We respect the privacy of your personal information and are committed to treating it properly and in accordance with the data protection principles of fairness, transparency and lawfulness.
This policy contains important information on who we are; how and why we collect, store, use and share personal information; your rights in relation to your personal information; and how to contact us and supervisory authorities if you are concerned about our treatment of your data.
This policy comprises the following sections:
- Who we are and how to contact us
- Our website
- Our collection and use of your personal information
- Our legal basis for processing your personal information
- How and why we use your personal information
- How long we keep your personal information
- Who we share your personal information with
- Your rights
- Keeping your personal information secure
- How to complain
- Changes to this policy
Who we are and how to contact us
This website is operated by Old Glebe Barns Limited trading as Mersea Barns; we are a private limited company incorporated in England and Wales with registration number 09573682. Our registered office is at Laytons 2 More London Riverside London SE1 2AP and our business address is Mersea Barns East Road East Mersea Colchester Essex CO5 8TQ. You may also contact us by e-mail to firstname.lastname@example.org or by telephone to 01206 384198.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation and the Data Protection Act 2018 (to which we refer as “Data Protection Law”) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
This policy relates only to use of our website, www.merseabarns.com. In our website we may link to other websites owned and operated by certain trusted third parties in accordance with this policy. Such third party websites may also gather information about you in accordance with their own separate privacy policies; please consult those policies on the relevant third party website, as we cannot accept responsibility for the conduct of third parties.
Our collection and use of your personal information
In the course of our business we will collect, hold and process information about our customers, suppliers, staff and members of the public such as enquirers and correspondents. In doing so we will seek always to apply the data protection principles of fairness, transparency and lawfulness.
We collect personal information about you when you access our website, register with us, contact us, send us feedback, purchase products or services via our website, post material to our website, complete customer surveys or participate in competitions via our website.
The personal information we collect about you depends on the particular activities which you carry out through our website. Such information may include:
- name, address and contact details
- information to enable us to check your identity, such as your date of birth
- bank account, credit/debit card, transaction, billing and payment details
- details of any feedback you give us by phone, email, post or via social media
- information about goods or services we provide to you
- information about goods or services which you provide to us, including your performance in respect of such supply
- your account details, such as username, login details
- your contact history, purchase history and saved items
- information which you provide to us, such as your employment or personal history, qualifications, interests, etc
- information from accounts you link to us, eg Facebook
- information to enable us to undertake credit or other financial checks on you
- information about how you use our website, IT, communication and other systems
- your responses to surveys, competitions and promotions
- your dietary requirements
This website is not intended for use by children under the age of 13 and we do not knowingly collect or use personal information relating to children.
We collect most of this personal information directly from you – through our website, in person, by telephone, text, email, social media or other communication – but we may also collect information from:
- publicly accessible sources
- third parties such as credit reference agencies;
- third parties with your consent, such as your bank or building society
- cookies on our website
- our IT systems, eg CCTV and access control systems, communications systems, email and instant messaging systems
Our legal basis for processing your personal information
Under Data Protection Law we may hold and use your personal information only if we have a proper reason for doing so. There are various different legal bases which may constitute a proper reason, depending on what personal information we process and why. These may include:
- your consent: where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or to take specific steps before entering into a contract with you
- our legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- vital interests: where our use of your personal information is necessary to protect you or someone else’s life, health or safety
- legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party; a “legitimate interest” is a business or commercial reason to use your information which is not overridden by your own rights and interests.
How and why we use your personal information
For further details on when we collect personal information, what we collect as well as how we use it, please read the following sections:
The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal information for||Our justification and reasons|
|To provide goods or services to you||Consent and legitimate interests, for the performance of our contract with you or to take steps at your request before entering into a contract and liaising with you|
|To obtain goods or services from you||Consent and legitimate interests, including making enquiries about goods and services, placing orders, performing our contractual obligations and liaising with you|
|To obtain services from third party providers for the purposes of facilitating the performance of our obligations, eg payment or payroll service providers||Legitimate interests, for the purposes of efficient operation|
|To communicate with you in relation to a purpose for which you provided us with your personal information or as permitted by law||Legitimate interests, to meet that purpose or to comply with law|
|To verify your identity and to prevent and detect fraud||Legitimate interests, for correct performance of our commitments and to prevent or detect criminal activity|
|Marketing our services and those of selected third parties, including communicating news about Mersea Barns, its goods and services, offers, events, activities and the like||Legitimate interests, in the promotion and development of our business and in facilitating your participation in items that we offer|
|To review, maintain and amend the range of goods and services which we offer||Legitimate interests in the efficiency of our business|
|To ensure that food and drink which we supply to you complies with any dietary requirements of which you inform us for that purpose||Consent, to ensure compliance with our obligations and safeguard your health|
|Processing necessary to comply with legal and regulatory obligations that apply to our business, eg under health and safety regulation||Legal obligation|
|Credit reference checks via external credit reference agencies||Legitimate interests, to check capability|
|Establishing, defending and enforcing legal obligations||Legitimate interests|
|Ensuring business policies are adhered to, eg policies covering security, confidentiality and internet use||Legitimate interests in the efficient and proper conduct of our business|
|Operational reasons, such as improving efficiency, training, ensuring safe working practices and quality control||Legitimate interests in the efficient and proper conduct of our business|
|Recruitment, including checks with third parties and public authorities, and usual recruitment activities||Legitimate interests, in seeking staff and in processing applications for work|
|Activities related to employment||Legitimate interests in our proper conduct as an employer|
|Statistical analysis to help us manage our business, eg in relation to our financial performance, customer base, product range or other efficiency measures||Legitimate interests in the efficient and proper conduct of our business|
|Preventing unauthorised access and modifications to systems so as to prevent and detect criminal activity that could be damaging||Legitimate interests, for correct performance of our commitments and to prevent or detect criminal activity|
|Creating, updating, managing, maintaining and enhancing customer records and your account with us||Legitimate interests in the efficient and proper conduct of our business|
|Statutory returns||Legal Obligation,to comply with our legal and regulatory obligations|
How long we keep your personal information
We will keep your personal information for the following periods:
Purpose for which your personal Period during which that personal
information is provided information may be retained by us
|Purposes related to your purchase of goods or services from us, including communication for such purposes, payment actions, identity and credit checks, delivery, purchase record, etc||Until fifteen days after you state or we consider that you will not, or that it is unlikely that you will, make further purchases from us, save that we may retain information relating to the performance of legal obligations for seven years after your last purchase from us|
|Purposes related to your supply of goods or services to us, including communication for such purposes, payment actions, delivery, supply record, etc||Until fifteen days after you state or we consider that we will not, or that it is unlikely that we will, make further purchases from you, save that we may retain information relating to the performance of legal obligations for seven years after our last purchase from you|
|Marketing and promotion to you||Until the expiry of any period specified by you during which we may retain and use such information for these purposes or fifteen days after you state to us that you do not wish to receive such communications|
|Recruitment||Until 15 January next following the expiry of three years from our first receipt from you of a statement expressing interest in working with us|
|Employment or other engagement||Until 15 January next following the expiry of six years from termination of your employment or other engagement with us|
|Ensuring compliance with dietary requirements which you have notified to us||For the purposes of the meal, event or transaction for which the dietary information is provided or such longer period as you state to us for the purpose|
Personal information provided to us for a purpose that is not related to any of the above purposes will be retained and used only for so long as it is required for that purpose.
After expiry of the relevant period we may keep and use your personal information for as long as is necessary for any of the following purposes:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly and in accordance with our obligations;
- to enforce our legal rights
- to keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. When it is no longer necessary to retain your personal information, we will delete or anonymise it.
Who we share your personal information with
We may share personal data with:
- our advisers, for the purposes of obtaining their advice
- third parties we use to help deliver goods or services to you, eg payment service providers, warehouses, third party suppliers and delivery companies
- other third parties we use to help us run our business, eg marketing agencies or website hosts
- law enforcement, emergency services or other authorities
- as required by applicable law or to respond to an emergency
- third parties approved by you, eg social media sites to which you choose to link your account or third party payment providers
- our insurers and brokers
- our bank
- credit reference agencies
Except with your express consent, we will not share your personal information with any other third party and will not transfer your personal data outside the European Economic Area.
We will always treat your personal information with the utmost respect and will never sell or licence it to other organisations.
We will allow our service providers to handle your personal information which we supply to them only if we are satisfied that they will take appropriate measures to protect it.
Where your personal information is held
Your personal information may be held at our premises at Mersea Barns East Road East Mersea Colchester CO5 8TQ or with third party agencies, service providers, representatives and agents as referred to above under ‘Who we share your personal information with’.
Cookies and similar technologies
We would like to send you information about goods and services which we provide, activities and events at Mersea Barns, competitions and special offers and other matters concerning what we do, which we believe may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or social media.
We will ask whether you would like us to send you such marketing messages only when you tick the relevant box on a form which you access while using our website.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us at email@example.com or in writing to Mersea Barns East Road East Mersea Colchester CO5 8TQ.
—using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
It may take up to ten days for this to take effect.
For more information on your rights in relation to marketing, see ‘Your rights’ below.
Under the Data Protection Laws you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your personal information
- access to your personal information and to certain other supplementary information that this policy is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email or write to us in the manner described above under ‘Who we are and how to contact us’
- let us have enough information to identify you
- if we so request, let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates and any other information relevant to your request
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will have been trained on the requirements of this policy and Data Protection Law, will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that can resolve any query or concern which you raise about our use of your information.
Data Protection Law also gives you the right to lodge a complaint with the Information Commissioner, who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.
This policy was published on 9 January 2019.
We may change this policy from time to time; if we do so we will make this clear on our website.
If you have any questions about this policy or the information which we hold about you please contact us by e-mail to firstname.lastname@example.org or by telephone to 01206 384198 or in writing to Mersea Barns East Road East Mersea Colchester CO5 8TQ.