Privacy Policy:We do not sell or pass on any of your personal details for profit or marketing purposes. News and special offers will be updated through the Website and Social Media sites, we will not contact you directly, unless you have accepted that can send you a marketing emails. GDPR (General Data Protection Regulation)GDPR is a new Data compliance law came into EU law on 25th May 2018.VA2 has applied the best practice of GDPR at our venue and on our website On Account Register you will be asked to provide the following details:- Unique User Key (Hidden auto generated by the system) Email address. Account password First Name Last Name Date Of Birth Mobile Phone Number Address Line 1 Address Line 2 Address Line 3 Address Line 4 Address Locality City County Post code On Application Microsoft Account System The website uses a Microsoft Account system in the website, to hold the accounts. This system is used is very robust/secure and is used in many websites. Encryption/Decryption We also encrypt/decrypt alot of your account data on the fly. Site Certificate Our site runs completely over https, which opens a secure encrypted web tunnel from your web browser to our server. The requests and responsese from the website are then transmitted over this tunnel. Post code lookup We use an address lookup system called GetAddress.IO we pass in a post code and it returns all addresses in that postcode. This saves time on you typing information in. You will also be asked to check the following check boxes:- I allow my information to be used in the booking process and used for my visit at the Venue. (Mandatory) This is our legal basis Contract for GDPR. In GDPR you have to outline why we are collecting the information we are. We need this information so that you can book online and visit us. We use your booking to make sure we don’t go over capacity at the venue. For Health & Safety - we are only allowed so many people at events at a specific time. The capacity of an event depends on the type of event. This is all handled by the website. Your safety is our highest priority. I have read and confirmed the Privacy Policy. (Mandatory) This is quite simply that you have read and agreed this notice and you know what your GDPR rights are. I have read and confirmed Terms And Conditions. (Mandatory) You have read and agreed our Terms & Conditions of operation. I consent to being a member of the loyalty scheme. (Optional) By ticking this checkbox, you become a member of our Loyalty scheme. I consent to receiving marketing emails. (Optional) By ticking the checkbox, you are agreeing to receive marketing emails. VA2 won’t spam you but from time to time, we may run a fantastic promotion and if you want us to let you know… By ticking (or unticking) this box, you can opt in or out of marketing emails. You can change this in your account at any time. Our marketing emails are also managed by Mail Chimp, and you can opt ourt of the marketing emails at anytime, by clicking the footer on the bottom of the emails. For GDPR compliance we audit the changes to these checkbox’ and they can be viewed by our Administrators. The aim of this is not for user tracking, but just in case you question why you have received a service when you thought you hadn’t ticked the box. Please be aware out system will send you Booking confirmation emails/SMS when you book. These won’t contain any marketing, they are just information, so you are aware of your booking. When we send you waivers we have removed out the personal information for your security. Once registered you can edit your account. You can change your details and password at any time, under my account details. Forgotten password If you forget your password, then you can go through the forgotten password process when you click login. If our Privacy Policy/Terms and Conditions change over time. On your next login, we will ask you to read and re-confirm that you are happy with them. At this point you can also join/remove yourself from the Loyalty scheme and email marketing We audit this change and can view it in our admin area. As part of GDPR we need to know what version of documentation you signed against. Where else do we use your data? Your hosting is with Storm Internet- https://www.storminternet.co.uk/GDPRStatement GPDR requires that we tell you about every system that can use some or part of your data (Data processors). These Data processors are required to be GDPR compliant:- Taking Payments We pass information to Emerchant pay payment gateway for payment. Email address, 1st name, last name and client address. This saves the user from retyping the info. Emerchant Pay are PCI DSS compliant payment provider. https://www.emerchantpay.com/certifications/ Send Grid The website sends a lot of email, too much for a Google G Suite service so we have to use a different mass email provider. We use Send Grid to send our emails from the system The List of Emails the system sends you are:-
https://sendgrid.com/resource/general-data-protection-regulation-2/ Click Send The website sends SMS texts via Click Send Click Send GDPR statement is here:- https://www.clicksend.com/gb/legal/ Google Workspace We Workspace to send and receive email Google Cloud Services are GDPR compliant. https://www.google.com/cloud/security/gdpr/ Google Analytics Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see relevant section below). Google Analytics makes use of cookies, details of which can be found on Google’s developer guides. For your information our website uses the analytics.js implementation of Google AnalyticsFurther information on Google Analytics and your privacy:- https://support.google.com/analytics/answer/6004245 Google Analytic Opt out Browser Addin In order to provide website visitors with more choice on how data is collected by Google Analytics, Google has developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to stop data being sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not affect usage of the website in any other way. A link to further information on the Google Analytics Opt-out Browser Add-on is provided below for your convenience. Google Analytics opt-out. Google and GDPR:- https://privacy.google.com/businesses/compliance/ CCTV We have CCTV at the venue for safety purposes and it is a requirement of our insurance company. The CCTV records Audio and Visual. MOBILE PHONES Mobile phones or any type of recording devices are not permitted in the club. We value your privacy and it’s always top of our priorities, therefore any recording of visual or voice content is not permitted under any circumstances by members or their guests. Not only that but this is a venue to chat and socialise and get to know people, texting or surfing the net kills conversation. Should you need to have a phone for emergency contact or checking on the kids etc, you are welcome to come to reception and use it. Insurance If you have an accident at the venue and we need to inform our insurance company then we need to pass your booking and account information to our insurance, plus any CCTV footage too. Plus any treatment/action required at the time of the accident. How Long do we Keep the Data for? We keep the account data forever so you can continue to book. However we do anonymise the data as per below:- Bookings we will remove the booking from your account after 22 years and associate it with an anonymous user. So that we can’t trace the booking back to you. Bookings contain waivers. These waivers will be associated with an Anonymous waiver after 22 years. Waivers will expire for use after 12 months. At this point you can create a new user. In GDPR however you do have rights as an individual that overrule the above. These are outlined below:- Police and Fire/Law Enforcement We may need to share your details if a criminal incident occurs or there is a fire. Accessing your data We recognise our responsibility in looking after your data. You can ask us for a copy of the data we hold, have it corrected, sent to a third party or deleted (subject to our need to hold data for legal reasons). We manage this process by executing a Data Subject Access Request procedures in line with GDPR requirements when you contact us. You can request a Data Subject Access Request Form by contacting us: By Post: The Anchor Inn Tempsford Limited, Great North Road, Tempsford, SG19 2AS. Email: info@va2.co.uk Phone: 07794 730330 We will respond within 30 calendar days of receipt of this DSAR. We also reserve the right to increase the response time to three months if we consider the request to be complex and time consuming. If you are not satisfied you have the right to contact the Information Commissioners Office (ICO). The right to rectification;You can edit your account details at any time, by logging into the website and altering the details. You can also alter your consents to the loyalty and email marketing scheme here too. The only thing you cannot edit is your email address. This is for security. But we can edit it for you. If you need your email address changed, then please email info@farpeak.co.uk from the account registered with the system and we can change it for you. the right to erasure; If you want your account and waivers to be removed from the system then we can do that for you. Please email info@va2.co.uk from the account registered and we can start the process of removing you from the system. the right to restrict processing; As per above you can remove consents from email and loyalty system. We can also mark your account as inactive. So that no one can log in or use your account. Please email info@va2.co.uk with your request from the account that is registered. the right to data portability; You can download some of your own account information from the My Account area of the system. If you require any other data then please email the request to info@va2.co.uk the right to object; You have the right to object to any processing undertaken for the purposes of direct marketing. We will stop processing for direct marketing as soon as we receive your objection. the right to not to be subject to automated decision making including profiling; We do not supply the information we hold to third parties for use in analysis or prediction. Data Breaches As per GDPR we have a process in place and would follow the GDPR process notifying you if any data breach affected your data. We will do this in 72 hours of identifying the breach. Our website uses Cloud Flare to help protect against illegal activities on our site, by hackers and 3rd parties to alleviate breaches. Or encryption of data also helps protect our systems against a breach. All Staff have signed a Non-Disclosure Agreement (NDA) to protect your personal data More information can be found here: - https://www.cloudflare.com/ We also have our internal security policy for our staff on how to keep your data secure on electronic devices or any paper based information. Cookies and Privacy Cookies are small files that are downloaded to your browser from the website. Far Peak use cookies on our website, these cookies though are only used for authentication and to make our website function correctly. Google Analytics uses cookies too. But we don’t use cookies in any malicious way. The website will not function correctly without using cookies. Any future development If we develop our systems any further we shall adopt a data protection by design model. We have done from the start and shall continue to do so. Questions and further contact If you have any questions or require any further information. Then please contact us below:- info@va2.co.uk or use the contact form at Data Authority Our GDPR Data authority is:- ICO https://ico.org.uk Under GDPR you have the right to contact ICO at any time. But if you have any issues then please bring it to our attention first. |