This web page details what information Channel Farm Company, t/a “Loch Leven’s Larder” (“we”, “our”), collects from anyone who buys, uses or supplies any of our products or services, or who uses our website, or is part of our loyalty scheme. It also explains how we use and protect this information, and your rights.

We are committed to ensuring your privacy is protected in accordance with Data Protection Standards.

We use the following definition for Personal Data:

Personal data
Information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers and marketing contacts.

Sensitive personal data
Personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings—any use of sensitive personal data will only ever be carried out with the express permission of the individual.

We may change this policy from time to time by updating this page.  This policy is effective from 25 May 2018, but we ask you to check this page from time to time.  Any updates or changes to the use of your personal data will be advised to you, prior to that change of use.

---

1. Who Are We?

Channel Farm Company t/a Loch Leven’s Larder.  We are the Data Controller responsible for your personal data.

On-Line :          www.lochlevenslarder.com

Social:             Facebook: @lochlevenslarder Twitter: @lochlevenlarder Instagram: @loch_levens_larder

Telephone:       01592 841000

Email:               emma@lochlevenslarder.com

Post:                 Channel Farm, Kinross KY13 9HD

Contact Us

You can contact us by using one of the contact methods above.

What services do we provide?

Loch Leven’s Larder, is a family-run destination, with cafés, deli and gift shop all located on our farm.

---

2.What Personal Data do we collect?

The specific information that we collect will vary depending on what services we provide you by way of contract, or what you either provide us explicitly e.g. signing up to a newsletter or perhaps applying for a job with us.

Typical information will include some or all of the following depending on the services we are providing you:

Identification and contact data – Email Address, Name, Phone Number, Postal Address

Financial Data – bank details, Tax and National Insurance information, credit card information

Transaction Data – including your billing history and products and services you use and anything else relating your account.

Profile Data – including information you provide to us in your communications with us, information you provide to us when entering prize draws or competitions or participate in surveys.

Marketing and Communications Data – including your preferences in receiving marketing from us and our third parties and your communication preferences.

Web Related Data – your IP address, geographical data, cookies

We do not collect any special categories of personal data about you (this is sensitive personal data and includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How do we collect Personal Data?

We collect personal information about you through:

Direct interactions
 You may give us your Identity, contact, financial and transaction data when you use our website, when you purchase our products and services and during the sales process.

Third parties or publicly available sources
We may sometimes receive personal data and additional information from third parties including credit reference agencies or other background check agencies, our partners; and business directories.

We will collect additional personal information in the course of performing our contract with you and in providing our products and services to you throughout the period of your contract with us.

What happens if you fail to provide personal data?

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

---

3. What do we use your Personal Data for?

The specific use of Personal Data will be detailed in the relevant Privacy Policy for the specific service(s) we are providing you.

As a general guide we use Personal Data for the following services.

1. To Deliver the services that we have contracted with you to provide.
   In these circumstances the legal basis of processing is likely to be Contractual Obligation or Legal Obligation (see below).  Depending on how you have asked us to communicate with you eg Phone, Text Message, Email, or how we are required to communicate with you eg secure Royal Mail deliveries we will use one or many of the methods you have provided us with.  In some cases, we may be required by law or for security reasons to communicate with you in a specific manner.
2. Newsletter and Loyalty Scheme
   If you have explicitly signed up to our loyalty scheme or newsletter then your information will be used, in that case, for the specific purpose of sending you the newsletter or in the case of the loyalty scheme information about the loyalty scheme and offers of products, services and events that may be of interest to you.  We will use one or many of the methods you have provided us with (Email, SMS, Post) in order to communicate with you.
3. If you are an existing customer or have inquired about a product
   We may send you news about relevant products and services based on your preferences at the time unless you have opted-out of receiving contact from us. You will be asked about this at the time of engagement.
4. Web site Cookies
   We use web site cookies to enhance your experience when visiting our site.  For a period of time, defined by the Internet Service Providers retention policy, your IP address can be used to identify you (or your location) and as such constitutes personal data.  We do not explicitly use this information ourselves, but we do use it to monitor where visitors are coming from and what is being looked at on our site.  Please see more on cookies below.

This list is not exhaustive but designed to provide you indicative uses of your personal data.  Please ensure you read the appropriate Privacy Policy for the product or service we are providing you for specific information.

Why do we need this information?

Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the contract we have entered into with you.
2. Where we need to comply with a legal obligation.
3. Where we have your consent.
4. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest.

---

4. What is the legal basis of processing?

The types of situations in which we will process your personal information are set out in the table below.   Some of these grounds for processing will overlap.

Legal Basis	Explanation and Type of Data	Examples
Contractual Obligation	Where we have contracted with you to provide you a service or benefit.	To provide our products and services, and to process and deliver orders. To provide you with the information and services that you request from us. For billing purposes, to manage payments, fees and charges. To send certain communications (including by email and SMS) to you including service announcements and administrative messages and other communications relating to our services. To ensure security for you and our staff, and to help maintain service quality (calls to our customer services may be monitored and/or recorded for authentication, security, quality and training purposes).
Legitimate Interest	Where we believe our legitimate interests do not override your interests, rights and freedoms.	To notify you about (a) changes to our services and to make suggestions and recommendations to you about goods or services that may be of interest to you and (b) service announcements and administrative messages and other communications relating to our services (and in both cases, where you have not opted out of receiving such information). To collect and recover money owed to us. To prevent fraud. To ensure security for you and our staff, and to help maintain service quality (calls to our customer services may be monitored and/or recorded for authentication, security, quality and training purposes).
Legal Obligation	This is where the organisation has a legal obligation to comply with current law, industry compliance requirements, court order etc.	To prevent fraud. To comply with applicable laws, regulations, court orders, government and law enforcement agencies’ requests, to operate our systems properly and to protect ourselves, our users and customers and to solve customer issues.
Consent	This is where you have given express opt-in consent.	Where you are a loyalty scheme member, to send certain communications (including by email and SMS) to you about the loyalty scheme.
Vital Interest	Where the collection or sharing of information is in the vital interest of you or other members of the public, including staff or clients	Sharing appropriate identity information with a medical provider (Ambulance, doctor, hospital etc) in the event you are taken ill while on our premises or when in our care.

Can I withdraw consent or change my preferences?

The short answer is `yes’, you can withdraw your consent at any time by contacting us at the contact details above, letting us know when you would like to change.

But in many cases, objecting to the processing or sharing of your information may result in a benefit being withdrawn or us being unable to comply with the law or our contract with you.   Some requests may also require a re-issue you your employment contract.  You will be informed of how we can or cannot comply with your request, if you were to make such a request.

If you do with to object to us processing your data, you can do so at any time by contacting us at the contact details above, letting us know when you would like to change.

---

5. What decisions are going to be made using my Personal Data?

Each role within the organisation is clearly defined by way of skill, experience, qualification requirements etc.  Additionally, some roles also have specific requirements in relation to fitness and health status depending on the nature of the role.  Roles involving the care or monitoring of vulnerable adults or children will also require criminal records checks, which we are required to do under law as part of our duty of care towards them.

Q. Is there any Automated Decision-making being applied to my Personal Data?
A. There is no automated decision-making being made using your Personal Data.

---

6. Third Parties – Service Providers, Business Partners and others

We do not share any personal data of customers or suppliers with any third party.  We work with a number of third-party services providers who undertake services for us, these include:

• Our partner companies or agencies and their sub-contractors or prospective partners who help us run our services, for example EventBrite for online ticket sales and Mailchimp for our newsletter.
• New or prospective owners of Channel Farm Company.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third -party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Where we may share your information without your explicit consent

We may be required or chose to share your information in certain circumstances without obtaining your explicit consent, some examples of this would be:

• To comply with any legal process, applicable law or governmental request e.g. warrant, subpoena, statutory reporting, sector specific compliance
• To enforce/administer our agreements
• To protect our company or the public from harm or illegal activities
• For fraud prevention, investigation, risk assessment
• To protect the rights and property of our company
• To defend ourselves against third-party claims or allegations

In any event, we will consider your rights and privileges before sharing this information.

---

7. Data Retention- How long will we use your information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For most of our customers who buy products or services in the shop or the restaurant, we do not retain any personal data. However, if we have been required to take your personal data for any transaction, by law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will retain and securely destroy your personal information in accordance with applicable laws and regulations.

---

8. Your Rights

You can see your full rights from the Information Commissioner’s Office here. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

---

9. Security

We operate a Privacy by Design and By Default policy.  This means that before we use your data we have already considered the potential impact on you were your data to be lost, stolen, shared or compromised.

We undertake routine reviews of our processes and security policies in order to ensure that we can take all reasonable precautions in protecting your data.

Where at all possible we encrypt all information that is either stored or transmitted to third-parties.  Where data is stored or transmitted to a Third Country (any country outside of the European Economic Area (EEA)) we will ensure appropriate adequacy protection is in place in accordance with Data Protection Legislation.

Consequently, we may also need to sometimes undertake further security and screening questions when undertaking our routine dealings with you these are there to protect your personal data and security.

Whilst we undertake all reasonable precautions, encryption, software updates and patches, we cannot guarantee the safety of data transmitted over the internet.

Data Breach

In the event of a Data Breach of your Personal Data, which means:

“The unintended loss, destruction amendment or disclosure of Personal Data”

We will first do all that is necessary in order to minimise the impact on you, identify any potential malicious third-party, identify any third-parties that may also be impacted and take all reasonable efforts to ensure that you are notified.

In the event that we are notified by a third-party of a breach, in their systems, we will undertake the same level of efforts.

We will undertake this communication either directly with you as an individual or by sending out a public notification.

At the same time we will comply with the current law in respect of informing the appropriate Supervisory Authority which is currently the Information Commissioners Office (ICO).  We are under a legal requirement to report Data Breaches to the ICO.

How you can help protect your Personal Data

In all cases, the information we require to obtain for you is necessary in the provision or assessment of the provision of services to you.  We rely on this information being accurate and up to date, which is in part our responsibility as well as yours.

However, in many cases you are able to limit the use of your information for services that do not require your data.  However, limiting your information may result in you not being able to receive that optional service.

Changes to your Personal Data

In the event that your Personal Data, that we use to provide you goods or services, changes e.g. your surname, address, email address – it is critical that you inform us of these changes to ensure we have the correct information on our systems.  Where you have access to administer these changes yourself we would expect you, if you are able, to update these details accordingly or else inform us of changes as soon as possible.

---

10.Marketing, Links to other sites, social media, cookies

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

We have established the following personal data control mechanisms:

Promotional offers from us

We may use your Identity, Contact, Technical and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have signed up to receive our newsletter, or if you are a loyalty scheme member, or if you have requested information from us or purchased products or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.

Third-Party Marketing

We will get your express opt-in consent before we share your personal data with any company outside our group of companies for marketing purposes.

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Opting out of marketing lists, only removes you from such communication.  Transactional emails e.g. those relating to services we are providing to you or responding to queries or enquires you make to us, may still result in us emailing you information where that medium is most appropriate.

Links to other sites

We may provide, from time to time, links to other sites via our newsletter, blog article or other web links.

Because we have no control over these sites, we cannot take responsibility for the practise they may undertake in respect of privacy and/or protecting your Personal Data.  We would therefore advise you to satisfy yourselves that these sites are operating privacy policies that inform you how they handle and protect your data – as we cannot take any responsibility for this.

Social Media Widgets and Links

You are probably familiar with the Facebook “Like” button and the various “Share” buttons that are available to users of the internet.

We sometimes use these to allow us to promote our services to other people as well as get feedback as to what articles, pages or blogs are of interest.

These other service providers may collect Personal Data about you, such as IP address, pages you visit on our site and may set their own cookies to enable them to function properly. In much the same way as Links to other sites do not allow us to enforce our policies, we would suggest that you undertake the same checks regarding the privacy policy of the company providing those features.

Cookies

Cookies are small files that are downloaded by many web sites to either enable a site to work, to assist you e.g. remembering your username and/or passwords, to track your behaviour in order to show relevant content and to show relevant marketing information which in turn may follow you across other sites.

You can opt-out of allowing cookies by instructing your browser to stop accepting cookies or to prompt you before accepting a cookie from a website you visit, by changing the settings within your browser software.