This Policy explains when and why we collect Personal Data about the people who visit Fonmon Castle and our website or other platforms such as, mobile applications, email, text messages, and social media accounts (“Platforms”), how we use such data, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. We will notify you of any material changes on how we use your Personal Data prior to implementing them. Notification of any such material change will be made by email or prominent notice on our website. By using our Platforms, you’re agreeing to be bound by this Policy.
Who are we?
We are Fonmon Castle Estate (fonmoncastle.com, we or us) a privately owned enterprise, owned and run by Sir Brooke Boothby as a sole trader. We are committed to protecting and respecting your privacy. Fonmon Castle Estate is the ‘data controller’ of your personal data and is subject to the Data Protection Act 1998 (“DPA”) (and, when it takes effect on 25 May 2018, the General Data Protection Regulation (the “GDPR”)).
If you would like any more information or you have any comments about our Policy, please either write to us at Data Protection Representative, Fonmon Castle, Fonmon Barry, Vale of Glamorgan CF62 3ZN, or email firstname.lastname@example.org
How we collect your information
We may collect your personal information in a few limited ways, namely:
- Directly from you, when you telephone us requesting information, when you make enquiries on our website or by email, or when you interact with us during your time as a visitor in various other ways (for example, where you attend a tour or an event organised by us).
- On occasions where we receive information about you from a wedding listing website e.g. where a third party passes on your details to us in connection with a request for further information you have raised when visiting that third party’s website
How and why do we use your personal data?
Here’s how we may use your personal data and why:
- To process any requests that you make by using our website, on the phone or on site. If we don’t collect your personal data during enquiries, we may not be able to give you the full information about what is on offer e.g. Your details may need to be passed to a third party to supply or deliver a or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, extra charges and so on.
- To respond to your queries, requests and any complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- To process payments and to prevent fraudulent transactions. We do this because of our legitimate business interests. This also helps to protect our customers from fraud.
- With your consent, we may use your personal data, preferences and details of your transactions to keep you informed by email, web, text and telephone about relevant products and services including tailored special offers, promotions, events, competitions and so on. Of course, you are free to opt out of hearing from us by any of these channels at any time by contacting us.
- To administer any of our prize draws or competitions that you enter, based on your consent given at the time of entering.
- To comply with our contractual or legal obligations to share data with law enforcement.
How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
Access to your personal data is password-protected.
We regularly monitor our system for possible vulnerabilities and attacks.
How long we will keep your personal data
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
An example of a customer data retention period is when you make a purchase from us. When you make a purchase, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties e.g. our approved caterers, marquee suppliers and insurers, but only in order to respond to your enquiry, or to fulfil your business.
In the event of a sale of our business, or a reorganisation of our business, or as otherwise required by law or applicable regulator, we may transfer Personal Data to third parties (as part of the information generally contained in business) but such transferred data would be subject to this Policy and will not be transferred unless the recipient can commit to keep your Personal Data secure and in accordance with applicable privacy laws.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted stored anonymously
Sharing your data with third parties for their own purposes. We will only do this in very specific circumstances, for example:
- For fraud management, we may share information about fraudulent or potentially fraudulent activity on our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government bodies, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis, and take the privacy of our customers into consideration.
What are your rights over your personal data?
An overview of your different rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete. Eg. when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a Friends membership).
- That we stop using your personal data for direct marketing (through either specific, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
You have the right to request a copy of any information about you that the Fonmon Castle Estate holds at any time, and to have that information corrected if it is inaccurate. To ask for your information or to request any amendments to it, please contact the Data Protection Representative, Fonmon Castle, Fonmon Barry, Vale of Glamorgan CF62 3ZN, or email email@example.com
If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data because of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you.
- Email firstname.lastname@example.org with your request
- Write to the Data Protection Representative, Fonmon Castle, Fonmon Barry, Vale of Glamorgan CF62 3ZN, or email email@example.com
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Contacting the regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
If you live outside the UK
For all non-UK customers
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we’ll need to transfer your personal data between countries to enable us to supply the services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK, or elsewhere.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK, or elsewhere.
If you have any questions that haven’t been covered, please contact us:
- Email us at firstname.lastname@example.org
- Or write to us at Data Protection Representative, Fonmon Castle, Fonmon Barry, Vale of Glamorgan CF62 3ZN, or email email@example.com
This policy was last updated on 25/06/2018