This website is not directed at children and we do not knowingly collect information about children.
Who we are
- Collected or received when you use our website https://www.spirit-of-swaledale.co.uk (known as the “Site”)
- Collected or received when you make enquiries about or purchase our products and services
- Collected when you use our products and services
“Personal data” means data which is connected to a living individual who can be identified from that data, either by itself or when combined with other data likely to come into the possession of the data controller and can include information collected by certain cookies or tracking technologies.
“Processing” includes a wide range of activity, for example collecting, storing, deleting, using, combining and sharing personal data.
What types of personal data do we collect?
We collect the following kinds of information about you, if you visit any of our Sites, make an enquiry by phone, email, webchat or webform or place an order by any of these or other means:
- Identity data: first name, last name, username
- Contact data: phone number, email address, billing address
- Financial data: we mostly use Stripe and iZettle we do not hold financial data. However we reserve the right to do so in the future may need to collect card details for payment of either goods or ongoing services
- Technical data: internet protocol (IP) address of the computer or device you’re using to browse our Sites, browser name and version, operating system,
- Usage data (our website): information about any of your visits to our Sites, including the full Uniform Resource Locator (URL) web address of any webpages on our Sites that you may view (including date and time of visit); products and services you view; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page
- Usage data (service): if we are providing you with a broadband service, information on the overall amount of data used by your broadband connection in any given month
How do we collect your personal data?
Direct interactions: You may give us your information when you enquire about our services via email, phone, live chat or via any enquiry forms on our Sites. In these events, we will collect identity and contact details from you, so that we can give you the information that you have asked for. We may also collect data by telephone and in one-to-one meetings.
As a matter of ensuring optimum customer service levels, any telephone call you make to us may be recorded on our own secure systems or on those of GDPR-compliant third parties whose services we have contracted to use. The content of such recordings may include personal identity, contact and technical data that you give us. However, at no point will any financial data that you may give us over the phone be recorded.
Automated technologies: As you interact with our Sites, some technical data about your device, browsing actions and browsing patterns is collected. This is done by using services such as Google Analytics.
When you use a broadband service provided by us, we may collect ongoing measurements of the aggregated amount of data (both downloaded and uploaded) passed over your broadband connection throughout each month.
When you make an incoming call into us, the telephone number from which you were calling will be recorded on the systems of our phone service provider.
If you visit any of our office at Greenses Farm, footage of you may be captured and stored on our Closed Circuit TV or similar video systems (“CCTV”). CCTV is primarily used for maintaining the security of our property and premises and for preventing and helping with the investigation of crime.
How we use your personal data
Our primary goals in collecting personal data are to provide you with information about our products and services, to provide you with our products and services, to manage your registered user account, if you have one, and to improve our products.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and what the proper and legal basis for each is, in accordance with applicable data protection legislation. We have also identified what our legitimate interests are wherever appropriate.
Note that we may process your personal data for more than one lawful purpose, depending on the specific purpose for which we are using your data.
|Purpose/Activity||Type(s) of data referred to||Lawful basis for processing including basis of legitimate interest|
|To supply you with information that you have requested||Identity and contact||Your consent|
|To further supply you with information on products or services that we supply in which you have expressed interest||Identity and contact||Legitimate interest (reasonable expectation)|
|To register you as a new customer||Identity, contact and financial||Fulfilment of a contract with you|
|To process and deliver your order including:|
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
|Identity, contact, usage and financial||(a) Fulfilment of a contract with you|
(b) Necessary for our legitimate interests (to recover debts due to us)
|To improve the functionality of our products||Technical and usage||Your consent|
|To manage our relationship with you which will include:|
(b) Asking you to leave a review or take a survey
|Identity and contact||(a) Fulfilment of a contract with you|
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Technical and usage||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
(b) Necessary to comply with a legal obligation
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Technical and usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||Identity, contact, technical and usage||Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To share information as appropriate with applicable law enforcement agencies or regulators.||Identity, contact, financial, technical, usage||(a) Necessary to comply with a legal obligation|
(b) Necessary for our or a law enforcement agency or regulator's legitimate interests (to prevent or detect crime)
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical and Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant to you and for us to communicate to you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods from us or if you provided us with your details when you entered a competition or registered for a promotion and in each case if you have opted into and not subsequently opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by contacting us at the bottom of this page.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If at that time you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at the bottom of this page.
Cookies and other tracking technology
When you visit the Sites, our servers automatically record Technical Data, which your browser sends whenever you visit a website, and Website Usage Data.
This may include information such as your IP address, browser type or the domain from which you are visiting, the webpages you visit, the search terms you use, and any advertisements on which you click. For most users accessing the Internet from an Internet service provider, your IP address will be different every time you log on.
We use this data to monitor the use of the Sites and of our Service, and for the Sites’ technical administration. We do not associate your IP address with any other information to identify you personally, except in case of violation of our Site Terms of Service.
Like many websites, we also use “cookie” technology to better understand how you interact with the Sites and our Service, to monitor aggregate usage by our users and web traffic routing on the Sites, and to improve the Sites and our Service.
A cookie is a small data file that we transfer to your computer’s hard disk. We use the following types of cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our Sites. They include, for example, cookies that enable you to log into secure areas of our Sites, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our Sites when they are using them. This helps us to improve the way our Sites work, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies: These are used to recognise you when you return to our Sites. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies: These cookies record your visit to our Sites, the pages you have visited and the links you have followed. We will use this information to make our Sites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose.
Some of these cookies are “session” cookies and others are “persistent” cookies. A session cookie enables certain features of the Sites and our service and is deleted from your computer when you disconnect from or leave the Sites. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Sites. Persistent cookies can be removed by following your web browser help file directions.
Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Sites.
Except for essential cookies, all cookies will expire after a maximum period of 2 years, although you may manually clear them from your browser at any time.
How we disclose your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table in section 5 above.
- Internal Third Parties: We may share your personal data within the company.
- External Third Parties:
- Service providers: acting as processors who provide IT and system administration services
- Analytics and search engine providers: that assist us in the improvement and optimisation of our Sites.
- Professional advisers: acting as processors or controllers including bankers, lawyers, auditors and insurers based who provide banking, legal, consultancy, accounting and insurance services.
- HM Revenue & Customs, regulators and other authorities: based in the United Kingdom if required to do so by applicable law, or if it is in our legitimate interest to do so.
- Third parties: to whom we may choose to sell, transfer, or merge parts of our business or our assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where we store your data and international transfers
The data that we collect from you may be stored on our secure Internal servers or it may be transferred to and stored at a number of destinations within the European Economic Area (“EEA”).
We may also transfer your personal data to a destination outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
In exceptional circumstances, where there is no option to put adequate safeguards in place, we may rely on one of the derogations provided by Article 49 of the EU General Data Protection Regulation.
Please contact us at the bottom of this page. if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How long we keep your personal data
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, together with any applicable legal requirements.
How we keep your data secure
Swale Life is very concerned about safeguarding the confidentiality of your personally identifiable information. Data collected in the UK is held in accordance with the Data Protection Act. We employ administrative, physical and electronic measures designed to protect your information from unauthorized access. All information you provide to us is stored on our secure servers or on the servers of suppliers that we have chosen to use, all of whom will be fully GDPR-compliant.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your electronically stored personal data to you via email or conspicuous posting on our Sites in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Depending on the circumstances, you have a number of rights under Regulation (EU) 2016/679 (the “GDPR”). You can also exercise your rights at any time by contacting us at the bottom of this page – see more information below on what we will require from you before we can respond to such requests.
- Right to object to direct marketing: You have the right to ask us not to process your personal data for marketing purposes, including profiling (eg. tracking your usage of our Sites) to the extent that it is related to direct marketing. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. Within a reasonable time after receipt and consideration of your objection we will no longer process your personal data for direct marketing purposes. You can exercise your right to prevent such processing by ticking certain boxes on the forms we use to collect your data, or by contacting us at any time.
- Right of access to information: The GDPR gives you the right to find out whether we are processing your personal data and, where that is the case, to receive a copy of the personal data we process and information on:
- why we are processing it;
- the categories of personal data we process about you;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- where possible, how long we plan to keep your personal data or the criteria we use to determine that period;
- information on your rights under the GDPR;
- information on where we received your data from if we did not receive it directly from you, and
- if we transfer your personal data outside of the EEA, details of the appropriate safeguards we have used to protect your personal data and uphold your data protection rights.
We will not charge you for complying with your request and providing you with a first copy. Any further copies may be subject to a reasonable administrative fee. Where your personal data is inseparable from the personal data of others, we reserve the right to redact or withhold it if it will infringe the rights of those third parties.
- The right to withdraw your consent to the processing of your personal data: If we process your personal data on the grounds of your consent, you have the right to withdraw your consent at any time. This will not affect the legality of our processing of your data up until the point at which you withdraw your consent. Please also note that we may still need to process your data on other grounds, for example to fulfil a contract with you or as required by law.
- The right to object to processing of your personal data: You have the right to object to us processing of your personal data if we are using the lawful grounds of ‘legitimate interest’ or are maintaining that the processing is in the public interest. When we receive your objection, we will assess our legal grounds for processing and will stop processing the data if we cannot demonstrate compelling legitimate grounds to continue processing the data.
- The right to request the restriction of your personal data: You have the right to ask us to restrict our processing of (ie. stop using) your personal data if you think that it is inaccurate, that we are processing it illegally, or that we no longer need it for the purposes for which it was collected. While we consider your request, we will stop processing your data within a reasonable time from the date we receive your request. We will notify you of our decision and any justifications for continuing to process your data as soon as we can.
- The right to request amendment or erasure of your personal data: You have the right to request the amendment of your personal data at any time if it is inaccurate. If it is incomplete, you have the right to have the information completed, considering the purposes of processing. You also have the right to require us to delete your personal data as soon as possible where one of the following applies:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw your consent to us processing your personal data and we have no other legal grounds for processing it;
- the personal data has been unlawfully processed;
- the personal data must be erased for compliance with a UK or EU legal obligation on us;
- the personal data relates to a child under 13.
- The right to data portability: You have the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable format. You have the further right to transmit that data to another data controller, if we are processing it on the grounds that you have consented to that processing or because it was necessary in order to perform a contract with you, and if we have no other legal bases for processing it.
- The right to complain to the Supervisory Authority: If you feel that we have processed your data unfairly or unlawfully, you have the right to complain about us to the relevant Supervisory Authority. In the UK this is the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at the bottom of this page.
To the extent that we can and that it is proportionate to do so, we will communicate the amendment, restriction or erasure of your personal data to parties who have already received it and ask them to respect your wishes.
You can exercise any of your rights at any time by contacting us at the bottom of this page. Please state clearly in your email which rights you are seeking to enforce, a full description of the information or type of information that you are writing about, and include details which will confirm your identity, such as your data of birth and a scan of your passport or driving licence. This is so that we can keep your data secure. We aim to respond to your requests as soon as we can and we will keep you informed of our decisions and reasons for those decisions.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Links to External Files and Websites
Our Sites may contain links to external files and websites (e.g. Facebook). The fact that we link to a file or website is not an endorsement, authorization or representation of our affiliation with it. We do not exercise control over third party files or websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personally identifiable information from you. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of other websites you may visit.
Our Policy Towards Children
Our Sites are not aimed at persons under 18. If you are a parent or guardian and you become aware that your child has provided us with personally identifiable information without your consent, please contact us at the bottom of this page. We do not knowingly collect personally identifiable information from children under 18. If we become aware that a child under 16 has provided us with personal identifiable Information, we will delete such information from our files.
Changes to this Policy or to your personal data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We are also contactable by telephone 01748 897240 at any reasonable hour.
You can also write to us at Spirit of Swaledale, Greenses Farm, Muker, Richmond DL11 6DY. It may take us longer to process hard copy letters or requests but we will endeavour to respond to you as soon as we can.