Mersea Barns - Shop & Café

Privacy Policy

We respect the privacy of your personal information and are committed to treating it properly and in accordance with the data protection principles of fairness, transparency and lawfulness.

This policy contains important information on who we are; how and why we collect, store, use and share personal information; your rights in relation to your personal information; and how to contact us and supervisory authorities if you are concerned about our treatment of your data.

This policy comprises the following sections:

  • Who we are and how to contact us
  • Our website
  • Our collection and use of your personal information
  • Our legal basis for processing your personal information
  • How and why we use your personal information
  • How long we keep your personal information
  • Who we share your personal information with
  • Cookies
  • Marketing
  • Your rights
  • Keeping your personal information secure
  • How to complain
  • Changes to this policy

Who we are and how to contact us

This website is operated by Old Glebe Barns Limited trading as Mersea Barns; we are a private limited company incorporated in England and Wales with registration number 09573682. Our registered office is at Laytons 2 More London Riverside London SE1 2AP and our business address is Mersea Barns East Road East Mersea Colchester Essex CO5 8TQ. You may also contact us by e-mail to info@merseabarns.com or by telephone to 01206 384198.

We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation and the Data Protection Act 2018 (to which we refer as “Data Protection Law”) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Our website

This policy relates only to use of our website, www.merseabarns.com. In our website we may link to other websites owned and operated by certain trusted third parties in accordance with this policy. Such third party websites may also gather information about you in accordance with their own separate privacy policies; please consult those policies on the relevant third party website, as we cannot accept responsibility for the conduct of third parties.

Our collection and use of your personal information

In the course of our business we will collect, hold and process information about our customers, suppliers, staff and members of the public such as enquirers and correspondents. In doing so we will seek always to apply the data protection principles of fairness, transparency and lawfulness.

We collect personal information about you when you access our website, register with us, contact us, send us feedback, purchase products or services via our website, post material to our website, complete customer surveys or participate in competitions via our website.

The personal information we collect about you depends on the particular activities which you carry out through our website. Such information may include:

  • name, address and contact details
  • information to enable us to check your identity, such as your date of birth
  • bank account, credit/debit card, transaction, billing and payment details
  • details of any feedback you give us by phone, email, post or via social media
  • information about goods or services we provide to you
  • information about goods or services which you provide to us, including your performance in respect of such supply
  • your account details, such as username, login details
  • your contact history, purchase history and saved items
  • information which you provide to us, such as your employment or personal history, qualifications, interests, etc
  • information from accounts you link to us, eg Facebook
  • information to enable us to undertake credit or other financial checks on you
  • information about how you use our website, IT, communication and other systems
  • your responses to surveys, competitions and promotions
  • your dietary requirements

This website is not intended for use by children under the age of 13 and we do not knowingly collect or use personal information relating to children.

We collect most of this personal information directly from you – through our website, in person, by telephone, text, email, social media or other communicationbut we may also collect information from:

  • publicly accessible sources
  • third parties such as credit reference agencies;
  • third parties with your consent, such as your bank or building society
  • cookies on our website
  • our IT systems, eg CCTV and access control systems, communications systems, email and instant messaging systems

Our legal basis for processing your personal information

Under Data Protection Law we may hold and use your personal information only if we have a proper reason for doing so. There are various different legal bases which may constitute a proper reason, depending on what personal information we process and why. These may include:

  • your consent: where you have given us clear consent for us to process your personal information for a specific purpose
  • contract: where our use of your personal information is necessary for a contract we have with you, or to take specific steps before entering into a contract with you
  • our legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
  • vital interests: where our use of your personal information is necessary to protect you or someone else’s life, health or safety
  • legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party; a “legitimate interest” is a business or commercial reason to use your information which is not overridden by your own rights and interests.

How and why we use your personal information

For further details on when we collect personal information, what we collect as well as how we use it, please read the following sections:

The table below explains what we use (process) your personal information for and our reasons for doing so:

What we use your personal information forOur justification and reasons
To provide goods or services to youConsent and legitimate interests, for the performance of our contract with you or to take steps at your request before entering into a contract and liaising with you
To obtain goods or services from youConsent and legitimate interests, including making enquiries about goods and services, placing orders, performing our contractual obligations and liaising with you
To obtain services from third party providers for the purposes of facilitating the performance of our obligations, eg payment or payroll service providersLegitimate interests, for the purposes of efficient operation
To communicate with you in relation to a purpose for which you provided us with your personal information or as permitted by lawLegitimate interests, to meet that purpose or to comply with law
To verify your identity and to prevent and detect fraudLegitimate interests, for correct performance of our commitments and to prevent or detect criminal activity
Marketing our services and those of selected third parties, including communicating news about Mersea Barns, its goods and services, offers, events, activities and the likeLegitimate interests, in the promotion and development of our business and in facilitating your participation in items that we offer
To review, maintain and amend the range of goods and services which we offerLegitimate interests in the efficiency of our business
To ensure that food and drink which we supply to you complies with any dietary requirements of which you inform us for that purposeConsent, to ensure compliance with our obligations and safeguard your health
Processing necessary to comply with legal and regulatory obligations that apply to our business, eg under health and safety regulationLegal obligation
Credit reference checks via external credit reference agenciesLegitimate interests, to check capability
Establishing, defending and enforcing legal obligationsLegitimate interests
Ensuring business policies are adhered to, eg policies covering security, confidentiality and internet useLegitimate interests in the efficient and proper conduct of our business
Operational reasons, such as improving efficiency, training, ensuring safe working practices and quality controlLegitimate interests in the efficient and proper conduct of our business
Recruitment, including checks with third parties and public authorities, and usual recruitment activitiesLegitimate interests, in seeking staff and in processing applications for work
Activities related to employmentLegitimate interests in our proper conduct as an employer
Statistical analysis to help us manage our business, eg in relation to our financial performance, customer base, product range or other efficiency measuresLegitimate interests in the efficient and proper conduct of our business
Preventing unauthorised access and modifications to systems so as to prevent and detect criminal activity that could be damagingLegitimate interests, for correct performance of our commitments and to prevent or detect criminal activity
Creating, updating, managing, maintaining and enhancing customer records and your account with usLegitimate interests in the efficient and proper conduct of our business
Statutory returnsLegal Obligation,to comply with our legal and regulatory obligations

How long we keep your personal information

We will keep your personal information for the following periods:

Purpose for which your personal                        Period during which that personal

                        information is provided                                       information may be retained by us

Purposes related to your purchase of goods or services from us, including communication for such purposes, payment actions, identity and credit checks, delivery, purchase record, etcUntil fifteen days after you state or we consider that you will not, or that it is unlikely that you will, make further purchases from us, save that we may retain information relating to the performance of legal obligations for seven years after your last purchase from us
Purposes related to your supply of goods or services to us, including communication for such purposes, payment actions, delivery, supply record, etcUntil fifteen days after you state or we consider that we will not, or that it is unlikely that we will, make further purchases from you, save that we may retain information relating to the performance of legal obligations for seven years after our last purchase from you
Marketing and promotion to youUntil the expiry of any period specified by you during which we may retain and use such information for these purposes or fifteen days after you state to us that you do not wish to receive such communications
RecruitmentUntil 15 January next following the expiry of three years from our first receipt from you of a statement expressing interest in working with us
Employment or other engagementUntil 15 January next following the expiry of six years from termination of your employment or other engagement with us
Ensuring compliance with dietary requirements which you have notified to usFor the purposes of the meal, event or transaction for which the dietary information is provided or such longer period as you state to us for the purpose

Personal information provided to us for a purpose that is not related to any of the above purposes will be retained and used only for so long as it is required for that purpose.

After expiry of the relevant period we may keep and use your personal information for as long as is necessary for any of the following purposes:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly and in accordance with our obligations;
  • to enforce our legal rights
  • to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. When it is no longer necessary to retain your personal information, we will delete or anonymise it.

Who we share your personal information with

We may share personal data with:

  • our advisers, for the purposes of obtaining their advice
  • third parties we use to help deliver goods or services to you, eg payment service providers, warehouses, third party suppliers and delivery companies
  • other third parties we use to help us run our business, eg marketing agencies or website hosts
  • law enforcement, emergency services or other authorities
  • as required by applicable law or to respond to an emergency
  • third parties approved by you, eg social media sites to which you choose to link your account or third party payment providers
  • our insurers and brokers
  • our bank
  • credit reference agencies

Except with your express consent, we will not share your personal information with any other third party and will not transfer your personal data outside the European Economic Area.

We will always treat your personal information with the utmost respect and will never sell or licence it to other organisations.

We will allow our service providers to handle your personal information which we supply to them only if we are satisfied that they will take appropriate measures to protect it.

Where your personal information is held

 Your personal information may be held at our premises at Mersea Barns East Road East Mersea Colchester CO5 8TQ or with third party agencies, service providers, representatives and agents as referred to above under  ‘Who we share your personal information with’.

Cookies and similar technologies

A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.

Marketing

We would like to send you information about goods and services which we provide, activities and events at Mersea Barns, competitions and special offers and other matters concerning what we do, which we believe may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or social media.

We will ask whether you would like us to send you such marketing messages only when you tick the relevant box on a form which you access while using our website.

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:

—contacting us at info@merseabarns.com or in writing to Mersea Barns East Road East Mersea Colchester CO5 8TQ.

—using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts

It may take up to ten days for this to take effect.

For more information on your rights in relation to marketing, see ‘Your rights’ below.

Your rights

Under the Data Protection Laws you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your personal information
  • access to your personal information and to certain other supplementary information that this policy is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email or write to us in the manner described above under Who we are and how to contact us’
  • let us have enough information to identify you
  • if we so request, let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates and any other information relevant to your request

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will have been trained on the requirements of this policy and Data Protection Law, will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that can resolve any query or concern which you raise about our use of your information.

Data Protection Law also gives you the right to lodge a complaint with the Information Commissioner, who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.

Changes to this privacy policy

This policy was published on 9 January 2019.

We may change this policy from time to time; if we do so we will make this clear on our website.

If you have any questions about this policy or the information which we hold about you please contact us by e-mail to info@merseabarns.co or by telephone to 01206 384198 or in writing to Mersea Barns East Road East Mersea Colchester CO5 8TQ.

9-1.png