Privacy policy

Privacy Policy and Data Protection Regulation documents (GDPR)

The historic Matfield House welcomes visitors (the "Service") and is the controller and responsible for your personal data.

This page provides an overview of how we collect, manage, use and protect the personal data we receive or obtain about you and your relationship with us.

We use your Personal Information for providing and improving the Service, and by using the Service, you agree to the collection and use of information in accordance with this policy.

Who are we?

Matfield House
Mr J.W.P. and Dr S.E. Garthwaite
Matfield House
The Green
Matfield
Tonbridge
TN12 7JT

What data do we collect about you?

We generally collect data that you provide to us directly, but we may also collect data from third parties such as:

• Associates of yours
• Publicly available sources, such as social media
• Third party booking and marketing companies

The data we collect and for what purpose will depend on who you are, the nature of the relationship that you have with us and the legal requirements concerning public openings. This may include:

• Basic contact information. This may include your name, email address, telephone number and postal address.
• Marketing preferences. If you receive marketing communications from us by email, then we will hold your marketing preferences on record which you may update at any time
• Records of communications that you have with us. If you contact us or we contact you for whatever reason (eg by email or letter), then we will retain records of such correspondence

Other information that you provide to us voluntarily. This could include details such as special accommodation requirements.

For what purposes do we use data about you, and on what legal basis?

Throughout the duration of our relationship with you, we may use data about you for the following purposes:

To communicate with you performance of a contract to which you are a party:

• In the course of our relationship with you we may need to communicate with you by email, phone, post or in person.
• This may be, for instance, in relation to the service you are receiving from us, or for you to report incidents to us.
• To respond to an enquiry submitted on our website, or via phone, email, post, SMS and social media.
• We will generally collect contact details directly from you. This may be, for instance, you sending us an email or writing to us.
• We have a legitimate business interest to contact you in the course of any commercial business relationship.

To send you marketing communications:

• In accordance with your preferences, we may send you marketing materials and communications via email, (post) or telephone.
• It is our legitimate business interest to send you marketing materials.
• Where we have obtained your consent to send marketing materials and communications then we rely on this consent as the legal basis.

To create and manage records of your involvement with us:

• We will keep records of the data we collect about you in accordance with the practice of repeat business, though we will proactively identify old, out-of-date personal data and securely remove this from our systems.
• This will include, for instance, records of written communications between you and us.
• The data will generally be collected directly from you, although the means of collection will depend on the type of data that is being recorded.
• We have a legitimate business interest to retain and manage records for as long as is necessary to fulfil the other purposes outlined in this notice.

To comply with our legal and regulatory obligations

To record the names and number of people visiting our property at any one time

To defend our legal rights in the event of a claim or dispute.

The data will generally be collected directly from you, although the means of collection will depend on the type of data that is being recorded.

We have a legitimate business interest to use your data where necessary to defend any claims that are made against us.

To share your data with relevant third parties

We may use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

We will generally collect contact details directly from you. This may be, for instance, you sending us an email, letter or providing us with a business card.

A legitimate business interest that is not overridden by your interests, rights and freedoms which require protection.

It is our legitimate business interest to share your data with third parties who provide us with services relevant to our provision of the website and other services. Whenever we share your data with third parties then we look to put in place contractual protections to govern how your data is used.

Where we do not base our use of data about you on one of the above legal bases, we will ask for your consent before we process the data (these cases will be clear from the context). In these circumstances we will provide specific information to you about both the relevant processing activities and your rights in relation to them.

In some instances, we may use data about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

Where none of the above conditions apply, we will ask for your consent to process the data.

Information we provide

We provide individuals with privacy information at the time we collect their personal data from them.

If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information:

• within a reasonable of period of obtaining the personal data and no later than one month;
• if we plan to communicate with the individual, at the latest, when the first communication takes place; or
• if we plan to disclose the data to someone else, at the latest, when the data is disclosed.

We provide the information in a way that is:

• concise;
• transparent;
• intelligible;
• easily accessible; and
• uses clear and plain language.

We regularly review and, where necessary, update our privacy information.

If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.

We undertake an information audit to find out what personal data we hold and what we do with it.

We put ourselves in the position of the people we’re collecting information about.

We carry out user testing to evaluate how effective our privacy information is.

Best practice – when delivering our privacy information to individuals, we use a combination of appropriate techniques, such as:

• email
• notices
• icons

Your individual rights as data subjects

Where applicable, the right to withdraw consent.

Right to the source of the personal data (if the personal data is not obtained from the individual it relates to).

Right of access: individuals have a right to know what information on you we are holding and why we are holding it, we will respond within 40 days stating:

• whether we hold any personal data on you
• what the data is, the reason we are holding it and those to whom it has/may be disclosed, along with an intelligible copy of the information and details of the manner in which it was collected.
• Right to prevent processing for the purposes of direct marketing: if we receive a written request from an individual to cease using the personal data we hold on you for direct marketing, we must do so.
• Right to prevent processing likely to cause damage or distress: if we receive a written request from an individual to cease using the personal data we hold on you, because it is causing or likely to cause substantial damage or distress to you or another, we must do so.

Right to compensation: any individual who suffers damage or distress as a result of a contravention of the Act by us is entitled to seek compensation from us if we did not take reasonable care to comply.

Right to lodge a complaint with a supervisory authority.

Note: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We have the right to require reasonable proof of identity from a person asking to exercise these rights.

Contact Us

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the email address link on this website.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Last updated: 24 May 2018