At High Oaks Grange we take your privacy seriously and only use your personal information to provide the products and services you have requested from us.
We are the data controller in respect of any personal data we collect about you and we have appointed a data protection officer who is responsible for monitoring our data protection compliance.
We collect and process your personal information & data in the following ways:
- On our websites when you visit or make or manage a reservation; when you use our contact forms for an enquiry or when you sign up to our emails;
- In our Reception/Sales departments from your correspondence;
- If you contact us (by phone, email or otherwise), we may keep a record of our correspondence with you for record or training purposes, to improve the quality of our services and to prevent and detect fraud;
- When you enter our competitions on our social media pages;
- When you register at Reception on arrival;
- Whilst on the premises in the form of closed circuit television (CCTV);
- We also working closely with third parties (including for example, Online Travel Agents) and may receive information about you from them.
We may use your personal information & data in the following ways:
- To administer your booking;
- Send you emails or call you in relation to your stay;
- To contact you on departure to review your stay with us;
- To send you marketing & promotional emails should you opt in to this service;
- Other communications for example responding to requests or general customer service.
We use closed circuit television at our property that may capture or record images of guests and visitors in public areas for the protection of our staff, guests and visitors to our properties where permitted by law.
Sensitive personal data
We do not collect sensitive personal data (such as racial or ethnic origin, nationality, political opinions, religious beliefs, etc) unless it is volunteered by you. We may sometimes ask for information such as your age or any disability that you may have in order to tailor our services to your circumstances
As with all data, it is entirely up to you to decide whether or not you are happy to provide this information. Sensitive personal data will only be used in order for us to fulfil our contract with you to provide the services that you have requested.
We may use data provided by you to serve you better and meet your particular needs (for example, the provision of disability access). You do not need to provide us with personal information simply to browse our website.
Credit/Debit Cards
We use a secure website to obtain your credit/debit card information in order to process any bookings made on our site. Credit/debit card information may also be requested over the phone when a booking is being made. We will never ask you to send us this information electronically.
All such information is stored on a secure system and will only be accessed when necessary to take payments as outlined in our Terms & Conditions. This data will kept for as long as is necessary to fulfil your contract with us (unless a longer retention period is required or permitted by applicable law) before being disposed securely.
Opt out
Marketing & Promotional e-mails provide a link at the end of the e-mail to unsubscribe from that service.
Please note that it is not possible to ‘opt-out’ of receiving communication from us which relates to your bookings or reservations.
How is your personal data shared within our family business?
We may receive personal data about you from other companies of our family business, Crows Nest Camp Ltd, Crows Nest Farms Ltd and Jasmine Park Ltd or share your personal data with them for the following purposes:
A. To provide services (including to make, administer and manage reservations or handle payments);
B. To provide customer support services;
C. To detect, prevent and investigate fraudulent, other illegal activities and data breaches;
D. For analytical and product improvement purposes;
E. To provide personalised offers or send you marketing with your consent or as otherwise permitted by applicable law;
F. To ensure compliance with applicable laws.
Non-disclosure to third parties
We do not share your data with any other company for marketing purposes other than those detailed above.
We may share your data with agencies such as law enforcement or governmental organisations where we are required to make such disclosures by any applicable law.
We may share your data with banks and payment providers, to authorise and complete payments.
We may pass your information to our third-party service providers, agents, sub-contractors and other associated organisations for the purposes of completing tasks and providing services to you on our or your behalf (for example to process payments and send you email). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We work with carefully selected Online Travel Agents (OTAs). When you enquire about or book with these third parties, the relevant third-party product provider will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. They will be acting as a data controller of your information and therefore we advise you to read their Privacy Policy. These third-party product providers will share required information about you with us (e.g. accommodation type and dates of stay) which we will use in accordance with this Privacy Policy. If you provide information on and use third-party sites, the privacy policy and terms of service on those sites is applicable. We encourage you to read the privacy policies of websites that you visit before submitting personal information.
We are a member of Premier Cottages, a professional collective of independent luxury cottage owners. Premier Cottages promotes properties on our behalf as well as other luxury cottages. As members of Premier Cottages we would like to give them your information so that they can contact you about other quality properties that you might like. You may unsubscribe from this service at any time.
Our website includes links into our social media pages eg. Twitter and Facebook. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted by a third party. Your interactions with these features are governed by the privacy policy of the company providing it.
Retaining personal information
We retain personal information about you for the period necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by applicable law. When your information is no longer required, we will ensure it is disposed of in a secure manner.
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Recruitment
Should you apply for a position within our company, your details will be held on file until such a time as the position is filled. If you are unsuccessful in your application, your details will be disposed of securely and in a timely manner unless you request otherwise.
How we use cookies
Our website uses “cookies” which are harmless small text files that are placed on your machine to help the website provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser. Please note, if cookies are disabled, the online browsing experience may be limited.
We don’t use cookies to track individuals or store sensitive information such as your name, address or credit card details.
IP addresses
We may collect non-personal information about your computer, including, where available, your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. Your IP address is a number that your Internet Service Provider automatically assigns to the computer that you are using to access the Site. This number is identified and logged automatically in our server log files whenever users visit the Site, along with the time of each visit and the page(s) that were visited. Collecting IP addresses is standard practice on the Internet and is done automatically by many websites. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems, validation of a legitimate user session via Google® captcha and administering the Site. Please note that we treat IP addresses, server log files, and related information as Non-Personal Information, except when we are required to do otherwise under applicable law.
NHS Test & Trace
Recording customer details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of High Oaks Grange you will be asked to provide some basic information and contact details. The following information will be collected:
- the names of all customers or visitors
- a contact phone number for each customer or visitor
- date of visit and arrival time and departure time
The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).
We may require you to pre-book appointments for visits or to complete a form on arrival.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk.
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on www.highoaksgrange.co.uk
Getting in contact
If you would like to review, access, amend or update your information please contact:-
Data Controller
High Oaks Grange
Thornton Road
Pickering
YO18 7JX
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
This policy was updated on 7th April 2021