Who are we?
The Rose & Crown Public House Ltd is a limited company incorporated in England & Wales and is a controller under the General Data Protection Regulation & Data Protection Act 2018.
Description of processing
The following is a broad description of the way this organisation/data controller processes personal information.
To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
Reasons/purposes for processing information
We process personal information to enable us to provide services related to our work, to maintain our own accounts and records and to support and manage our employees.
Type/classes of information processed
We process information relating to the above reasons/purposes. This information may include:
- personal details
- family, lifestyle and social circumstances
- goods and services
- financial details
- education details
- employment details
We also process sensitive classes of information that may include:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs
- trade union membership
Who the information is processed about
We process personal information about customers and clients, advisers and other professional experts and employees.
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations.
Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- business associates, professional advisers
- family, associates and representatives of the person whose personal data we are processing
- local and central government
- financial organisations
- ombudsmen and regulatory authorities
- credit reference and debt collection agencies
- healthcare professionals, social and welfare organisations
- current, past or prospective employers
- examining bodies
- service providers
Sales & Marketing Services
Information is processed for sales and marketing services. For this reason, the information processed may include name, contact details, family details, financial details, and the goods and services provided.
This information may be about customers and clients.
Where necessary this information is shared with the data subject themselves, business associates and other professional advisers, current, past or prospective employers and service providers.
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act.
How long will we keep your information?
We would normally keep your information throughout the period of time we work with you and afterwards for a period of 6 years as we are required by law to do this.
In some cases (for example where we hold a will for you) we may retain your information for longer, we will advise you of this at the time.
We ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures.
In the event of a personal data breech we have in place procedures to ensure that the effects of such a breech are minimised and shall liaise with the ICO and you as appropriate.
More information is available from the data protection officer.
What rights do you have?
You have the following rights under GDPR:
- Right to be informed
- Right of access
- Right of rectification
- Right of erasure
- Right of restriction of processing
- Right to data portability
- Right to object
- Rights concerning automated decision-making and profiling
Right of access
You have the right to see the information we hold about you.
To access this, you need to provide a request in writing to our data protection officer, together with proof of identity.
We will usually process your request free of charge and within 30 days however we reserve the right to charge a reasonable administration fee.
Right to erasure
You have a right to ask us to erase your personal data in certain cases (details may be found in Article 17 of the GDPR)
We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims.
Who can you complain to?
If you are unhappy about how we are using your information or how we have responded to your request, then initially you should contact the Data Protection Officer Sarah Harrison.
If your complaint remains unresolved then you can contact the Information Commissioners Office, details available at www.ico.org.uk