance with articles 33 and 34 of the GDPR.

T



his policy was updated on 15th April 2018.

 

Go back

 

Below are some of our associates and sponsors