The Hall


The Gardens


What's On


Family Fun


Shopping & Eating


Visitor Info
general 1



Spooky Woodland Trail 27 Oct to 4 Nov



Michaelmas Fair 27 Oct to 28 Oct



Christmas Opening 14 Nov to 23 Dec

You are here: > Home > Privacy Policy

Burton Agnes Hall Preservation Trust Ltd. Privacy Policy

Burton Agnes Hall Preservation Trust Ltd and its trading subsidiary Burton Agnes Hall Trading Ltd (hereafter referred to as Burton Agnes Hall) are committed to protecting and respecting your privacy.

This policy sets out the basis on which any personal data collected from you, or that you provide, is used by Burton Agnes Hall. 

Why does this policy exist?

The privacy policy ensures that Burton Agnes Hall:

· Complies with data protection law and follows good practice

· Protects rights of staff, customers and partners

· Is open about how it stores and processes individuals’ data

· Protects itself from risk of a data breach

Why do we collect personal information?

Burton Agnes Hall may collect and process the following data about you:

Information you give us

You may provide information about yourself by filling in forms or by corresponding with Burton Agnes Hall by phone, e-mail or otherwise. For example, this includes information you provide when you become a member, purchase tickets, enter competitions or prize draws, or subscribe to e-newsletters. The information you provide may include, for example, your name, address, e-mail address or phone number.

Information collected about you 

With each of your visits to our website, we may automatically collect the following information:

· Anonymous demographic information, which is not unique to you, such as your postcode, age, gender, preferences, interests and favourites;

· Technical information about your computer hardware and software, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, domain names, time zone setting, browser plug-in types and versions and referring website addresses. 

The personal information we collect

· We collect information from, amongst others, customers, members, tenants, employees, volunteers, suppliers, enquirers, supporters and job applicants.

· Personal information includes, for example: name, email, address and phone number.

How we use cookies 

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website and tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Keeping information secure:

We are committed to digital security. We will never sell your personal data and we will never share it with another organisation for marketing purposes. Information is only shared when we are required to by law or with carefully selected partners who work for us.

Data protection risks

This policy helps protect Burton Agnes Hall from data security risks, including:

· Breaches in confidentiality 

· Failing to offer choice (individuals are free to choose how a company uses data relating to them)

· Reputational damage (caused if hackers gained access to sensitive information)

Responsibilities 

All Burton Agnes Hall employees have responsibility to ensure that data is collected, stored and handled appropriately and in line with the privacy policy. However, these people have particular responsibility:

The Governing Body and Directors are ultimately responsible for ensuring that Burton Agnes Hall meets its legal obligations.

The Data Protection Officer is responsible for:

· Keeping the trustees and directors updated about data protection risks and responsibilities 

· Reviewing all data responsibilities 

· Arranging data protection training

· Handling data protection questions

· Dealing with data requests 

The IT Manager is responsible for:

· Ensuring all systems, services and equipment used for storing data meets security standards

· Performing regular scans to ensure security hardware is working correctly

The Marketing Manager is responsible for:

· Approving any data protection statements attached to communications such as emails and letters

· Addressing any data protection queries from press

· Ensuring all marketing initiatives abide by data protection principles

General staff guidelines

· The only people able to access data covered by this policy should be those who need it for their work

· Data should not be shared informally

· Burton Agnes Hall will provide training to all employees to help them understand their responsibilities when handling data

· Employees should keep all data secure by following guidelines

· Passwords must be kept strong and never shared

· Personal data should not be disclosed to unauthorised people

· Data should be regularly updated and reviewed and deleted and disposed of if out of date or no longer required

· Employees should request help from line managers if they have any queries regarding data protection.

Data storage

· When working with personal data, employees should ensure screens are locked when unattended 

· Data must be encrypted before being transferred electronically

· Personal data should not be transferred outside the European economic area

· Employees should not save copies of personal data to their computers.  

Data accuracy    

The law requires that Burton Agnes Hall takes reasonable steps to ensure data is kept accurate and up to date.

· Data should be held in as few places as necessary

· Staff should take every opportunity to ensure data is updated

· Burton Agnes Hall must ensure it is easy for data subjects to update information easily

· Data should be updated as inaccuracies are discovered 

Disclosing data for other reasons

In certain circumstances the Data Protection Act allows personal data to be disclosed to law enforcement agencies with consent of the data subject.

Under these circumstances, Burton Agnes Hall will disclose requested data. However, the data controller will ensure the request is legitimate and seek advice from legal advisers where necessary. 

 

Subject access requests

Subjects are entitled to:

· Ask what information is stored about them

· Ask how to gain access to it

· Be informed of how to keep their information up to date

· Be informed about how the company is meeting data protection obligations

Changes to data and data removal 

You can decide not to receive marketing communications, or change how we contact you, at any time. If you wish to do this or if you have any questions concerning your personal data and how we look after it, please contact us at office@burtonagnes.com, write to us at Burton Agnes Estate Office, Burton Agnes, Driffield, YO25 4NB or call the estate office on 01262 490324. 

Data breach

Should a data breach occur, where unauthorised access or alteration has occurred and the breach of security could lead to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data, the Information Commissioner’s Office will be informed within 72 hours of the breach. An exeption to this is if the data breach is unlikely to cause risk to individuals; however the breach should still be documented. 

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet costs in providing you with details of the information we hold about you.

Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to office@burtonagnes.com.

Changes to this policy

This Privacy Policy will be amended from time to time to ensure it remains up to date and accurately reflects how and why we use personal data. The current version of our Privacy Policy will always be on the Burton Agnes website.


Text Size: A A A  |  Printer Friendly