Our Data Privacy Policy
Introduction
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and stored. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.
The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). The governing body is the Information Commissioner’s Office (the “ICO”).
Who we are
For the purpose of the GDPR the data controller is Scampston Estate, Estate Office, Scampston Hall, Malton, North Yorkshire YO17 8NG.
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘Scampston’ or ‘Scampston Estate', it refers to Scampston Estate, which includes Scampston Hall and Walled Garden.
If you have any questions relating to this privacy policy or how we use your personal data, please send them to dataprivacy@scampston.co.uk or post them to us at the address above.
Personal data we collect
We collect and use your personal data for the following purposes:
- To enable us to provide a service or fulfil a booking, order, service or contract
- To administer membership records
- To maintain our own reports, accounts and records
- To inform you of news, events, activities, offers and services available at Scampston
- To make improvements to our products and services
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
This personal data you give us may include your name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, CCTV images, attitudes, opinions, usernames and passwords.
If you’re an employee or volunteer we may collect extra information about you (such as references, criminal records checks, details of emergency contacts or medical conditions). We will keep this information for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim), and for safeguarding purposes.
We may automatically collect information as you use our digital services such as our website. This may include the pages you have visited, information about the device or browser you are using, any errors you encountered and data relating to any online transactions such as the order number for memberships, donations, renewals, holiday bookings and online shop purchases.
In whatever way you interact with us, such interaction may create other items of personal data. This could include details of how you’ve helped us by volunteering or other activities.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the GDPR.
We will use your personal data for the purpose or purposes outlined at the time you gave it to us. This may have been during the course of a sale, when signing up for membership or when simply visiting our website.
We use this information:
- to provide the service, product or essential information you expect from us.
- where you have given us your consent to do so, to keep you informed about visiting, volunteering with us, membership, events, conservation work and fundraising.
- to enable trusted partner organisations to perform services on our behalf or to help us understand our supporters more effectively.
- to better understand how we can improve our services for you.
We may also need to provide your personal data if we’re asked by the police, or any other regulatory or government authority investigating suspected illegal activities.
Below are the main ways we will use your data. These all depend on the nature of our relationship with you and how you interact with and use our various services, websites and activities.
Visiting Scampston
As a visitor to Scampston we may collect and use your personal data in order to enter into, administer and manage your visit(s) including managing and performing the underlying contract with you.
Membership
We use the personal data you provide as a member to fulfil your membership. This includes sending renewal information to annual members by mail and email.
Events management
We process customer data in order to fulfil events bookings such as weddings and conferences. Your data will be used to communicate with you throughout the process, including confirming we’ve received your order and payment, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your order or booking. We may also hold dietary requirements for weddings and other events
Tenants
If you are a tenant of Scampston Estate or hold a license for some form of land use activity, we will use your personal information to fulfil our contract with you. This may include, but is not limited to, sending you rental invoices, tenant and landlord correspondence, and contacting you with information about issues or activities relating to your lease or license. We will not pass your details to third parties except where you have provided explicit consent or where we need to do so in order to fulfil our landlord responsibilities, for example if we need to send your address to a maintenance contractor so they can carry out repairs
Online Ticket Purchasing
Through our online ticketing system, which is managed and run by TYG Tickets, we will collect and process all forms of data concerned with the completion of a financial transaction to purchase tickets to visit or attend an event at Scampston.
Location data
We use the location data provided by the devices you use to access our website. If you let your device share this information with us, we’ll use it to personalise your experience with us. Your device or web browser will usually prompt you when this is requested.
CCTV Usage
Please note that on the Scampston Estate we use CCTV and surveillance cameras which capture personal data about visitors to our site. This is for the prevention and detection of crime and for protecting the safety and security of our visitors, guests and staff whilst at Scampston Estate.
Marketing communications
We may use your personal data to provide you with marketing information including news, events, activities, offers and services at Scampston Estate.
If you agree to receive marketing information from us you can always change your mind at a later date. We will always include a simple unsubscribe link on all our marketing communications with you, or you can email us at dataprivacy@scampston.co.uk
We may invite you to complete surveys or provide us with feedback. You can choose not to take part.
We do not share your information with any other third party for marketing purposes unless disclosed at the time of opt-in, and we never sell your data to third parties.
Data retention
We will only retain your personal data for a reasonable period; after you have stopped being an active prospect, customer or supplier and as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Information we may collect from you
We may collect and process the following data about you:
Information that you provide
Information that you provide us by filling in forms on our sites or by corresponding with us by telephone, email or otherwise.
This includes information provided at the time of signing up to receive our newsletter, making a booking, subscribing to our membership, making a purchase on our online shop, enquiring about a job role or requesting information on other products and services.
We may also ask you for information when you report a problem or have a complaint.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
If you contact us, we may keep a record of that correspondence.
The information you may give us may include your name, email address, postal address and telephone number and financial and credit card information.
Information that we collect about you on our website
With regard to each of your visits to our website we may automatically collect the following information:
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our telephone numbers.
This information enables us to:
- estimate our audience size and usage pattern
- recognise you when you return to our site
- make improvements to the customer experience
- understand which promotional tools are successful
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.
By visiting this website you are accepting and consenting to the practices described in this policy.
This policy only applies to our website. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.
How we share your data
We will not sell your personal information to a third party.
We share your personal data between Scampston Estate's internal departments i.e. Scampston Estate, Scampston Hall and Scampston Walled Garden.
In addition, Scampston Estate share your personal data with our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you that we have agreed to provide.
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and in to keep in accordance with the requirements of the GDPR and not to use it for their own direct marketing purposes.
We may transfer your personal information to a third party as otherwise permitted by the GDPR, for example to our insurance or legal advisors or in order to comply with a legal requirement or obligation placed on us by law.
We may transfer CCTV to a third party security organisation (e.g. Police) in respect of any connection with a crime or security issue.
Information from other sources
There are certain third parties with whom we have to work closely (including, for example, business partners, professional advisers, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and we may receive information about you from them.
If we are doing business with you, we may have to conduct due diligence on you, for example where we are under a legal or regulatory requirement.
We may combine information we receive from other sources with the information you give to us and information we collect about you.
We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Data storage
We do not store or transfer your personal data outside of the European Union.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Any payment transactions taken via our website or card machines will be encrypted.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Information usage
We use information held about you in the following ways to:
- ensure that content from our site is presented in the most effective manner for you and for your computer.
- provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- carry out our obligations arising from any contracts entered into between you and us.
- allow you to participate in interactive features of our service when you choose to do so.
- notify you about changes to our service.
Disclosure of your personal information
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Your rights
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and have provided further information about the rights that individuals have and how to exercise them below.
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at dataprivacy@scampston.co.uk or write to us at The Estate Office, Scampston Hall, Malton, North Yorkshire YO17 8NG.
You may be asked to provide the details of the personal information you want to access and the date range of the information you wish to access.
We will need you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limit of 30 days. This timeframe may be extended by up to two months if your request is particularly complex.
Changes to our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. This policy was last updated on 24th May 2018.
Get In Touch
Questions, comments and requests regarding this privacy policy should be addressed to dataprivacy@scampston.co.uk