1 Who We Are
Knitsley Grange Farm Shop Ltd (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Knitsley Grange Farm Shop Ltd’s registered office is at David Scott And Co, 15 Staindrop Road, West Auckland, Bishop Auckland, County Durham, DL14 9JU and we are a company registered in England and Wales under company number 06513174.
We act as the data controller when processing your data and our designated Data Processing Officer is Mrs. Karen Whaley, who can be contacted at Administration Office, Knitsley Grange Farm Shop Ltd, East Knitsley Grange Farm, Knitsley, Consett, County Durham, DH8 9EW.
2 Information That We Collect
Knitsley Grange Farm Shop Ltd processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
2.1 Loyalty Card Scheme
If you make a Loyalty Card Application the personal data that we collect from your completed form is:
First & Last Name
Home Address & Post Code
A tick box Opt-In Consent which allows us to send you our Newsletters with your exclusive offers
Optionally you can choose to/or not to provide the following additional information
o Dietary Requirements
o Whether you have Children or Grand Children
o Day of Birth (Birth Day & Month)
In signing the Loyalty card application form you are giving “affirmative consent” for us to hold your details in our Loyalty database system and to send email Newsletters to you if you tick the Newsletter Consent Opt-In box.
Once the Loyalty card has been received, and is in use by you, points are accrued for the value of products purchased during each shopping/café visit and these may be used to discount the cost of future purchases that you make. The Loyalty points system interacts with the shop and Café terminals storing the following information about your purchases:
Stock Product Line Purchased
Order Number off/Unit Quantity sold
Date of Purchase
This information is referred to whenever there are any queries about the number of points a customer has accrued and how they were accrued. This information is never used to try to sell or offer you specific or tailored products based on your buying preferences and it is never divulged to 3rd parties.
This information may be aggregated with the information from other Loyalty customer purchases to provide anonymised overall trend analysis which assists us with product stocking requirements when combined with other market trends and trading conditions.
2.2 Special Christmas Ordering & Collection Service
In the 6-8 weeks leading up to Christmas Knitsley Grange Farm Shop Ltd offers a special service that allows you place your Christmas order in advance so that it is freshly provisioned and ready for collection, at a time of your choosing, within the 2-3 days immediately prior to Christmas or New Year’s day.
You place your order by filling out one of our Christmas order forms and submitting it to us along with a non-refundable £15 deposit. In the process of doing this you supply the following personal information:
First & Last Name
Preferred Collection Date and Time Slot
Your Christmas/New Year Ordering Provision Details.
If you provide an email address then a copy of your Order Details will be emailed back to you as a confirmation it has been entered onto the system. This provides you an opportunity for order review.
The system is only in operation for the 6-8 week time period leading up to Christmas and the New Year and after that the details will be are erased from the computer system. Only a paper record is retained as a courtesy to customers who request to repeat their order the following year but can’t remember it.
We process this personal information purely in the “performance of the contract” to ensure that your Christmas order is provisioned and packed ready for you to collect on your chosen Date and Time slot.
2.4 Online Customer Account & Web Site Ordering
In order to be able to place orders on Knitsley Grange Farm Shop Ltd’s web site you must first create an online customer account which requires the personal information to be collected:
First & Last Name *
Email Address * (** also used as the account User Login Name that is created)
Full Home Address with Post Code
Password & Re-Confirmation
A Tick Box to provide “affirmative consent” to be Subscribed to our Newsletter
A Captcha box to ensure that the information is being provided by a human not a web robot
(* Denotes required entries that must be supplied for the registration to succeed)
We process this personal information purely in the “performance of the contract” to ensure that your online order is provisioned and packed ready for you to collect when agreed or if appropriate sent out to you by post in the case of gift cards. A record of your order is retained on the system.
The site does not store any of your payment card details. All payments are made through a PayPal’s payment gateway see https://www.braintreepayments.com/en-gb/legal/braintree-privacy-policy .
2.5 About Cookie Files
Cookie files, commonly referred to as Cookies, can be used by web servers to identity and track users as they navigate different pages on a website and identify users returning to a website.
Cookies contain an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies; a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
3 How We Use Your Personal Data
Knitsley Grange Farm Shop Ltd takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice.
Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data are detailed below: -
We collect your personal data in the "performance of a contract or service" and to ensure that orders are completed and can be collected or sent out to your preferred address.
We collect your personal data when you make a signed Loyalty Card Account application to us and optionally Opt-in to our Newsletters processing both on the basis of "affirmative consent".
We will use your personal data to send out Newsletter Emails on an approximately quarterly basis but only provided that you have requested them on the basis of "affirmative consent".
4 Your Personal Information Rights
You have the right to access any personal information that Knitsley Grange Farm Shop Ltd processes about you and to request information about:
What personal data we hold about you
The purposes of the processing
The categories of personal data concerned
The recipients to whom the personal data has/will be disclosed
How long we intend to store your personal data for
If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure. Valid forms of identity verification would include official photographic identity documents along with address confirmation details on bank statements or utility bills.
5 Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
Knitsley Grange Farm Shop Ltd uses 3rd Party Data/Technical Support Processors to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
5.1 The EPOS Bureau Ltd
We use The EPOS Bureau Ltd to provide and support our Eureka retail system which provides our front of house point of sale terminals in the shop and café, our Loyalty card system, product labeling and ordering functions. Their 3rd party technical support function is to keep the Eureka system up to date and running properly/efficiently along with responding to any perceived or actual system malfunctions.
5.2 Lyle Interim Management
We use Lyle Interim Management to provide a fractional IT Manager Service that advises on and supports all aspects of our back office computer systems and networks, web site activities, internal and internet security and regulatory compliance for card payment systems and GDPR privacy information.
They are not involved in day to day processing of customer personal information but are involved in transferring personal information between the Loyalty system and the web site hosted Newsletter email broadcasting system on a periodic basis.
6 Safeguarding Measures
Knitsley Grange Farm Shop Ltd takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: -
Business level anti-virus/malware protection for all Desktop & Server Systems
Email Server Provision uses SSL/TLS encryption for all service port communications
Secure passwords used for IT authentication, access rights and restricted application menus
Restricted access to information utilising network separation and restricted share mappings
Firewall based network separation using Routing, Rules, IP restrictions & port based VLANs
Encryption of all data hosted on remote backup services
7 Data Transfers
Knitsley Grange Farm Shop Ltd like many companies makes use of certain Cloud based data services in the course of its daily operations. GDPR broadly considers them under two headings:
7.1 Data Transfers to Services within the European Economic Area
Data transfers to Cloud Services take place using the following providers hosted within the EU
The EPOS Bureau – Encrypted Eureka Retail System database backups (includes Loyalty data)
Adobe Business Catalyst – Newsletter Mailing List to support Newsletter Email Broadcasting
All of the above suppliers have supplied us with GDPR compliant DPA Agreements/Addendums.
7.2 Data Transfers to Services outside the European Economic Area
Knitsley Grange Farm Shop Ltd utilise some products or services (or parts of them) that may be hosted/stored in non-EU countries, which means that we transfer certain classes of information outside the European Economic Area ("EEA") for the purposes given below: -
DropBox – Encrypted office network remote backups and H&S processes & procedures
DropBox hosting services comply with specific GDPR compliant EU-U.S. Privacy Shield Frameworks as detailed here: https://www.privacyshield.gov/.
The Privacy Shield framework is designed to ensure that hosting providers use the necessary level of protection for your information and abide by strict International agreements and measures in order to protect your data and comply with GDPR’s data protection laws and requirements.
8 Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Knitsley Grange Farm Shop Ltd , however, where this information is required for our Loyalty Scheme , Christmas Ordering, Web Site, Newsletter or for special event bookings, we will not be able to offer some/all our services without it.
9 How Long We Keep Your Data
Knitsley Grange Farm Shop Ltd only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations.
Where you have consented to the use of your details in connection with our Loyalty Programme or our Newsletter mailing list, we will retain such data until you notify us otherwise and/or withdraw your consent.
10 Making a Subject Access Request (SAR)
You can use the following link SAR form to download a "Subject Access Request Form" directly or you can email a request for one to firstname.lastname@example.org. Please submit your completed SAR Form either in person, by registered post or by emailing it back to email@example.com. We would advise that any attachments sent by email, containing personal information, should be password protected in some way and that a method of receiving the password separately is provided.
11 Lodging a Complaint
Knitsley Grange Farm Shop Ltd only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws.
If, however, you wish to raise a complaint regarding the processing of your personal data or are in any way unsatisfied with how we have handled your information, you have the right to lodge a complaint.
In the first instance, you should contact us directly by emailing the Data Control Officer at firstname.lastname@example.org.
or by writing to: -
Mrs Rachael Jewson
Knitsley Grange Farm Shop Ltd
East Knitsley Grange Farm
Tel: 01207 592059 option 4
12 Supervisory Authority ICO
If you remain dissatisfied with our actions, you have the right to take you complaint further with the Supervisory Authority.
The Information Commissioner’s Office (ICO) can be contacted at: -
Information Commissioner’s Office
Telephone: 0303 123 1113 (local rate)
or 01625 545 745 (national rate)
Fax: 01625 524 510