Middleton Lodge Privacy Policy Introduction Middleton Lodge are committed to respecting your privacy. This policy explains how Middleton Lodge may use personal information we collect about you. This policy explains how Middleton Lodge comply with the law on data protection and what your rights are. For the purposes of data protection, Middleton Lodge will be the data controller of any of your personal information. This policy applies to all visitors of Middleton Lodge’s premises and website. This policy does not form part of any contract. References to “we,” “our” or “us” in this privacy policy are to Middleton Lodge. Our address is: Middleton Lodge Events Ltd, Kneeton Lane, Middleton Tyas, Richmond, North Yorkshire, DL10 6NJ Our Privacy Officer, Claire Lumley-Turnbull, oversees our compliance with data protection legislation. Contact details are in the “Contacting Us” section below. Personal Data When you visit our premises or use our website, we may collect the following information from you: • Name • Contact e-mail address and phone number • Address • Time and date of your visit to our premise • Health issues, allergies and disabilities • Photographs • CCTV • Complaints • Bookings information • IP Address and information relating to your use of our website Special Categories of Personal Information Middleton Lodge may also collect, store, and use “special categories” of personal information, this involves information which is more sensitive. We will only collect this information where you provide it to us, for example when you inform us of your health issues, allergies, and disabilities. We will only process this information where we have your explicit consent to do so. Where We Collect Your Data We collect personal data about visitors upon arrival at our premises. This will be through CCTV when entering our premises and in reception, and by using our sign-in book. We may collect information about your bookings with us through the booking systems that you use to make reservations with us. We also use cookies on our website which may collect information about you and how you use our site. The rest of the information that we collect about you will be obtained directly from you. If, for any reason, you are providing us with details of others, e.g. family members and emergency contacts they have a right to know and to be aware of what personal information we hold about them, how we collect it, how we use it and how we may share that information. Please share this policy with those of them whom you feel are sufficiently mature to understand it. They also have the same rights as set out in the “Your rights in relation to personal information” section below. Uses Made of Your Personal Data We may use your personal data to do the following: • To book and cancel bedrooms, table reservations, weddings, corporate events, spa packages, hosting third party events • To provide you with our services as listed above • To ensure the safety and security of our premises • To process card payments • To carry out financial accounting • To use in legal processes, where necessary • To assess customer satisfaction in our surveys • To send marketing communications through e-mail and social media • To publish our Newsletters • To publish photographs and case studies • To allow usage of our Wi-Fi portal • To see how you are using our website • To analyse and segment our data to get a better understanding of our customers • To oversee our unsubscribe lists Lawful Basis for Processing Your Personal Data The UK General Data Protection Regulation (UK GDPR) requires that we must have a lawful basis for all of our processing activities. Our lawful bases are as follows: • The processing activity is carried out with your consent; or • The processing activity is necessary for the performance of a contract; or • The processing activity is in our legitimate interests of: o To further our marketing activities and to help spread awareness of Middleton Lodge and our services (through non-electronic communications); o To help ensure the security of our premises. o To ensure that we are providing you with quality services and to allow us to improve our services where possible. o To enable business management and forecasting. o To process general enquiries. We only process special category data about you (such as your health information) where we have your explicit consent. For some of your personal information you will have a contractual requirement to provide us with your personal information. If you do not provide us with the requested personal information, we may not be able to properly perform our contract with you and may not be able to provide you with our services. Where you have given us your consent to use your personal information, you have the right to withdraw this consent at any time. You can do this by contacting us as described in the "Contacting us" section below. Please note that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent, and we may still be entitled to hold and process the relevant personal information, to the extent that we are entitled to, on bases other than your consent. Disclosure of your Personal Data We may share your personal data with the following parties: • Outsourced marketing support • Email marketing Systems • Bookings systems • Local authorities • IT and CCTV Support • Website host • Property Management System • Booking engine/channel manager We do not disclose your personal information to anyone else except as set out above. Transferring Your Data Internationally We do not undertake transfers of your personal data to any countries outside the United Kingdom. How Long we Keep Your Personal Data The duration for which we retain your personal data will differ depending on the type of data and the reason why we collected it from you. However, in some cases personal data may be retained on a longterm basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement, we retain all physical and electronic records for a period of 7 years. Exceptions to this rule are: • CCTV records which are held for no more than 14 days. Unless we need to preserve the records for the purpose of prevention and detection of crime. • Information that may be relevant to personal injury claims or discrimination claims may be retained until the limitation period for those types of claims has expired. This can be an extended period as the limitation period might not start to run until a long time after your employment with us. It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address. You may be able to update some of the personal information we hold about you by contacting us using the details in the “Contacting Us” section below. Your Rights in Relation to Personal Data You have the following rights concerning your data: Right of Access You have the right to obtain confirmation from Middleton Lodge as to whether personal data concerning you are being processed and, where that is the case, access to that data. Right to Rectification You have the right to oblige Middleton Lodge to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement. Right to Erasure You have the right (under certain circumstances, but not all) to oblige Middleton Lodge to erase personal data concerning you. Right to Restriction of Processing You have the right (under certain circumstances, but not all) to oblige Middleton Lodge to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you. Right to Data Portability You have the right (under certain circumstances, but not all) to oblige Middleton Lodge to provide you with the personal data about you which you have provided to Middleton Lodge in a structured, commonly-used and machine-readable format. You also have a right to oblige Middleton Lodge to transmit those data to another controller. Right to Withdraw Consent If the lawful basis for processing is consent, you have the right to withdraw that consent. Right to Object to Direct Marketing Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing. Rights in Relation to Automated Decision-Making and Profiling Middleton Lodge does not perform any automated decision-making based on personal data that produces legal effects or similarly affects you. You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights. Your Right to Lodge a Complaint with a Supervisory Authority If you wish to exercise any of your rights concerning your personal data, you should contact Middleton Lodge’s Privacy Officer at the address shown above. If you are not satisfied with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF (t) 0303 123 1113 (e) icocasework@ico.org.uk While this privacy policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/ To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting us" section below. Changes to This Policy Middleton Lodge may update this privacy policy from time to time. When we change this policy in a material way, we will update the version date at the bottom of this page. For significant changes to this policy, we will try to give you reasonable notice unless we are prevented from doing so. Where required by law, we will seek your consent to changes in the way we use your personal information. Contacting Us In the event of any query or complaint in connection with the information we hold about you, please email claire.lumley-turnbull@middletonlodge.co.uk , or write to us at: Middleton Lodge Events Ltd, Kneeton Lane, Middleton Tyas, Richmond, North Yorkshire, DL10 6NJ Our Privacy Officer, Claire Lumley-Turnbull, can be contacted by the email outlined above or by telephone: 01325377977 Version dated 05/08/2022 Document Owner and Approval The Data Protection Officer owns this template and is responsible for ensuring that it is reviewed on a regular basis. A current version of this guidance is available on our website. This guidance was approved by the Managing Director on 19th August 2022 and is issued on a versioncontrolled basis under his/her signature. Signature: J.J.Allison Date: 19th August 2022 Record of Change History Issue Description of Change Approval Date of Issue 1 Initial Issue Managing Director 19th August