About this Privacy Notice
The Titsey Foundation CIO (the “Charity”) is committed to protecting and respecting your privacy.
This Privacy Notice aims to give you information on how the Charity collects and processes your personal data through your use of this website, including any data you may provide through this website when you book to visit Titsey Place & Gardens or submit a general query via the website.
If you have any queries about this Privacy Notice or concerning your personal data please contact us via The Governor, Titsey Foundation CIO, firstname.lastname@example.org.
Who We Are
For the purposes of the UK GDPR and the Data Protection Act 2018, the controller of your personal data is The Titsey Foundation CIO. We are registered with the Information Commissioner’s Office (“ICO”) under registration number ZA790191.
The Titsey Foundation CIO is a Charitable Incorporated Organisation, registered in England and Wales with registration number: 1159986.
The Data Protection Lead for the Charity is Guy Innes, Governor of The Titsey Foundation CIO. He can be contacted via email@example.com or C/O Strutt and Parker, 201 High Street, Lewes, BN7 2NR.
Personal Data We Process
We collect personal data about you from the following sources:
- Direct interactions: We collect personal data that you provide to us, this includes information you provide when you communicate with us (e.g. through booking a visit to Titsey Place and Gardens on our website, or submitting a general website query), purchase tickets, or donate to the Charity. This may include:
- Personal identifiers (e.g. title, first name, surname)
- Contact information (e.g. telephone number, email address)
- Financial information (such as credit / debit card details, information as to whether any donations qualify for gift-aid)
- Personal data generated when you visit Titsey Place and Gardens: When you visit Titsey Place and Gardens, this may result in personal data being generated. This could include:
- Use of our public WiFi
- Details supplied by you on signing the visitor’s book
- Images of you captured on CCTV
Certain categories of personal information are regarded by data protection law as more sensitive than others. Known as ‘special category personal data’, this relates to information about your health, racial or ethnic origin, details of sexual life, sexual orientation, religious beliefs, political opinions or any genetic or biometric data that is used to identify you. This information, and any information about criminal offences or convictions, warrants a higher level of protection under data protection law.
The Charity will not process special category data about you, or information about criminal offences and convictions unless it is provided to us by you, where it is necessary and lawful for us to do so. The Charity will always make it clear when we collect this information from you what special category personal data or criminal offence data we are processing and why.
Failure to Provide Personal Data
Where we need to collect personal data by law or in order to perform a contract we have with you and you fail to provide that data when requested, we may not be able to meet our legal obligations or perform the contract we have entered or are trying to enter into with you. For example, failure to provide the requested personal data for the purposes of booking a visit to Titsey Place and Gardens on our website may result in you being unable to complete your booking online and you may not be able to secure entry on the date of your visit.
Why We Process Your Personal Data and Our Legal Reasons For Doing So
We process your personal data for the following purposes:
- To allow you to book a visit at Titsey Place and Gardens, manage your booking and to allow you entry on arrival;
- Processing debit / credit card information in connection with purchases made at Titsey Place and Gardens (e.g. in the tearooms);
- Managing your visit (e.g. health and safety, security, lost property, etc.);
- For administrative purposes (including receiving and processing donations, managing feedback and comments, etc.)
Data protection law also requires us to have a legal reason for processing your personal data. Depending on the purposes for which we use your data, one or more of the legal reasons listed below may be relevant:
- You have provided your consent for us to process your personal data (such consent may be withdrawn at any time by emailing firstname.lastname@example.org).
- The processing is necessary for the performance of the Charity’s obligations under a contract with you (for example, where you purchase entry to Titsey Place and Gardens).
- The processing is necessary for the performance of a legal obligation to which the Charity is subject
- The processing is necessary to protect the vital interests of you or another individual (for example, providing your details to a medical professional in the case of a medical emergency).
- The processing is necessary for the Charity’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Who We May Share Your Personal Data With
In certain circumstances we may pass your personal data to third parties. We will never pass your personal data for such purposes unless you have allowed us to do so or we have a lawful right to do so. For example, we may share your personal data with:
- Law enforcement agencies, regulatory organisations, courts or other public authorities where we have a legal obligation to do so.
- Third party service providers – For example, the Charity’s managing agents Strutt Parker may have access to personal data submitted to the website. Such a relationship is regulated by UK GDPR. Service providers are therefore contractually required by us to keep your personal data secure and only process it on our behalf and only in accordance with our strict instructions.
How Long We Can Keep Your Personal Data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
We continually review what information we hold and will securely delete personal data which is no longer required.
Transferring your personal data outside the UK or European Economic Area (EEA)
On occasion we may need to use third parties’ services that require transferring your personal data outside the UK and the EEA. If we do, we will put in place appropriate legal mechanisms and safeguards to ensure that your personal data is transferred and processed in compliance with data protection law. If you require further information about this, please contact email@example.com.
Control of your personal data
You have the right to:
- be informed about how we collect and use your personal data;
- ask for access to your personal data;
- require us to correct any mistakes in the personal data we hold about you;
- ask for the information we hold about you to be erased in certain circumstances;
- ask for our processing of your personal information to be restricted in certain circumstances;
- receive your data in a form allowing you to transit it to another data controller (portability); and
- object to us processing your information in certain circumstances.
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
Where we process your personal data for the legal reason that it is necessary for our, or a third party’s legitimate interests, you have the right to object such processing on this basis.
Some of your legal rights are subject to safeguards, limitations or exemptions. If you wish to exercise your rights, for example, by requesting a copy of the information which we hold about you under your right of access, please contact: The Governor of the Titsey Foundation CIO, firstname.lastname@example.org, care of Strutt and Parker, 201 High Street, Lewes, BN7 2NR.
Automated decision-making and profiling
Automated decision-making is when a computer or similar electronic system uses personal information to make decisions about people without any human involvement. Profiling is a type of automated decision-making process that takes place when different aspects about a person (such as their behaviour, interests or personality) are analysed in order to make predictions or decisions about them.
The Charity does not carry out automated decision making (including profiling). If that changes we will update this Privacy Notice and notify you in writing (where appropriate).
If at any time you are not happy with how we are processing your personal information then you may raise the issue with the Data Protection Lead in the first instance. If you are not satisfied with the handling of your issue, you may raise a complaint with the Information Commissioner’s Office, which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk.
Changes to this Privacy Notice
This Privacy Notice was published on 5th May 2021. We will update and change this Privacy Notice from time to time to reflect changes to the way we handle your personal data or changing legal requirements. Any substantive changes we may make to our Privacy Notice in the future will be notified to you by email and will be available via our website.