We have adopted the measures that we believe are necessary to comply with the Data Protection Act 1998 and we are preparing for the act’s replacement, which will fully embed the General Data Protection Regulation into UK law.

We have also adopted the measures that we believe are necessary to comply with the Privacy and Electronic Communications Regulations 2003. This law sets out an additional set of rules that we must follow whenever we communicate with you via our website or by telephone, fax, email or text message.

Protecting your data

We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. These protective measures include:

Not collecting personal data that we don’t really need
Destroying or anonymising personal data securely when we don’t need it any more
Only allowing our staff and our suppliers to process the personal data they need to carry out their duties
Encrypting personal data to render it useless to anyone who is not authorised to access it
Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
Binding our suppliers and partners to the same standards and duties of care that we hold ourselves to
Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better

Being accountable for what we do

As well as the security measures mentioned above, we make sure that The White Hart Atworth does the right thing the right way whenever we’re processing personal data. This  includes a Data Protection Officer, who can be contacted using these contact details.

There are a set of checks we apply to make sure we process personal data fairly and transparently. These include:

Providing you with clear and accurate information about why we need your personal data, what we do with it and how long we keep it for
Checking that our business interests don’t unfairly or unreasonably impact upon you or your rights
Identifying personal data processing risks and reducing them to an acceptable level
Responding honestly, clearly and promptly to enquiries we receive from you or from the Information Commissioner’s Office

Responding to your questions

When you notify us that you want to exercise any of your rights, we will acknowledge your request as soon as possible and ask for any information we may need to verify your identify: if we don’t already know who you are, we will ask you to send us a copy of your passport or photo-card driving licence, so that we can check your name, address and signature.

Once we have confirmed your identity, we will validate your request then gather together the information we need to be able to respond fully to it.

Whilst we always try to carry out this work as quickly as possible, it may take us up to 30 days to respond to you in full. If your request is particularly difficult to respond to, we may ask you for any further information that will help us respond more quickly, or ask you if there is some information that you want particularly urgently. We may also respond to your request in phases, as relevant information becomes available.

If we cannot satisfy your request within 30 days, we will write to you to tell you why, and when we expect to be able to provide you with a full response. If for any reason we decide that we should not respond in the way you have asked us to, we will provide you with our decision and our reasons for reaching it within 30 days.