At Norden Farm, we understand that privacy is important and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website and we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
“Our Site” means www.nordenfarm.com.
“We/Us/Our” means Norden Farm, partnership.
“Account” means an account required to access and/or use certain areas and features of Our Site;
“Personal Data” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, as defined by the General Data Protection Regulation (GDPR) EU Regulation 2016/679.
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Part 13, below.
“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and of EU Regulation 2016/679 General Data Protection Regulation.
2. Information About Us
Our Site is owned and operated by Norden Farm, partnership.
Registered address: Norden Farm, Corfe Castle, Dorset, BH20 5DS, UK.
VAT Number: 186 3682 27
Data Protection Partner: Ms CJ Ramm.
Telephone number: 01929 480098
Postal address: Norden Farm, Corfe Castle, Dorset, BH20 5DS, UK
3. What Does This Policy Cover?
4. What Are My Rights?
Under the Data Protection Legislation, you have the following rights which we will always work to uphold:
II. The right to access the personal data we hold about you. Please find details of this in Part 12.
III. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 15 to do this.
IV. The right to ask us to delete or otherwise dispose of any of your personal data that we hold.
V. The right to restrict the processing of your data.
VI. The right to object to us using your personal data for particular purposes.
VII. The right to withdraw consent. If we are relying on your consent as the legal basis for using your personal data, you are free to withdraw this consent at any time. Please contact us using the details in Part 15 to do so.
VIII. The right to data portability. If you have provided personal data to us, we are using it with your consent or for the performance of a contract. You can ask us for a copy of that personal data to re-use with another service or business in many cases. Please see Part 12 for more information.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed.
5. What Data Do You Collect and How?
Depending upon your use of Our Site, we may collect and process the information you give us. This may arise from you providing information when making a booking on Our Site, or by corresponding with us by phone, email, in writing or in person. This also includes information you provide when you change or update your personal details or contact preferences.
Information held is likely to include your name, date of birth, contact details, card and payment details, information about people travelling with you, information about your booking and any additional information we may need to help meet your specific requirements.
6. How Do You Use My Personal Data?
We require the collation, processing and storage of certain personal data in order to carry out our business purpose. Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The lawful reason for collecting, processing and storing this data is that as a guest, you enter into a contract with us until your stay is complete. The data collected will be used to administer the agreement between us and you, the guest. We may also use this data for statistical purposes when we evaluate our range of products and services, to manage customer service queries, and for no other reason without your express permission.
We will not send any marketing communications, or any other form of communication other than for specific business purpose without your express consent. You will not be sent any unlawful marketing or spam. If you consent to receive marketing communications, you can opt out at any time, either by using the opt-out feature on our newsletter, or by contacting us directly. Please see Part 15 for information on how to contact us.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
7. How Long Will You Keep My Personal Data?
We have a system of retention periods in place to ensure that your information is only stored whilst it is required for the relevant purposes or to meet legal requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner. If you do not want us to store your data for this amount of time, then please call us and request that we remove your data.
8. How Do You Store or Transfer My Personal Data?
We appoint third party service providers, to help us manage efficient systems within the business. We will only transfer your information to service providers who help manage our systems where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy laws.
We store or transfer some or all of your personal data in countries that are not part of the European Economic Area (EEA). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. We take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK.
9. Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
I. We may share your personal data with our service providers and agents who perform services on our behalf such as payment processers and data management firms.
II. We may share your personal data to fraud prevention agencies for the purposes on preventing fraud or loss.
III. In some circumstances, we may be legally required to share certain personal data, for legal or regulatory purposes.
IV. In some circumstances, we may be legally required to share certain personal data, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority
If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation, as explained above in Part 8.
10. How Can I Control My Personal Data?
I. In addition to your rights under the Data Protection Legislation, set out in Part 4, when you submit personal data via Our Site, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails.
II. You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications from us that you have consented to receiving.
11. Can I Withhold Information?
You may access certain areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
12. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal address shown in Part 15.
By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on Our Site for website performance and analytics. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.
All Cookies used by and on Our Site are used in accordance with current Cookie Law.
The following Cookies may be placed on your computer or device:
I. Strictly Necessary Cookies- A Cookie falls into this category if it is essential for the operation of Our Site, supporting functions such as logging in, shopping baskets and payment transactions
II. Analytics Cookies- It is important for us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather information, helping us to improve Our Site and your experience of it.
III. Functionality Cookies- These Cookies enable us to provide additional functions to you on Our Site such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies.
IV. Targeting Cookies- It is important for us to know when and how often you visit Our Site, and which parts of it you have used (including pages you have visited and which links you have visited). As with Analytics Cookies, this information helps us to better understand you and in turn, make Our Site and advertising more relevant to your interests.
V. Third-Party Cookies- Third-Party Cookies are not placed by us; instead they are placed by third parties that provide services to us and/or you. Third-Party Cookies may be used by advertising services to provide tailored advertising to you on Our Site, or by third parties providing analytic services to us (these Cookies work in the same way as analytics Cookies described above).
VI. Persistent Cookies- Any of the above types of Cookies may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site.
VII. Session Cookies- Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser, at which time they are deleted.
The following Cookies may be placed on your computer or device:
Our Site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how Our Site is used. This, in turn, enables us to improve Our Site and the products and services offered through it.
The analytics services used by Our Site uses Analytics Cookies to gather the required information. You do not have to allow us to use these Cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable us to continually improve Our Site, making it a better and more useful experience for you.
Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended.
In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
The links below provide instructions on how to control Cookies in popular browsers:
I. Google Chrome- https://support.google.com/chrome/answer/95647?hl=en-GB
II. Microsoft Internet Explorer- https://support.microsoft.com/en-us/kb/278835
III. Microsoft Edge- https://support.microsoft.com/en-gb/products/microsoft-edge (please note that there are no specific instructions at this time, but Microsoft Support will be able to assist)
IV. Mozilla Firefox- https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-preferences
V. Safari (macOS)- https://support.apple.com/en-gb/guide/safari/sfri11471/mac
VI. Safari (iOS)- https://support.apple.com/en-gb/HT201265
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
15. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of: Ms C J Ramm):
Telephone number: 01929 480098
Postal Address: Norden Farm, Corfe Castle, Dorset, BH20 5DS, UK
At Norden Farm we believe that CCTV plays a legitimate role in helping to maintain a safe and secure environment for all our staff, guests, customers, tenants, and employees of our partners and suppliers and contractors.
Images recorded by CCTV are Personal Data and as such must be processed in accordance with data protection laws. We are committed to complying with our legal obligations in order to appropriately handle and protect Personal Data and ensure that the legal rights of everyone relating to their Personal Data, are recognised and respected.
This policy is intended to enable staff, guests, customers, tenants, and employees of our partners and suppliers and contractors to understand how Norden Farm uses CCTV, who is responsible for our CCTV use, the rights individuals may have in relation to CCTV, who has access to CCTV images and how individuals can raise any queries or concerns they may have.
For the purposes of this policy, the following terms have the following meanings:
CCTV: means cameras, devices or systems including fixed CCTV and any other systems that capture information of identifiable individuals or information relating to identifiable individuals.
CCTV Data: means any Data in respect of CCTV, e.g. video images, static pictures, etc.
Data: means any information which is stored electronically or in paper-based filing systems.
Data Subject: means any individuals who can be identified directly or indirectly from CCTV Data (or other Data in our possession). Data Subjects include staff, guests, customers, tenants, employees of our partners, suppliers and contractors, and members of the public.
Data Controller: is the organisation or authority which, determines how and for what purpose the Personal Data are processed. When operating CCTV, Norden Farm is the relevant Data Controller and is responsible for ensuring compliance with the Data Protection Laws.
CCTV users: are those of our employees (or employees of any Data Processors which we appoint) whose work involves processing CCTV Data. This will include those whose duties are to operate CCTV to record, monitor, store, retrieve and delete images. Data users must protect the CCTV Data they handle in accordance with this policy.
Service Provider: is any organisation that is not a CCTV user (or other employee of a Data Controller) that processes CCTV Data or Personal Data on our behalf and in accordance with our instructions.
Data Protection Laws: means:
in each case as from time to time in force and as from time to time amended, extended, consolidated, re-enacted, replaced, superseded or in any other way incorporated into law and all orders, regulations, statutes, instruments and/or other subordinate legislation (including the Data Protection Bill 2017 when in force) made under any of the above in any jurisdiction from time to time.
Processing: is any activity which involves the use of CCTV Data, whether or not by automated means. It includes collecting, obtaining, recording or holding CCTV Data, or carrying out any operation or set of operations on the CCTV Data including organising, structuring, amending, retrieving, using, disclosing or erasing or destroying it. Processing also includes transferring CCTV Data to third parties.
Site: means the entire Norden Farm estate located at Norden Farm, Corfe Castle, Dorset, BH20 5DS and more specifically Norden Farm Campsite, Norden Farm Shop, Norden Farm Cottage, Norden House and all other residential and non-residential fixed structures, residential and non-residential mobile structures, farm buildings, storage areas, driveways, pathways and open land situated on the estate.
2.1: We currently use CCTV to view and record individuals at our Site, 24 hours per day, 7 days per week. This policy sets out why we use CCTV, how we will use CCTV and how we will process any CCTV Data recorded by CCTV to ensure that we are compliant with Data Protection Law.
2.2: The images of individuals recorded by CCTV are Personal Data and therefore subject to the Data Protection Laws. Norden Farm is the Data Controller of all CCTV Data captured at our Site.
2.3: This policy covers all staff, guests, customers, tenants, and employees of our partners and suppliers and contractors and may also be relevant to members of the public visiting the Site.
Ben Barton, Site Manager, has overall responsibility for ensuring compliance with Data Protection Laws and the effective operation of this policy. Should you have any queries on the use of CCTV or surveillance systems by us please contact Ben Barton, Site Manager.
4.1: We currently use CCTV around our Site as outlined below. We believe that such use is necessary for the following legitimate business purposes:
(a) for the personal safety of staff, guests, customers, tenants, employees of our partners, suppliers and contractors and other members of the public and to act as a deterrent against crime;
(b) to prevent or detect crime and protect buildings and assets from damage, disruption, theft, vandalism and other crime;
(c) to support law enforcement bodies in the prevention, detection and prosecution of crime; and
(d) to monitor traffic flow on the estate.
We may implement or use CCTV for purposes other than those specified above which we will notify you of from time to time.
5.1: The locations of the CCTV are chosen to minimise the viewing of spaces/individuals which are not relevant to the legitimate purpose of the monitoring as specified above.
5.2: Currently, none of our CCTV records sound.
5.3: A live feed from the CCTV is monitored continuously and images are only revisited in the event of an incident or if a request is made.
5.4: Any staff using CCTV will be given training to ensure that they understand and observe the legal requirements relating to the processing of any Data gathered.
6.1: Where CCTV is in use at our Site, we will ensure that signs are displayed at the entrance of the surveillance zone to alert staff, guests, customers, tenants, and employees of our partners, suppliers and contractors that their image may be recorded. The signs will contain details of the organisation operating the system (where they are operated by a third party) and who to contact for further information.
6:2: We will ensure that live feeds from the CCTV are only viewed by appropriately authorised members of staff or third-party service providers whose role requires them to have access to such CCTV Data. Recorded images will only ever be viewed by our staff in the Manager’s Office which is a secure and restricted area.
6:3: No surveillance cameras will be placed in areas where there is an expectation of privacy (for example, in changing rooms, toilets) unless, in very exceptional circumstances, it is judged by us to be necessary to deal with very serious concerns.
7.1: In order to ensure that the rights of individuals recorded by our CCTV are protected, we will ensure that CCTV Data gathered from such systems is stored in a way that maintains its integrity and security. This may include encrypting the Data, where it is possible to do so.
7.2: We will ensure that any CCTV Data is only used for the purposes specified in section 4.1 above. We will not use CCTV Data for another purpose unless permitted by Data Protection Laws.
7.3: Where we engage Data Processors to process Data on our behalf, we will ensure contractual safeguards are in place to protect the security and integrity of the Data.
8.1: Data recorded by our CCTV will be stored locally on servers at our Site. We will not retain this Data indefinitely but will permanently delete it once there is no reason to retain the recorded information. Exactly how long the Data will be retained for will vary according to the purpose for which it was recorded. For example, where images are being recorded for crime prevention purposes, CCTV Data will be kept only for as long as it takes to establish that a crime has been committed or where we are using the CCTV Data for staff disciplinary purposes, the images will be kept until the process is completed. In all other cases, recorded images will be kept for no longer than 60 days before being overwritten and permanently deleted.
8.2: At the end of its useful life and in any event within 7 years all Data stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs or hard copy photographs will be promptly disposed of as confidential waste.
9.1: We will periodically review our ongoing use of existing CCTV at our Site to ensure that its use remains necessary and appropriate and in compliance with Data Protection Laws.
9.2: We will also carry out checks to ensure that this policy is being followed by all staff.
10.1 As CCTV Data will identify individuals, it will be considered Personal Data under applicable Data Protection Laws. Under Data Protection Laws, Data Subjects have certain rights in relation to the Personal Data concerning them. These are as follows:
(a) the right to access a copy of that Personal Data and the following information (this may include CCTV Data captured by our CCTV):
(i) the purpose of the processing;
(ii) the types of Personal Data concerned;
(iii) to whom the Personal Data has or will be disclosed; and
(iv) the envisaged period that the Personal Data will be stored, or if not possible, the criteria used to decide that period;
(b) the right to request any inaccurate Personal Data that we hold concerning them is rectified, this includes having incomplete Personal Data completed;
(c) the right to request the Personal Data we hold concerning them is erased without undue delay, where it is no longer necessary for us to retain it in relation to the purposes it was collected;
(d) the right to request restriction of our processing of Personal Data in certain circumstances; and
(e) the right to lodge a complaint with the Information Commissioner’s Office, if the Data Subject considers that our processing of the Personal Data relating to him or her infringes Data Protection Laws.
11.1 In order to operate CCTV across our Site we may appoint service providers to provide us with maintenance services related to that CCTV. Such service providers will act only on our instructions and on our behalf for the purposes listed in section 4.1 above. We will require these service providers by contract to safeguard the privacy and security of Personal Data they process on our behalf.
12.1: No images from our CCTV cameras will be disclosed to any third party (other than our third-party CCTV maintenance service providers), without express permission being given by the Site Manager. Data will only be disclosed to a third party in accordance with Data Protection Laws.
12.2: In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.
13.1: If anyone has questions about this policy or any concerns about our use of CCTV, then they should speak to Ben Barton in the first instance.
August 10, 2022