Privacy Policy & Cookies

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). The governing body is the Information Commissioner’s Office (the “ICO”).

Hever Castle Ltd and Hever Castle Golf Club Limited (“We” and “Hever Castle Estate”) are committed to protecting and respecting your privacy.

This policy (together with our terms of use Terms of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and stored. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.

Who we are

For the purpose of the “GDPR” the data controller is:

• Hever Castle Ltd of Hever Castle, Hever, Kent, TN8 7NG (registration number 1479520)
• Hever Castle Golf Club Ltd of Hever Castle Golf Club Limited, Hever, Kent, TN8 7NP (registration number 2677760)

How we process your data

We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

The purpose(s) for which we use your personal data

We use your personal data for the following purposes:

• To enable us to provide a service or fulfil a booking, order, service or contract
• To administer membership records
• To maintain our own reports, accounts and records
• To inform you of news, events, activities, offers and services available on the “Hever Castle Estate”
• To make improvements to our products and services

As a Castle & Gardens Visitor
We collect and use your personal data in order to enter into, administer and manage your visit(s) including managing and performing the underlying contract with you.

We may also ask you to answer some questions or complete surveys that we use for research purposes, although you do not have to respond to them.

We will only send you marketing and promotions if you provide consent to do so.

As a Castle & Gardens Annual Member
We collect and use your personal data in order to enter into, administer and manage your visit(s) including managing and performing the underlying contract with you.

Where you purchase an annual membership this includes monitoring your admissions and purchases in our shops and catering facilities.

We will send renewal reminders to your email address. You can opt-out of receiving these from the link in the footer in your emails.

We will only send you marketing, promotions and advance notice of priority booking if you provide consent to do so.

Retail Activities
Through our Online Shop and on other occasions we may collect and use your personal data to enable us to enter into, administer and perform a contract with you when you buy goods or services from us.

We will only send you marketing and promotions if you provide consent to do so.

Visitor Events (i.e. Christmas)
We collect and use your personal data to enable us to enter into, manage and administer a contract with you when you come to our events.

We will only send you marketing and promotions if you provide consent to do so.

Catering Based Events (i.e. Mother’s Day & Afternoon Teas)
When you choose to book for a catering based event we will process your personal data in order to enter into, administer, manage and perform that contract with you.

We may, for specific events, also ask to process limited dietary data as part of your attendance and participation in such events.

Please note that we will pass your personal data including your name, telephone, email, event(s) booked, to our catering partner (Leith’s) for the purposes of performing our contract with you only.

We will only send you marketing and promotions if you provide consent to do so.

Accommodation Services
We collect and use your personal data to enable us to enter into, administer and manage our contract with you when you book accommodation services with us. This includes using your personal data to administer and manage your booking with us.

We may also ask you to answer some questions or complete surveys that we use for research purposes, although you do not have to respond to them.

We will only send you marketing and promotions if you provide consent to do so or you are a Dine & Stay customer/enquirer to whom we will send priority booking notices.

Hospitality Functions: Conferences/Weddings/Private Dining
We collect and use your personal data to enable us to enter into, administer and manage any hospitality bookings or arrangements including the underlying contractual arrangements between us.

If you are visiting us as a hospitality attendee, we may collect and use your personal data to manage your visit/attendance.

We may ask you to answer some questions or complete surveys that we use for research purposes, although you do not have to respond to them.

We may also ask to process limited dietary data as part of your attendance and participation in such events.

If your event is taking part at the Hever Castle Ltd address we will pass your personal data including your name, telephone, email, event(s) booked, to our catering partner (Leith’s) for the purposes of performing our contract with you only.

We will only send you marketing and promotions if you provide consent to do so or you are a previous customer/enquirer to whom we will send priority booking notices.

Golf
We collect and use your personal data to enable us to enter into, manage and administer a contract with you as a golf member of Hever Castle Golf Club or as a visiting player.

If you are a member you will get the opportunity to sign up to receive our exclusive membership portal and emails.

If you are a member who is eligible for Castle & Gardens membership or discount we will, with your ‘consent’ share your data with processors at Hever Castle Ltd.

We will only send you additional marketing and promotions if you provide consent to do so or you are a previous customer/enquirer to whom we will send priority booking notices.

The Waterside

We collect and use your personal data to enable us to enter into, administer and manage any table or hospitality bookings.

If you are visiting us or planning to visit us, we may collect and use your personal data to manage your visit/attendance.

We may ask you to answer some questions or complete surveys that we use for research purposes, although you do not have to respond to them.

We may also ask to process limited dietary data as part of your booking.

We will only send you marketing and promotions if you provide consent to do so or you are a previous customer/enquirer to whom we will send priority booking notices.

CCTV Usage
Please note that on the “Hever Castle Estate” we use CCTV and surveillance cameras which capture personal data about visitors to our site. This is for the prevention and detection of crime and for protecting the safety and security of our visitors, guests and staff whilst at “Hever Castle”.

Marketing and Promotions
We may use your personal data to provide you with marketing information including news, events, activities, offers and services on the “Hever Castle Estate”.

Please note that we will only do this where you have given us your specific consent to do so. This will be done if you have opted in to receive email communications at the point of registration or making your booking.

You can manage your email marketing preferences by clicking on the preference centre link in the footer of our emails. Alternatively, you can enter them at any time by going to the preference centre on our website or by emailing [email protected].

We may invite you to complete surveys or provide us with feedback. You can choose not to take part.

We do not share your information with any other third party for marketing purposes unless disclosed at the time of opt-in.

Test and Trace

To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing. You can learn more about the data we are collecting for this purpose here.

How long do we retain your information?

We will only retain your personal data for a reasonable period; after you have stopped being an active prospect, customer or supplier and as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy and you can request a copy of by contacting us at [email protected].

Information we may collect from you

We may collect and process the following data about you:

Information that you provide

  • Information that you provide us by filling in forms on our sites or by corresponding with us by telephone, email or otherwise.
  • This includes information provided at the time of signing up to receive our newsletter, making a booking, subscribing to our membership, making a purchase on our online shop, enquiring about a job role or requesting information on other products and services.
  • We may also ask you for information when you report a problem or have a complaint.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • If you contact us, we may keep a record of that correspondence.
  • The information you may give us may include your name, email address, postal address and telephone number and financial and credit card information

Information that we collect about you on our websites – IP Addresses and Cookies

With regard to each of your visits to our site we may automatically collect the following information:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.This information enables us:
  • To estimate our audience size and usage pattern
  • To recognise you when you return to our site
  • Make improvements to the customer experience
  • Understand which promotional tools are successful

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

By visiting this or any of our websites (also referred to as “sites”) you are accepting and consenting to the practices described in this policy.
This policy only applies to our website. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.

Information we share with other sources

We share your personal data between Hever Castle Ltd and Hever Castle Golf Club Limited. Hever Castle does not share your information with any third party company or organisation other than those listed below and for the purposes stipulated. Other categories of the recipient of the personal data you provide to us are:

Our insurers where necessary in connection with our insurance cover and provision.

We may pass your personal data to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you that we have agreed to provide.

When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and in to keep in accordance with the requirements of the “GDPR” and not to use it for their own direct marketing purposes.

We may transfer your personal information to a third party as otherwise permitted by the “GDPR”, for example to our legal advisors or in order to comply with a legal requirement or obligation placed on us by law.

We may transfer CCTV to a third party security organisation (e.g. Police) in respect of any connection with a crime or security issue.

Information we receive from other sources

There are certain third parties with whom we have to work closely (including, for example, business partners, professional advisers, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and we may receive information about you from them.

If we are doing business with you, we may have to conduct due diligence on you, for example where we are under a legal or regulatory requirement.

We may combine information we receive from other sources with the information you give to us and information we collect about you.

We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Where we store your personal data

We do not store or transfer your personal data outside of the European Union.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Any payment transactions taken via our website or card machines will be encrypted.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Uses made of the information

We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service when you choose to do so.
  • To notify you about changes to our service.

Automated decision making and profiling

We do not currently use automated decision making systems or profiling.

Disclosure of your personal information

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Your rights

Unless subject to an exemption under the “GDPR”, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data;
  • The right to lodge a complaint with the Information Commissioner’s Office.

Further details on these rights, when they apply, how to exercise them and the exemptions and wider rules and requirements that apply to such rights. Please visit the Information Commissioner’s website at ico.org.uk

Raising concerns

If you are unhappy with how we are using your personal data we would encourage you to raise this concern with our Data Protection Officer.
You have the right to lodge a complaint with the Information Commissioner if you are unhappy with how we are handling our data protection obligations, please visit the Information Commissioner’s website at ico.org.uk

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. This policy was last updated on 17th May 2018.

Get in touch

Questions, comments and requests regarding this privacy policy should be addressed to [email protected].

Contact:

Tel: +44 (0)1732 861710
Email: [email protected]