Tel: 01285 770007
info@head4heights.net
The UK's Fastest Growing Aerial Adventure Centre
Head4Heights

Privacy Policy

This document supersedes all earlier versions and is designed to meet the requirements of the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications Regulations (PECR) and any legacy data concerning the Data Protection Act. These combined rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.

Goal of the data protection policy

Head 4 Heights (H4H) is committed to a policy of protecting the rights and privacy of individuals, including customers, staff and others, in accordance with the General Data Protection Regulation (GDPR) May 2018. The new regulatory environment demands higher transparency and accountability in how businesses manage and use personal data. It also accords new and stronger rights for individuals to understand and control that use. The GDPR contains provisions that the company will need to be aware of as data controllers, including provisions intended to enhance the protection of customer's personal data. For example, the GDPR requires that: We must ensure that our customer privacy notices are written in a clear, plain way that all members will understand. H4H needs to process certain information about its staff, participants, parents and guardians and other individuals with whom it has a relationship for various purposes such as, but not limited to:

  • The recruitment and payment of staff.
  • The request, through an umbrella company, to process criminal record disclosures.
  • The collation, storage, transfer and destruction of personal information.

To comply with various legal obligations, including  the obligations imposed on it by the General Data Protection Regulation (GDPR) H4H must ensure that all this information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully.

Managing Data Protection

We will ensure that our details are registered with the Information Commissioner.

Purpose of data held by H4H

Data may be held by us for the following purposes:

Staff  Administration

Accounts & Records

Advertising, Marketing & Public Relations

Information and Database Administration

Journalism and Media 

Research

Data Protection Principles

In terms of the Data Protection Act 1998, we are the 'data controller', and as such determine the purpose for which, and the manner in which, any personal data is, or is to be, processed. We must ensure that we have:

Fairly and lawfully processed personal data

We will always put our logo on all paperwork, stating our intentions on processing the data and state if, and to whom, we intend to give the personal data. Also provide an indication of the duration the data will be kept.

Processed for limited purpose

We will not use data for a purpose other than those agreed by data subjects. If the data held by us are requested by external organisations for any reason, this will only be passed if data agree.

Adequate, relevant and not excessive

We will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. If data given or obtained is excessive for such purpose, they will be immediately deleted or destroyed.

Accurate and up-to-date

H4H will take reasonable steps to keep personal data up to date and accurate.

Signed consents

By signing our consent forms, you are giving us your consent to contact you and hold your personal data. You have the right to withdraw or object to your consent at any time by contacting H4H directly on 01285 770007 or by emailing info@head4heights.net

Right to restrict processing and portability

You have a right to block or restrict the processing of your personal data. You can request to obtain and transfer your data from one business to another. You can make a request verbally or in writing to H4H. We will verify the identity of the person making the request, using "reasonable means".

The right to erasure

You have the right to request the deletion of your data. Contact H4H for this to be processed.

Not kept longer than necessary

Personal data will be stored for 6 years after an employee  has worked for H4H. Customer personal data will be stored for as long as the data owner and or customer uses our services. Where individual ceases to use our services and it is not deemed appropriate to keep their records, their records will be destroyed after the legal retention period. However, unless we are specifically asked by an individual to destroy their details, we will normally keep them on file for future reference. The Core Team (Director/Head Instructor/Deputy Head Instructor) have responsibility for destroying personnel files by shredding/mulching/burning and electronic data erasing.

Secure

Only H4H employees will normally have access to personal data. Employees  are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.

A copy of staff emergency contact details will be kept in the Accident & Emergency Procedures file to be used in emergency situation.

To preserve security, all information is obtained, held, disclosed and disposed of in a secure manner. Such information may be kept in either computer or manual records. In processing such personal data H4H will comply with the data protection principles within the Data Protection Act 1998.

Not transferred to countries outside the European Economic Area, unless the country has adequate protection for the individual.

Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual. H4H takes particular care to be aware of this when publishing information on the Internet, which can be accessed from anywhere in the globe. This is because transfer includes placing data on a web site that can be accessed from outside the European Economic Area.

Customer Consent

Personal data is collected over the phone and using other methods such as e-mail. Personal data will not be passed on to anyone outside H4H without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation. 

Use of Photographs

H4H will seek consent (PI Form) from individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), H4H will remove any photograph if a complaint is received. This policy also applies to photographs published on the H4H's website and social media channels.

The Information We Collect

H4H receives and stores information you enter on our website or give us via telephone or email. This includes information that can identify you (personal information), and may include your first and last name, telephone number, postal and email addresses. If you enter into correspondence with us regarding a booking, enquiry or complaint, we may also keep details of that correspondence. You can choose not to provide information to us, but in general some information about you is required in order for you to make a booking or submit an enquiry form.

The H4H website uses third party embedded content from Google. Cookies may be set by these sites in order for this functionality to work, however these are not managed by H4H and data collected from them may be stored outside the EEA.

Google Analytics

H4H uses Google Analytics to scrutinise its website. The information Google Analytics gatherers using cookies relating to our website, is used to create generic reports about the use of our website.

Google's privacy policy is available at www.google.com/policies/privacy/

Responsibilities of staff

During the course of their duties with H4H, employees will be dealing with information such as names/addresses/phone numbers/email addresses of clients and customers. They may be told or overhear sensitive information while working for H4H. The Data Protection Act (1988) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Employees must abide by this policy.

Compliance

Compliance with the Act is the responsibility of all staff. H4H will regard any unlawful breach of any provision of the Act by any staff as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution.

Data Breaches

The term 'personal data breach' refers to a breach of security which has led to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. H4H will ensure that all staff members are made aware of, and understand, what constitutes as a data breach as part of their continuous development training.

Where a breach is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed.

All notifiable breaches will be reported to the relevant supervisory authority within 72 hours of H4H becoming aware of it.

The risk of the breach having a detrimental effect on the individual, and the need to notify the relevant supervisory authority, will be assessed on a case-by-case basis.

In the event that a breach is likely to result in a high risk to the rights and freedoms of an individual, H4H will notify those concerned directly.

Data Subject Rights

Your rights as a data subject at any point whilst H4H is in possession of or processing your personal data, all data subjects, have the following rights:

Right of access - you have the right to request a copy of the information that we hold about you.

Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten - in certain circumstances you can ask for the data we hold about you to be erased from our records.

Right to restriction of processing - where certain conditions apply to have a right to restrict the processing.

Right of portability - you have the right to have the data we hold about you transferred to another organisation.

Right to object - you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling - you also have the right to be subject to the legal effects of automated processing or profiling.

You can request the following information:

  • Identity and the contact details of the person or organisation (H4H) that has determined how and why to process your data
  • Contact details of the data protection officers (Core Team), where applicable
  • The purpose of the processing as well as the legal basis for processing
  • If the processing is based on the legitimate interests of H4H and more information about those interests
  • The categories of personal data collected, stored and processed
  • Recipient(s) or categories of recipients that the data is/will be disclosed to
  • How long the data will be stored
  • Details of your rights to correct, erase, restrict or object to such processing
  • Information about your right to withdraw consent at any time
  • How to lodge a complaint with the supervisory authority (ICO)
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
  • The source of personal data if it wasn't collected directly from you
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing

H4H reserves the right to charge a fee for each data request.

In the event that H4H refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

Validity of this policy

This policy will be reviewed at least annually. Associated data protection standards will be subject to an ongoing development and review programme.

Head 4 Heights Ltd Registered Office: Dennis & Turnbull, Swatton Barn, Badbury, Wilts, SN4 0EU

Company Number: 04733597 - Directors:  R D Baber 

Website by Revolution Software | H4H supports the charity Tree of Hope | Privacy Policy