On the 25th of May 2018, the current Data Protection Act (“DPA”) will be replaced by the General Data Protection Regulation (“GDPR”) . This document details how Homewood Leisure will store and process client information. This act applies to information stored on individuals.
Homewood Leisure will be responsible for ensuring such data is kept secure, processed fairly and in line with the GDPR principles.
2.0 Data Categories
Information can be categorised into four basic categories, information stored or processed may come under one or more of these categories.
2.1 Contractual Data.
Information that is stored under this category is required in order for you to trade with Homewood Leisure. Often information is this category will be stored or processed to comply with legal and legislative obligations.
Without this information Homewood Leisure it may not be able to process quotes, sales or offer warranties on the products supplied. The minimum amount of information will be stored for this category. In general, this would be limited to name, address, contact details.
2.2 Personal Data
Data in this category is any item that could identify you as an individual. Data of this type would be information such as telephone numbers, email addresses, images or videos.
This data is often used for marketing purpose but may also include such information as required for credit or lease agreements
For example, Homewood Leisure may require your details for sales and warranty purposes (Contractual) , but you may forbid them using it for marketing purposes.
2.3 Sensitive Data
Information in this category will often be related to items referred to as “special categories of personal data”.
This data can include (but not be limited to) information of race, religion, ethnicity, political opinions, trade union membership, biometric data.
Homewood Leisure does not store this form of data relating to clients.
2.4 Confidential Data
Some data is personal in that it comes under section 2.2, but may also be classified as confidential, this information if used incorrectly be used for fraud or identity theft. Bank or credit card details are an example of this
Homewood Leisure limits the amount of data stored under this category to what is needed with regards to contractual arrangements.
For transactional arrangements, such as payments, Homewood Leisure will only store this information for as long as it is required for the transaction to be processed.
3.0 Information Processing
Homewood Leisure will only use the information stored as agreed with you the individual.
3.1 Information we hold on you.
Personal information we may hold on you includes:
Products supplied and installed.
Service agreements you hold with Homewood Leisure
Credit information (credit rating, details of monies you owe to Homewood Leisure)
Incoming phone conversations
CCTV for security at our sites
Data collected will be relevant for the purpose for which it is intended. No data will be collected that is superfluous to Homewood Leisure. Should you provide such information, it will not be recorded.
Periodically Homewood Leisure will attempt to contact you to ensure the data held is still current and valid. Should no response be received it will be deemed incorrect and removed from the systems.
3.3 What we use your data for.
Some personal details have to be provided in order that Homewood Leisure can provide you as consumer services or products.
Phone calls to Homewood Leisure are recorded for Training or Sales delivery. They may be used in the event of a complaint, to confirm a verbal product order or quote. You will be informed when you call that your call will be recorded. You may ask for this service to be disabled.
3.3.1 Contractual Services
Homewood Leisure uses your data, as listed in section 2 for the following contractual purposes without which we can not provide a service to you.
Quotes and supply of products
Manage service level agreements
Processing payment and credits
Record keeping detailing:
Management of accounts and auditing
Updating your records
Share information with business partners such as insurers, credit, or lease agencies
3.3.2 Services requiring consent
Your information may be used for the following marketing services if you have agreed to them:
Provide personalised service and products
Records of marketing correspondence
Product testing and the results of such testing.
3.4 Sharing of information
Homewood Leisure will only share your data with third parties where appropriate, and, only those with which Homewood Leisure has an agreement with.
Some services for processing of payments, online shops invoicing are outsourced. These companies will be abiding with the GDPR principles.
Services such as lease, loan or credit applications will require additional confirmation before applications can be made, and, will require a transfer of your personal details such as are required for your application
Where it is in Homewood Leisure legitimate and legal interest to pass details to third parties they will do so, this includes (but is not limited to):
Tracing your whereabouts (to recover debt)
Warranty purposes such as product recalls
4.0 Access to data
All requests will be processed in less than 40 days unless there is excessive information, you will not be notified if this is the case.
4.1 Request for Information
You have the right to obtain a copy of information Homewood Leisure holds on you. This information will be provided free of charge, however we may be entitled to charge a ‘reasonable’ fee if the request is excessive, or if you request copies of the same information. This does not mean Homewood Leisure can charge for all subsequent access requests.
If charged the fee will be based on the administrative cost of providing the information.
You will need to provide the necessary information to allow the information to be collated. Depending on you request this may include one or more of the following:
4.2 Right to be forgotten
You have a right to have your information removed from Homewood Leisures system, or to amend the data processing agreements you have in place.
You may withdraw your consent for services at any time by contacting Homewood Leisure using the details below.
Homewood Leisure reserves the right to retain information where it relates to contractual, legal or legislative purposes.
We may be entitled to charge a ‘reasonable’ fee if the request is excessive. This fee will be based on the administrative cost of removing your information.
Homewood Leisure will inform once you data has been removed or the reason for denial should Homewood Leisure require your information as in section 5.
5.0 Data retention
Data will be kept while there is a requirement to do so based upon the following:
a) Business need, we are still providing you with products or service
b) Liability, information will be kept as long as there is possible claim against Homewood Leisure
c) Legal or Legislative requirements as laid down in law or governance.
6.0 Legal Obligations
Homewood Leisure will comply with with law enforcement agencies, courts and other government agencies as detailed in the GDPR principles.
7.0 Data protection Principles
Homewood Leisure will abide by the following data principles.
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
a. at least one of the conditions in Schedule 2 is met, and
b. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
(Source: Information Commisioner, available at https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/ , accessed 4th May 2018)
8.0 Contact us
If you have any questions or wish to opt in, opt out of marketing or discuss your how your data is processed we can be contacted at:
Homewood Leisure Limited,
Unit 4, Old Broad Oak Farm Business Centre,
Udimore Road, Broad Oak,
Telephone: 01424 883352
9.0 Revision History