Our GDPR Statement
The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018, bringing with it significant changes to data protection law. Focusing on an individuals privacy, the GDPR has been designed to meet the challenges of the digital age. With an increased use of technology in our daily lives, new definitions of what constitutes personal data, and what constitutes cross-border processing and how it is handled is what the GDPR looks at to help protect the privacy of information, by standardising data protection laws and processing across the EU. This is to afford individuals stronger, more consistent rights to access and control their personal information.
PHB(NW) Ltd t/a Acorn Leisure and Maes Mynan Park is committed to ensuring the security and protection of all personal information that comes into its possession, by providing a compliant and consistent approach to data protection across the organisation. We always strive to ensure we have an effective data protection program in place.
How We Comply with GDPR
Policies & Procedures –
- We review data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws.
- Data protection – Privacy is paramount. Accountability and governance measures are in place to ensure that all employees understand and adequately disseminate and evidence the company’s obligations and responsibilities to maintaining privacy rights of individuals.
- Data retention – we only store data for minimum periods wherever possible so that personal information is stored, archived and destroyed compliantly and ethically.
- Data breaches – Should we experience a data breach, procedures are in place to remedy and ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
- An individual’s request for their personal information/data – we work to a 30-day timeframe for responding and providing requested information and for making this provision free of charge. Our process includes obtaining identification before the release of any data to an individual as per their request. Exemptions apply if it is a matter of law not to release.
- Keeping records of requests for information – Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR are met.
- Privacy notice/policy – we have reviewed our Privacy Notices to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information
- Obtaining consent – we have consent mechanisms in place for obtaining personal data, ensuring that individuals understand what they are providing, why and how it will be used, giving clear, defined ways to consent to us processing their information. We have processes for recording consent and have an affirmative opt-in, along with time and date record, and an easy to use process to withdraw consent at any time.
- Direct marketing – we have shared the information required for alerting individuals and users of the website about direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out; and providing unsubscribe features on all subsequent marketing materials.
Data Subject Rights – An individuals rights if we hold any data on them
In addition to the above, we have highlighted procedures that ensure individuals can enforce their data protection rights easily and how they can exercise their rights to access any personal information/data that Acorn Leisure holds or processes about them – this includes: –
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request destruction of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organisational Measures
Acorn Leisure takes the privacy and security of an individual’s personal information very seriously and ensure reasonable measures and precautions are in place to protect and secure the personal data that we hold and process.
We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
- Remote access to systems and data is over an SSL encrypted connection
- Users only have access to data they need for their role
- Having a password policy in place
GDPR Roles and Employees
Acorn Leisure has designated Louise Barlow as their Data Compliance Manager who is responsible for reviewing data privacy, introducing procedures and implement compliance measures across the organisation. She is also responsible for promoting awareness of the GDPR across the company to all employees.
How to contact us
Data Compliance Manager
PHB(NW) Ltd T/A Maes Mynan Park
Maes Mynan Park
Maes Mynan Park and Acorn Leisure are trading names of PHB(NW) Ltd. Company Registration Number 4121335.VAT number 762824122. Registered office is at 32 St. Asaph Business Park, St.Asaph, Denbighshire, LL17 0JA.