Privacy Policy

 

This policy, together with any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR).

1. DEFINITIONS

Data controller - A controller determines the purposes and means of processing personal data.

Data processor - A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person

Categories of data: Personal data and special categories of personal data

Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example, name, house address or private email address.

Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.   WHO AM I?  
  
I, Sarah Alford, am the data controller and I am responsible for your personal data (referred to as “I”, “me” or “my” in this privacy notice).
  
Contact Details
 
My full details are: 
 
Full name: Sarah Alford
 
Email address:  This email address is being protected from spambots. You need JavaScript enabled to view it.
 
Postal address: Celyn Farm Bed and Breakfast, Forest Coal Pit, Abergavenny, Monmouthshire NP7 7LW


It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at 
This email address is being protected from spambots. You need JavaScript enabled to view it. .


If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues 
www.ico.org.uk . We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
 
3.  WHAT DATA DO WE COLLECT ABOUT YOU?
 
Personal data means any information capable of identifying an individual. It does not include anonymised data.
 
We may process certain types of personal data about you as follows:
 
Identity Data may include your first name, maiden name, last name, title, date of birth and gender.

Contact Data may include your billing address, delivery address, email address and telephone numbers.

Financial Data may include your bank account details.

Transaction Data may include details about payments between us and other details of purchases made by you.

Sensitive Data
 
We do not collect sensitive data about you.

4.  HOW WE COLLECT YOUR PERSONAL DATA 
 
We collect data about you through a variety of different methods including:
 
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:


  • Book or enquire about a room;

  • Request resources or marketing be sent to you;

  • Give us feedback.

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:


Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Booking.com, Late rooms, Expedia, Buy a gift, trip advisor, hotels.com.

5.  HOW WE USE YOUR PERSONAL DATA  
 
We will only use your personal data when legally permitted. The most common uses of your personal data are:
 

  • Where we need to perform the contract between us.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation. 

 

Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by emailing us at  This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Purposes for processing your personal data  
 
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
 
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. 

Please email us at  This email address is being protected from spambots. You need JavaScript enabled to view it.  if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below: 

 

Purpose/ activity

Type of Data

Lawful basis for processing

To mark you as a new enquiry

  1. 1.Identity details
  2. 2.Contact Details

Necessary for the performance of a request by you to book a room.

To register you as a new guest

  1. 1.Identity details
  2. 2.Contact Details

Necessary for the performance of a contract with you

To process the accommodation services we offer.

 

  1. 1.Identity details
  2. 2.Contact details
  3. 3.Financial details
  4. 4.Transaction details
  5. 5.Marketing details
  6. 6.Communication details

Necessary for the performance of a contract with you.

To manage our relationship with you by for example sharing information about the area, asking you to post or leave a review.

  1. 1.Identity details
  2. 2.Contact details
  3. 3.Transaction details
  4. 4.Marketing details
  5. 5.Communication details

Necessary for the performance of a contract with you.




Marketing communications 

You will receive marketing communications from us if you have:

(i) requested information from us or purchased services from us.

We will never share your personal data with any third party for marketing purposes.  


6.  DISCLOSURES OF YOUR PERSONAL DATA  

Your personal data will be treated as strictly confidential. We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 5 above:


  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.

 

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

7. TRANSFER OF DATA ABROAD 

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

Some third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or

 

Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time. Please email us at  This email address is being protected from spambots. You need JavaScript enabled to view it.  if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

8. DATA SECURITY  

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. DATA RETENTION 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

10.  YOUR LEGAL RIGHTS 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:


  • Request a copy of the personal data which we hold about you.
  • Request that we correct any personal data if it is found to be inaccurate or out of date.
  • Request your personal data is erased where it is no longer necessary to retain such data.
  • Object to the processing of your personal data where applicable, ie where processing is based on legitimate interests, direct marketing and processing for the purpose of scientific/historical research and statistics.
  • Request a restriction is placed on further processing, where there is a dispute in relation to the accuracy or processing of your personal data.
  • Request transfer of your personal data.
  • Right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data.

 

You can see more about these rights at: 


This email address is being protected from spambots. You need JavaScript enabled to view it.  

If you wish to exercise any of the rights set out above, please email us at  This email address is being protected from spambots. You need JavaScript enabled to view it.


11. THIRD-PARTY LINKS 

Our website contains links to other websites of interest. You should note that we do not have any control over those websites, and so cannot be responsible for the protection and privacy of any information which you provide whilst visiting them.



  1. CHANGES TO OUR PRIVACY POLICY

    Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

    13. HOW TO MAKE A COMPLAINT

    To exercise all relevant rights, queries or complaints, please in the first instance contact me, Sarah Alford at  This email address is being protected from spambots. You need JavaScript enabled to view it.  

    14. REVIEW

    This document will reviewed every 12 months.

Contact Details

Celyn Farm

Forest Coal Pit
Abergavenny
Monmouthshire. NP7 7LW

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: 01873 890 894
Mobile: 07763 312778