DATA PROTECTION ACT 1998 - FAIR PROCESSING NOTICE
Under the definitions in The Data Protection Act 1998 (“the Act”), The Crown Estate is the Data Controller.
Information We May Collect From You
We may collect and process the following data about you:
- Information that you provide by filling in forms or providing verbally to register an interest in or apply for membership, to request further information or to make a booking;
- If you contact us by telephone, email, web form or letter, information that forms a record of that correspondence and your contact details.
- Financial information y ou supply us to process a payment;
We treat all such data as Personal Data for the purposes of the Act.
Where We Store Your Personal Data
The data we collect is stored on information technology systems owned and run by The Crown Estate. All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet to our site; any transmission is at your own risk. Once we have received your information, we will use all necessary procedures and security measures to try to prevent unauthorised access, loss, disclosure or amendment. Some data will be held on paper in ‘relevant filing systems’ defined under the Act and subject to management and destruction under a Retention and Disposal Policy.
How Your Personal Data Will Be Processed
We use information about you in the following ways:
- To provide you with information on products or services provided by us that you request or which we feel may interest you where you have consented to be contacted for such purposes;
- To process your application for a membership and to manage your membership;
- To process your request for a group booking or catering booking;
- To notify you about changes to our service;
- To perform analysis with the aim of improving the services we provide.
We may give your personal data to third parties where:
- It is necessary for them to provide you with services on our behalf;
- We are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce agreements or contracts or to protect our rights, our property, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.
We will not sell your personal data to a third party for the purposes of direct marketing.
You have the right to see what data we hold about you. This includes a description of the data being processed, the purposes of processing and any recipients to whom the data is disclosed. To exercise this right, you must make a Subject Access Request in writing to the Data Protection Officer at The Crown Estate, 16 New Burlington Place, London W1S 2HX, stating the information you require. We do not charge the fee prescribed in the Act. We may contact you to verify your identity or to clarify the precise information you require before processing your request, and will answer your request within 40 calendar days.
You have the right to ask us not to process your personal data for direct marketing purposes. You will be given an opportunity to exercise your right to prevent processing for direct marketing purposes at the time of collection. However, you can withdraw your consent to receive marketing material at any time by contacting The Royal Landscape team.
You have the right to correct your personal data at any time. Please contact The Royal Landscape team.
You have the right to prevent any unwarranted processing likely to cause damage or distress. If you feel that this situation has arisen or may arise, please contact The Royal Landscape team. Please note that this will not include processing where it is necessary to fulfil a contract or where a legal obligation for us to process the information exists.
Transfer of Personal Data Outside the European Economic Area
We will not transfer your personal data out of the European Economic Area.