We respect your data. We won’t collect any personally identifiable information without first acquiring your consent to do so. Where we do wish to collect information, we will be explicit in detailing the way your information will be used so you can decide if you are happy for us to do so. We will never supply any of your details to anyone else to use for any other reason.
Visitors to our website
When someone visits our website we use a third party service, Google Analytics to collect standard internet log information. We do this to find out things such as the number of visitors to various parts of our website. This information is processed in a way which does not identify anyone. We do not make and do not allow Google to make any attempt to find out the identities of the people visiting our website without their consent.
We use a third party email provider, Campaign Monitor, to deliver newsletters from time to time. We gather statistics around email opening and clicks using industry standard technologies to help us improve and monitor our newsletter. For more information please see Campaign Monitors privacy notice.
We use a third party service to help maintain the security and performance of our websites. To deliver this service it processes the IP address of visitors to the website. We will only use this information to maintain the security of our own website.
We use a content management system, WordPress, to update and maintain the content of our website. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice.
We use Gmail as our email service provider. Gmail supports Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We keep the details of people who have subscribed to a service on our site as long as they require that service. For example if you subscribe to our email list we will keep your email address to provide you with information that you are interested in. When you unsubscribe we will remove you from this list and no longer contact you.
Access to personal information
We try to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information we will: give you a description of it; tell you why we are holding it; tell you who it could be disclosed to; and let you have a copy of the information in an intelligible form.
To make a request for any personal information we may hold you need to put the request in writing to. Whitehole springs. c/o Data Processing Officer, Whitehole Farm, Whitehole Hill, Radstock BA3 5QE.
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. When we are presented with an ‘erasure’ request we will evaluate each request individually with GDPR compliance in mind.
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller.
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This will be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
Amazon Web Servers / IT
Our website is hosted on a dedicated server with Amazon Web Servers (AWS). As well as giving customers a number of tools and services to build GDPR-compliant environments, AWS has achieved a number of internationally recognised certifications and accreditations. In the process, AWS has demonstrated compliance with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. AWS also helps customers meet local security standards such as BSI’s Common Cloud Computing Controls Catalogue (C5) that is important in Germany. We will continue to pursue certifications and accreditations that are important to AWS customers. Find out more about Amazon’s policy regarding GDPR by clicking here.
Any information you provide during the job application process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.