Last Updated 07/12/18
Personal information that we collect (or that you provide) which relates to you and from which you can be identified is called personal data (“Personal Data”). The types of Personal Data about you that we may collect and use includes, but is not limited to, the following:
- your name (including maiden and married names), address, phone, date of birth, place of birth, and other contact details;
- governmental identification information (social security, driver’s license, passport information, residency cards and other information related to identification) and certificates (birth certificates, marriage certificates, divorce certificates);
- financial information (bank account, credit card information and credit agency reports etc.);
- “sensitive” data about you, for example, information regarding your health, sexual orientation, ethnic origin or political, philosophical and religious beliefs; and
- any other Personal Data that you may provide to us from time to time.
To the extent we collect and/or process your Personal Data, we do so in accordance with applicable laws that regulate data protection and privacy. These laws include, without limitation, the EU General Data Protection Regulation (2016/679) (“GDPR”) and the UK Data Protection Act 2018 (“DPA”) together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, “Data Protection Laws”).
Data protection principles
Under applicable Data Protection Laws, there are several key principles relating to processing of Personal Data. In summary, these principles state that Personal Data shall be:
- Processed fairly and lawfully in a transparent manner;
- Collected for specific, explicit and legitimate purposes and not be processed in any manner which is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for that purpose;
- Accurate and kept up to date where necessary, with every reasonable step being taken to ensure that Personal Data are accurate, having regard to the processing purpose, and are erased or rectified without undue delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for that purpose;
- Kept secure, safe from unauthorised access, accidental loss, damage or destruction; and
- Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction of damage, using appropriate technical or organisational measures.
Our services may include, without limitation (collectively, “Services”):
- Dry-hire of Wormsley estate locations and facilities for events such as meetings, conferences, performances, festivals, weddings and private functions (e.g., – private dinners, cricket tournaments, shooting parties);
- Visits to and tours of any Wormsley property (e.g. – the Library and Walled Garden);
- The hosting & management of any of the foregoing events;
- Use of Wormsley grounds and facilities in social media and/or interactive applications, audio visual content, media and entertainment, text, photographs, forums and advertising; and
- Other services offered both presently and in the future, whether physically located at Wormsley or through remote access via our website, media platforms or networks.
This policy covers all Services provided by Wormsley, and applies to the collection and use of your Personal Data by us and by the parties that we authorise to process such information (such as our vendors, suppliers and sub-contractors).
General categories of personal data we may collect and methods of collection
In order to provide our Services, we often need to collect, store, review and transfer Personal Data relating to individuals, companies and organisations. Most of this information is provided directly by you to us, but some Personal Data may be obtained by us through agreements with third parties that we interact with in providing our services. These third parties may include event management / planning companies & consultants, catering and entertainment companies, photographers and videographers, booking websites, and venue search services, among others.
Some examples of ways in which you may provide Personal Data to us for our use in connection with providing our Services include:
- Filling in a form on our website;
- Filling in a physical registration card, prize draw form, survey or similar;
- Opting in to receive marketing information from us;
- Creating an on-line account with us;
- Contacting us either in person or by telephone (e.g. in the context of visiting Wormsley property to view our facilities, making an event enquiry, making a reservation/booking, etc.);
- Sending us a letter, e-mail or social media message;
- Subscribing to receive Services from us (e.g. a newsletter, blog or by following us on social media);
- Requesting promotional information from us (e.g. information about any of our Services); or
- Contributing content to us (e.g. for display on any Wormsley web-site, blog or social media channel).
Some examples of the Personal Data we may obtain through these channels can include:
- Your name, address and contact details such as email address, telephone number (including mobile number), social media usernames, etc.;
- Records of verbal or email conversations/meetings, including personal and philanthropic interests;
- A record of the communications we have sent to you and any responses to such communications;
- Your contact preferences; and
- Your current job title, employer and work email addresses.
Use of personal data
As a provider of Services and experiences, Wormsley has a legitimate business interest in operating and improving its business and the Services it offers. Wormsley therefore uses and processes your Personal Data to:
- Help us create content that is relevant to our visitors;
- Assist in and administer the provision of Services to you;
- Make improvements to our websites and social media pages and ensure that content on these is presented in the most effective manner for you;
- Provide you with information, products or services that you request from us or which we feel may interest you;
- Contact you with service messages;
- Facilitate bookings, payment and other administrative processes related to your time at Wormsley;
- Monitor compliance with applicable terms and conditions;
- Assess and help us understand general trends and patterns relating to our business;
- Provide for the safety and security of our guests and visitors;
- Manage general record keeping, included but not limited to suppliers, contractors, tenants, business consultants;
- Enable us to compile anonymous, aggregated statistics that allow us to understand how users use our websites and to help us improve the structure of our websites;
- Enable you to make enquiries, reservations and payments;
- Meet any legal and/or regulatory requirements;
- Process and deal with any complaints;
- Provide the products or services you request from us including providing personalised services;
- Administer the prize if you are a prize winner and to publish or otherwise make available a list of prize winners;
- Improve our products and services and to ensure our products and services are of interest to you; and
- Process job and volunteer applications.
We may also use your Personal Data to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use Personal Data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by authorised agencies and applicable laws.
In the situations set out below, we will only process your Personal Data when you have given us your specific consent and you have the right to withdraw your consent at any time (see “Your Rights” below):
- Marketing and profiling purposes, which are managed solely by Wormsley as data controller. Your decision to provide your data for such purposes is optional and will have no consequence on your ability to otherwise engage Wormsley to provide Services;
- All purposes concerning your booking, your visit and to provide you with the Services you have requested, which are managed by Wormsley as data controller. Your decision to provide Personal Data (including special category/sensitive Personal Data) to us is voluntary; however, if you do not provide such Personal Data then Wormsley may not be able to provide the requested Services to you.
We may process your Personal Data by both automated and manual means.
Personal data we collect automatically
When you visit the Wormsley website, we may also collect certain data through the use of “cookies” and other automated means. Cookies are small pieces of data that are stored by your browser on your computer’s hard drive. Such data may comprise the following information:
- Date and time;
- Originating IP address;
- Domain name;
- Type of browser and operating system used (if provided by the browser);
- URL of the referring page (if provided by the browser);
- Object requested;
- Completion status of the request;
- Geographic location; or
- Language preferences.
To learn more about cookies, how they are used and how to exercise your choice with respect to their collection of information on this site, please see the relevant section of this policy.
Specific categories of personal data collection and usage
Clients and Customers (Public and Private Events)
In order to provide Services to our event clients, we need to collect, store, review and transfer Personal Data relating to event sponsors and hosts, as well as individuals, companies and organisations who make use of these Services. In most cases this information will be provided by you to us, but we may also receive this information from third-party service providers.
We may contact you about the details of your specific event during the pre-event planning stage and for post-event feedback. Your information will not be used for any third-party marketing purposes.
Event Attendees / Delegates / Guests (Public and Private Events)
In order to provide our Services to event attendees, delegates and guests we may need to collect Personal Data from such persons. This information may include names of individuals, the name of their associated organisation, the event title and any special requirements related to the event or attendee. This information is frequently provided to us by the event organiser or event ticketing / booking platform, but in certain cases may be collected by us directly.
In general, we will not collect your contact information unless:
- You provide your personal information on a customer feedback form or equivalent sign-up form;
- You contact us regarding the event you are attending; and
- You register as a user on our event Wi-Fi service / platform, in which case we may collect certain Personal Data such as your name, email address and any other data that you provide in connection with such registration.
Importantly, if you provide us with any special category or sensitive Personal Data (e.g. – health related, accessibility and/or dietary information; see additional detail below) in connection with your attendance of an event at Wormsley, we will deem that you have provided this data with your express consent to use this information in connection with the provision of such Services. We will only use the information for its intended purpose.
Your information will not be used for any third-party marketing purposes.
If you apply for a job with us, we will keep your name, contact details, CV, current salary, covering letter, any references and any other information that you provide and may use these details to contact you about applicable jobs.
Owners & Trustees
We use the contact details of our owners and trustees to send them updates about the business and their investment in it as well as agreements, resolutions and documents relevant to their ownership and/or role as trustees or trust officers. We also provide their name and ownership or trustee details, as well as their name, home address, service address, date of birth, occupation and nationality of any director of such owners or trustees, to the UK Companies House.
We hold contact details, application and payment information about members of Wormsley Cricket – our membership fee based supporters club. We provide regular marketing updates relating to cricket at Wormsley and other such events as we believe our members would be interested in.
We hold information about our tenants, as it is necessary for us to conduct our contractual obligations. We do not use our tenants’ information for any marketing purposes. At times, we may be required to pass on the tenants’ details to our approved subcontractors and authorities in order to fulfil our contractual obligations. To the extent not already granted by contract, we will seek prior consent except during emergencies.
Our Vendors and Suppliers
We hold and process information about our vendors and suppliers as is necessary for us to conduct our business activities with such parties. In addition, we seek and provide trade/business references as part of our new vendor/supplier review procedure.
All Individuals: Children
We do not collect information for anyone under the age of 16, unless the information is integral to the provision of Services or required for legal or regulatory compliance purposes. In such cases we will require consent from the parent or legal guardian.
All Individuals: CCTV, Visitors to the Estate, Wi-Fi Access
We operate CCTV on our premises and across the Wormsley estate to ensure the safety of our visitors. CCTV recordings are deleted on a monthly basis.
We seek to keep a record of all authorised and pre-arranged visitors to the Wormsley estate. These records typically include visitors’ names and organisations, as well as security details provided to gain access to the estate, to ensure that we can account for such visitors in the event of an emergency.
If you choose to use our guest Wi-Fi network, we may collect certain Personal Data such as your name, email address and any other data that you provide in connection with such use.
All Individuals: Special Category / Sensitive Personal Data
We do not collect or process data that is, by its nature, particularly sensitive (e.g. genetic data, biometric data, data revealing racial or ethnic origin, political opinions, sexual orientation, religion or other beliefs, data concerning health, criminal background or trade union membership etc.) unless it is (a) at your request or with your consent, (b) needed to comply with applicable social security or social protection laws, (c) to protect your vital interests (or those of someone else) in an emergency, (d) where you have already publicised such information, or (e) where we need to use such sensitive data in connection with a legal claim or regulatory or administrative proceeding that we have or to which we may be subject.
Such sensitive data is only shared with third party service providers acting as data processors (e.g. catering providers, transport providers) for the purpose of providing the services you request, and will not be shared by us for any other purposes.
Sharing and transfer of personal data
We may share your Personal Data with third parties as described below:
- Third party service providers who have been appointed as data processors to perform functions and services on our behalf (e.g. – providers of services in respect of web hosting, payment processing, information technology systems, customer relationship management, booking and reservations management, marketing, auditing, administration) and who will be provided only with Personal Data necessary to perform the services on our behalf. This may also include third party providers of components of our Services or experiences that we may arrange for you. These third parties are not authorised by us to use your Personal Data for any other purposes;
- Our advisors and insurers in the event of a claim, dispute or where otherwise necessary;
- If we are required to do so by applicable law, regulation or rules, whether pursuant to legal process, for compliance purposes or in response to a request from a law enforcement or other governmental or regulatory authority.
Please note this policy does not cover companies, services or applications that we do not own or control, or people that we do not employ or manage, including (without limitation) third party websites or applications / widgets (e.g. – “social media” platforms such as Facebook or Twitter; customer relationship management platforms such as HubSpot) which we link to or offer via our Services, nor does it cover advertisers. Also, it does not cover certain pages and services which are hosted, managed and operated by other parties (e.g. – venue finding sites). These services, applications and third parties may have their own privacy policies and/or terms and conditions of use, which we recommend you read before using any such service. These third parties and services are wholly independent of us and are solely responsible for all aspects of their relationship with you and any use you may make of such services.
We only send marketing correspondence (whether about us, our Services, forthcoming events or commercial opportunities) to individuals that have “opted in” to receiving such communications. You have the right to “opt out” of receiving marketing communications from us, whether by email or otherwise, at any time. You can do this by (i) clicking the unsubscribe link displayed in any of the marketing e-mails you receive from us, (ii) emailing email@example.com to indicate you no longer wish to receive marketing communications, or (iii) by writing to us at the address set out in the “How to Contact us” section below.
If you are a “data subject” under applicable Data Protection Laws, you will have the following rights in relation to your Personal Data:
- Right to Access – to request confirmation of whether we process Personal Data relating to you, and if so, to request a copy of that Personal Data;
- Right to Rectification – to request that we rectify or update any Personal Data that is inaccurate, incomplete or outdated;
- Right to Erasure – to request that we erase your Personal Data in certain circumstances, such as where we collected Personal Data on the basis of your consent and you withdraw your consent;
- Right to Restriction of Processing – to request that we restrict the use of your Personal Data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your Personal Data;
- Right to Withdraw Consent – to withdraw your consent where you have previously given us consent to process your Personal Data; and
- Right to Data Portability – to request that we provide a copy of your Personal Data to you in a structured, commonly used and machine readable format in certain circumstances.
To exercise your rights as set out above, to make a complaint or to submit an inquiry about our privacy practices, please contact us at firstname.lastname@example.org.
If you are located in the EEA, we will only transfer your Personal Data if:
- The country to which the Personal Data will be transferred has been granted a European Commission adequacy decision;
- The recipient of the Personal Data is located in the US and has certified to the US-EU Privacy Shield Framework; or
- We have put in place appropriate safeguards in respect of the transfer (e.g, – we have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules).
How we protect your personal data
We maintain administrative, technical and physical safeguards designed to protect Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In order to provide services on our behalf, service providers and contractors who might have access to your data will be contractually obliged to keep such data in confidence, provide adequate data security measures, and may not use that data for any other purpose.
For your own protection, we encourage you not to include sensitive Personal Data, credit card or similar Personal Data in any e-mails you send us or our staff unless specifically requested for a specific purpose.
Links to other websites
Our website may provide links to other websites and social media platforms for your convenience and information. These websites and platforms operate independently from us. Linked websites may have their own privacy policies, which we strongly suggest you review. To the extent that any linked websites you visit are not owned or controlled by us, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
By way of example only, we have listed certain service providers and vendors currently used by Wormsley below (along with links to privacy policies for each such vendor) – this list is by no means exhaustive or complete:
- Customer Relationship Management – HubSpot
- Email Automation – MailChimp
- Ticketing – Eventbrite
How long do we keep personal data
Wormsley only retains your Personal Data for as long as needed to fulfil the purposes for which it is collected, unless we are required or permitted by law to keep the Personal Data for longer.
In general, we will retain Personal Data (including in physical and/or electronic form):
- To the extent that we are required to do so by law;
- If we believe that the documents may be relevant to any on-going or prospective legal proceedings;
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
- To support the on-going legitimate business purposes of Wormsley (with due consideration for the rights and freedoms of individuals’ privacy).
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you. In such cases, we may use such information without further notice to you.
For additional information on our data retention policies, please contact the Wormsley Data Privacy Team (contact info below).
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
The cookies used on this website have different tasks:
- Necessary Cookies: These cookies are needed to allow the website to work properly. They don’t collect any Personal Data.
- Functionality Cookies: These cookies relate to functionality of the website, would include cookies that are used to memorise your navigation choices, for instance. They collect data anonymously and can’t share this data with other services.
- Security Cookies: We use security cookies to maintain the security of the website and avoid any attack against our server.
Overall, cookies help us provide you with a better website experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website and/or allowing full functionality of the website.
How to contact us
Data Privacy Team
The Estate Office
Wormsley Estate Limited
In the unlikely event that you wish to lodge a complaint about our collection, use, transfer or processing of your Personal Data, you can lodge a complaint with the UK Data Commissioner’s Office which has supervisory authority on such matters.