W F Fabry Estate – Registered Charity no 272753
Effective from 25th May 2018
Reference to “the Charity” or to “we/us” means the W.F.Fabry estate which is the data controller in respect of any personal data you provide to us or which we hold about you and any personal data which is processed in connection with the services we provide to you.
The Charity owns the property 1 The Esplanade Minehead which is divided into six flats and also four flats in 2 The Esplanade. All except the flat occupied by the managers are used for holiday or longer stay accommodation.
The Charity collects and processes personal information/personal data, in connection with the letting of its flats whether for holidays or longer term occupation. The information may be held on paper or in electronic format.
The Charity is committed to meet its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to inform you why we will collect and use your personal information both during and after your stay with us.
We are required under the GDPR to notify you of the information contained in this privacy notice.
This privacy notice does not form part of any contract for accommodation with us.
Data protection principles
Under the GDPR, there are six data protection principles that the Charity must comply with. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
The Charity is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
Under article 6 of the GDPR rules, there are six legal bases for personal data processing. In summary, these are:
- Consent (which must be informed consent)
- Contractual: data processing is necessary owing to a contract with the individual.
- Legal obligation: processing is necessary to enable the data controller to comply with the law.
- Vital interest: processing is necessary to protect someone’s vital interest, e.g. life or property.
- Public interest: the data controller has to perform a task in the public interest which task has a clear basis within the law.
- Legitimate interest: processing is necessary for the data controller’s legitimate interests (or those of a third party) unless the requirement to protect personal data overrides those legitimate interests.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be
directly or indirectly identified. It doesn’t include data from which all identifying particulars have
- your contact details, including name, address, telephone number and e-mail addresses
- age profile
- your arrival and departure dates, number and type of guests, any special facilities required, the rent for the flat and the rental agreement.
The charity does not retain any bank or debit/credit card details. Payment is made by bank transfer or by cheque. We do not accept debit or credit cards because we do not have the necessary credit or debit card machine to enable us to do so. The bank details of payments made electronically to our bank account are not disclosed to us by our bank and we do not keep a copy of cheques. Save in exceptional circumstances, the charity does not have any bank or similar details for our guests.
The charity would not usually expect to ask for or require information which might be considered sensitive, (such as racial or ethnic origin, political opinions or sexual orientation).
How do we collect your personal information?
The Charity will collect personal information from any letters or e-mails you may have sent us and from any telephone conversations or any other form of communication (including face to face contact when you are staying with us or at any other time) we might have had with you If you are going to be staying with us, you will be asked to complete a booking form which may contain further personal information and which we consider would form part of your personal information.
Some personal information may be stored on hand written notes (particularly if you telephone the office) or in respect of any requests or notes made during your stay.
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. In practice that usually only means for us to contact you and for our own statistics.
We will use your personal information in one or more of the following circumstances:
- Where we need to contact you to discuss the details of your visit or any matters arising from your booking (both before and after your visit).
- To contact you with details of our prices for the following year (or any other period) and any other relevant information which we think might be of interest to you including general promotional activities.
- In the event of a legal requirement, e.g. court order or similar.
We do not share your data with, or sell, your data to any other organization.
Change of purpose
The charity will only use your personal information for the purposes for which we collected it, i.e. the running of the business of holiday flats and longer term accommodation at the charity’s property in Minehead. If we need to use your personal information for a purpose other than that for which it was collected, we will attempt to notify you in advance, explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information.
Who has access to your personal information?
Your personal information is accessible within the Charity but is limited to the manager, office manager and to the trustees of the charity. It is not available to any other employees of the charity or any third party.
How does the Charity protect your personal information?
The information is stored on the charity’s computer(s) at its office at the charity property in Minehead.
The Charity undertakes usual office security to protect the security of your personal information.
The Charity would not be aware of any suspected data security breach but should one come to our attention, we will notify the Information Commissioner’s Office, the Charity Commission, any other applicable supervisory authority or regulator and you, of a suspected breach where we are legally required to do so.
Please be aware that e-mails and internet transmissions are not particularly secure and the Charity cannot be responsible for the security of information sent to us or by us electronically or in fact by post or any other method over which the charity has no control.
For how long does the Charity keep your personal information?
The Charity will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any private contract with you.
The Charity will generally hold your personal information for the duration of your contractual agreement with us and electronically for up to 7 years after as a record in case of any issues issues.
At the end of that period, information which is no longer required will be deleted from the Charity’s computer (but that deletion does not include physical destruction of the computer hard drive).
Your rights in connection with your personal information
In view of the limited amount of personal information retained for you, you might not feel the need to keep the Charity informed of changes to your personal information e.g. change of address. The Charity cannot be held responsible for any errors in your personal information unless you have notified the Charity of the relevant change.
As a data subject, you have a number of statutory rights. Subject to the conditions within the regulations, you have the right to:
- request access to your personal information – this is usually known as making a data subject access request. It enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability – this gives you the right to request the transfer of your personal information to another party.
If you wish to exercise any of these rights, please contact the Charity. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact the Charity. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that the Charity has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
Automated decision making
Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention; we do not use these systems.
Changes to this privacy notice
The Charity reserves the right to update or amend this privacy notice at any time. In that event, we would attempt to notify you of any significant changes by e-mail and will amend the privacy notice on our website.
If you have any questions about this privacy notice or how we handle your personal information, please contact the Manager at the Baptist Holiday flats or e-mail [email protected]
Pages located on the secure.supercontrol.co.uk domain are powered by the SuperControl booking system.
First-party cookies are set by the website you are visiting. Only that website can access this data.
Third-party cookies are cookies that are set by external services. Such cookies are set if a website uses external services and such services needs to store some information.Cookies can be temporary or presistent. Temporary cookies are deleted automatically when you quit your browser. An example of temporary cookie can be a session cookie. Persistent cookies are not deleted automatically when you quit your browser and can be stored for a long time. Such cookies are usually used to store user preferences.
First-party cookies that are created by SuperControl:
- cookies that names starts with ASPSESSIONID: such cookies are created by our web servers to store session ID;
- sc_pp: this cookie holds some values related to the payment process;
- scenq: this cookie is used to store information related to potential errors that occurred;
- test: this cookie is used to check if cookies are enabled in the browser;
- csrf_token: this cookies contains random token that is used as an additiona security measure. Such cookie is created only for selected sites;
- savebooking_: this cookie is used to store short information related to booking, to pass this data between the web requests.
Third-party cookies that can be created by third parties:
- cookie __cfduid=: this cookie is created by CloudFlare. Such cookie can be created if a website uses third party components that are loaded from remote resource protected by Cloud Flare. Such cookie is created occasionally.
If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies.
Information on deleting or controlling cookies is available at www.AboutCookies.org.
In order to get more detailed control over site-specific cookies, you need to check the privacy and cookie settings in your preferred browser.
Most of modern browsers allows user to change the preferences to block certain type of cookies or all cookies. There are also browser add-ons available that allow user to have more granullar control over the cookies.
Updated August 2021.