Privacy notice Please read
This privacy notice is to let you know how we promise to look after your personal information. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
Who are we
Brimhams Active Limited complies with Data Protection Legislation and is a registered ‘Data Controller' with the Information Commissioner's Office (ICO) - reference ZB144487.
Our privacy promise
- to keep your personal information safe and private
- not to sell your personal information
- to give you ways to manage and review your marketing choices, if applicable at any time
How we collect your personal data
We collect information about you in order to provide public services to you, comply with regulations, and to build stronger relationships with partnership organisations. We may collect information on paper or online forms, by telephone, email or a member of our staff may collect information from you in person.
Information about you may be collected on our behalf by one of our partners.
We may need to pass your information to other people and organisations that provide a service on our behalf. These providers are obliged to keep your details securely, and use them only to provide the service to you in accordance with our instructions.
We need to collect and use information about you to:
- deliver public services
- confirm your identity to provide some services
- contact you by post, email or telephone
- understand your needs to provide the services that you ask for or need
- understand what we can do for you and inform you of other relevant services and benefits
- ask your opinion about our services
- update your customer record
- help us to build up a picture of how we are performing at delivering services to you and what services the people of the Harrogate district need
- prevent and detect fraud and corruption and crime
- allow us to undertake statutory functions efficiently and effectively
- make sure we meet our legal obligations including those that relate to equality and diversity
- process financial transactions including grants, payments and benefits involving the council, or where we are acting on behalf of other government bodies, for example, Department for Work and Pensions; or
- protect individuals, where necessary, from harm or injury.
Personal Information you give to us:
You give us your personal information
- when you apply for our products and services
- when you talk to us on the phone or at one of our reception areas
- when you use our websites, mobile device apps
- in emails and letters
- in complaints, claims or other documents
- in witness statements and interviews
- in customer surveys
- if you take part in our consultations, questionnaires or promotions
How we share your information
We may be required or permitted, under Data Protection Legislation, to disclose your personal information without your explicit consent, for example, if we have a legal obligation and/or basis to do so, namely:
- law enforcement
- criminal prosecutions
- court proceedings
- legitimate interest
Brimhams Active Limited must protect public funds and may use your personal information and data-matching techniques to:
- detect and prevent fraud
- collect taxes
- ensure public money is targeted and spent in the most appropriate and cost-effective way
Your information may be shared with other bodies responsible for auditing or administering public funds including:
- the Cabinet Office
- the Department for Work and Pensions
- other local authorities
- HM Revenue and Customs
- the Police
- Disclosure and Barring Service
- Credit Reference Agencies
We may monitor and record your phone conversations with us for a number of reasons, for example, for staff training, for the detection, investigation and prevention of crime. We will inform you if your call is being recorded or monitored.
Emails that we send to you or you send to us, may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedules. If we need to email sensitive or confidential information to you, we may perform checks to verify the correct email address and may take additional security measures.
Using our website
The Turkish Baths Harrogate website is solely owned by us. We do not store or capture personal information about you when you use our website unless you decide to provide it to:
- subscribe to or apply for services that require personal information
- contact us for whatever reason and provide us with your contact details so that we can respond to you
The personal information you give to us when using our online payment system will only be used for the recording of your payment. We will ensure that it is not used for any other purpose and is not disclosed to a third party, in other words, other companies or individuals unless required to do so by law for the prevention of crime and the detection of fraud. We will hold your personal information securely and only for as long as is needed. It will then be deleted in line with our Retention and Disposal Policy and Procedure.
How we use your information to make automated decisions
We sometimes use systems to make automated decisions based on personal information we hold about you. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know.
We currently make automated decisions about parking fines.
In relation to automated decisions, you have the following rights
- you can ask that we do not make our decision based on the automated decision alone
- you can object to an automated decision, and ask that a person reviews it
Sending data outside of the EEA
We will only send your data outside of the European Economic Area (‘EEA’):
- if you instruct us to do so
- to comply with a legal obligation
- if we work with our suppliers, agents , partners and advisers who we use to help run your accounts and our services
If we do transfer information to our suppliers, agents, partners or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We'll use one of these safeguards:
- transfer it to a non-EEA country with privacy laws that give the same protection as the EEA
- put in place a contract with the recipient that means they must protect it to the same standards as the EEA
- transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between countries that are not part of the EU and EU countries. It makes sure those standards are similar to what is used within the EEA
If you choose not to give personal information
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations to you. It may also mean that we cannot perform services needed to run your accounts or the services provided to you.
We may need to collect personal information by law, or under the terms of a contract we have with you. Any information collected by us from you which is optional will be made clear at the point of collection.
Consent and how we record consent
Why is consent important?
Consent is one lawful basis for processing, and explicit consent can also legitimise use of special category data. Consent may also be relevant were you have exercised your right to restriction, and explicit consent can legitimise automated decision-making and overseas transfers of data.
- we keep a record of when and how we obtained your consent
- we keep a record of exactly what you were told at the time
Managing the consent you give to us
- we regularly review the consent you have provided to check that our relationship with you, the reasons for processing your personal information and the purposes have not changed
- we have implemented processes to refresh consent at appropriate intervals, including any parental consent required
- we make it easy for you to withdraw your consent at any time, and publicise on our website how to do so
- we act on withdrawals of consent as soon as we can
- we will not penalise you if you withdraw your consent
We may use your personal information to tell you about relevant products relating to our services such as news, consultations, market research, events and their updates, updates on the services we provide to you and offers. This is what we mean when we talk about 'marketing'.
The personal information we have for you is made up of what you tell us, and data we collect when you use our services, or from third parties we work with.
We can only use your personal information to send you marketing messages if we have either your consent or there is a 'legitimate interest' to do so. At times, we may have a business or commercial reason to use your personal information. If we process your personal information on this basis, we will ensure that it does not unfairly go against what is right and best for you.
You can ask us to stop sending you marketing messages at any time by contacting us.
How long we keep your personal information
Personal information will not be kept longer than is necessary for its purpose. This means that data will be destroyed or erased from our systems when it is no longer required. Please contact the council's Data Protection Officer at the address below for further information on data retention periods. You also have the right to request that your personal information is erased in certain circumstances.
How to get a copy of your personal information
A request for information that we hold about you should be made in writing but requests made verbally depending on the circumstances are also accepted (as long as you can prove your identity).
Under the Right of Access, we will provide a copy of your information free of charge. However, we can charge a 'reasonable fee' when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we can charge for all subsequent access requests.
Once you have requested your information, we will provide you with your personal information within 30 days. We may need to extend this period by a further two months where necessary taking in to account the complexity and number of requests. If we have to extend the period, we will notify you within 30 days of receipt of the request.
You can use the contact details below:
Subject Access Request
Data Protection Officer
PO BOX 787
Letting us know if your personal information is incorrect
You have the right to question any personal information we have about you that you think is wrong or incomplete (Right of Rectification).
Please contact our Data Protection Officer whose details are set out below if you want to do this.
If you do, we will take steps to check its accuracy and correct it.
What if you want us to stop using your personal information?
You have the right to ask us to stop processing your personal information if it is likely to cause unwarranted substantial damage or distress to you or anyone else (Right to Restricted Processing).
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. (Right to Object and Right to Erasure) There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should stop using it.
We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
- it is not accurate
- it has been used unlawfully but you don't want us to delete it
- it not relevant any more, but you want us to keep it for use in legal claims
- you have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it
If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact our Data Protection Officer.
How to request your personal information for your own purposes
You have the right to obtain and reuse your personal information for your own purposes from us (Right to Data Portability).
How to withdraw your consent
You have the right to withdraw your consent at any time. Please contact us if you want to do so.
If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.
How to complain
Please let us know if you are unhappy with how we have used your personal information. Please email email@example.com.
You also have the right to complain to the Information Commissioner's Office. Find out on their website how to report a concern.
If you have any queries regarding your personal information, your rights and this privacy notice you can contact us by email at firstname.lastname@example.org or by writing to Data Protection Officer, PO BOX 787, Harrogate, HG1 9RW.