1. INTRODUCTION
Bryn Noddfa a registered business. Our official name is Bryn Noddfa Cyf, Registered Office: Two Yews, Lon Uchaf, Morfa Nefyn, LL53 6AH, Company No. 12361345
We take our responsibilities as a data controller seriously and are committed to using the personal data we hold in accordance with the law.
This privacy notice provides detailed information about how we process personal data. Please read it carefully. If you have questions regarding your personal data or its use, please contact us by email brynnoddfa@gmail.com; or by post at Two Yews, Lon Uchaf, Morfa Nefyn, LL53 6AH.
2. TYPES OF PERSONAL DATA WE PROCESS
We process personal data about prospective, current, and past guests and customers; staff, suppliers and contractors; friends and supporters; and other individuals connected to or visiting the business.
The personal data we process takes different forms – it may be factual information, expressions of opinion, images or other recorded information which identifies or relates to a living individual. Examples include:
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- details of visits and events attended
- employment data (for staff);
- images, audio and video recordings;
- financial information (for processing payments);
- allergy information.
3. COLLECTING, HANDLING AND SHARING PERSONAL DATA
We collect most of the personal data we process directly from the individual concerned. In some cases, we collect data from third parties (for example, a booking website or other referral agency) or from publicly available resources.
Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals. We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.
In the course of business, we share personal data of employees with relevant authorities (eg HM Revenue and Customs). Some of our systems are provided by third parties, eg hosted databases, websites, calendars, or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.
We do not share or sell personal data to other organisations for their own purposes.
4. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
We process personal data to support the business’s operations as self-catering accommodation, a hotel, bar and restaurant. In particular for:
- Processing reservations and payments.
- Processing catering requests.
- Staff administration including the recruitment of staff and engagement of contractors; administration of payroll, pensions and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; and the maintenance of appropriate human resources records for current and former staff; and providing references;
- The promotion of the business through its own website, by email, and other publications and communications (including through our social media channels); and
- Maintaining relationships with customers and the wider community by communicating with the body of current and former guests and organising events.
The processing set out above is carried out to fulfil our legal obligations (including those under our parent contract and staff employment contracts). We also expect these purposes to form our legitimate interests.
5. HOW LONG WE KEEP PERSONAL DATA
We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. We have adopted Records Retention Guidelines which set out the time period for which different categories of data are kept. If you have any specific queries about our record retention periods, or wish to request that your personal data is considered for erasure, please contact us.
6. YOUR RIGHTS
You have various rights under Data Protection Law to access and understand the personal data we hold about you, and in some cases to ask for it to be erased or amended or for us to stop processing it, but subject to certain exemptions and limitations.
You always have the right to withdraw consent, where given, or otherwise object to receiving generic or advertising communications. Please be aware however that the business may have another lawful reason to process the personal data in question even without your consent. That reason will usually have been asserted under this Privacy Notice, or may exist under some form of contract or agreement with the individual (e.g. an employment or other contract, or because a purchase of goods, services or membership of one of our societies).
If you would like to access or amend your personal data, or would like it to be transferred to another person or organisation, or have some other objection to how your personal data is used, please make your request in writing to us.
We will to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is one month in the case of requests for access to information. We will be better able to respond quickly to smaller, targeted requests for information. If the request is manifestly excessive or similar to previous requests, we may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows it.
You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege.
7. CHANGE OF DETAILS
We try to ensure that all personal data held in relation to an individual is as up-to-date and accurate as possible. Please notify brynnoddfa@gmail.com of any significant changes to important information, such as contact details, held about you.
8. THIS POLICY
We will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website and to you directly, as far as practicable.
If you believe that we have not complied with this policy or have acted otherwise than in accordance with Data Protection Law, you should notify us. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with us before involving them.
2nd May 2020