Upper Vobster Farm takes very seriously the responsibility for managing the personal information that you entrust us with, whether provided by you when you register with us or via our website, email and third party bookings systems. We are committed to respecting and protecting this personal information and ensuring compliance with data protection legislation. The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 as set out for the United Kingdom and the European Union regulate our use of your personal data. If you are accessing any of our services from another country, the commitment to uphold these regulations still applies.
The Data protection Act 2018 also stipulates that Personal data shall be processed in accordance with the rights of data subjects under this Act and Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Data Protection Policy
This policy applies to all customers, visitors and guests. It confirms that Upper Vobster Farm will comply with all statutory GDPR requirements by registering all personal data held on its computer and or/related electronic equipment and by taking all reasonable steps to ensure the accuracy and confidentiality of such information.
Upper Vobster Farm is a Partnership between Michael and Tricia Nicholson. Our place of business is Upper Vobster Farm, Upper Vobster, Radstock BA3 5SA and we can be contacted on 0044 (0) 1373 812166 or 0044 (0) 7563 945237. You can also find us on our website www.uppervobsterfarm.co.uk. The ‘Data Protection Officer (DPO)’ is Michael Nicholson, one of the partners of Upper Vobster Farm Partnership and he can be reached by emailing email@example.com
As data controller for the purposes of your personal data Upper Vobster Farm Partnership determines the purpose and means of the processing of your personal data.
The GDPR sets out seven key principles:
Lawfulness, fairness and transparency – how it is processed
Purpose limitation – collected and processed only for specified, explicit and legitimate purposes
Data minimisation - adequate, relevant and limited to what is necessary for the purposes for which it is processed
Accuracy - accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay
Storage limitation - not be kept for longer than is necessary for the purposes for which it is processed
Integrity and confidentiality (security) - be processed secure
Accountability - Upper Vobster Farm Partnership is accountable for these principles and must be able to show that we are compliant.
Information that we collect
Upper Vobster Farm Partnership will only collect and process appropriate information and only to the extent that it is sufficient to fulfil its functions or comply with any legal requirements. We will collect personal information from you when you or your organisation enquire about or register for our activities, register as a supporter of the business, make a donation to the business, receive a grant from us, or provide us with a service. This may include your name, title, email address, physical address, telephone numbers, job title and bank account details in order to process payments (sort code and account number only).
To process your information for the purposes described in this policy, we rely on the following legal basis:
Performance of a contract. The storage of your information may be necessary to perform the contract that you have with the Farm in relation to the purchases you may make
Legitimate Interests. We may use your information for our legitimate interests such as for administrative, fraud detection and legal purposes.
Disclosure and Compliance with Data Protection Laws
We will only disclose your personal information without your consent where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law or the reasonable requests of law enforcement agencies in line with current legislation.
We may be required by HMRC to provide details of our trading activity. In order to meet our obligations, we may:
Cite your name or that of your organisation as a guest.
Share information with our Accountant, but only to the extent that is required by law.
How we use the information you provide us
We will gather the information you provide us with in order for us to process your reservation or book an event and carry out our function as a business, which may include:
Communication with you or your organisation by way of email or postal address;
Internal record keeping for financial reporting and public accountability;
Developing and improving our service delivery;
We may also use anonymised IP address information as part of our website analytics; (Google Analytics), however this is not traceable to an individual.
The purpose in collecting this information is to better understand how you use our website. Our website is hosted on the wix.com platform. Wix.com provides us with the online platform that allows us to manage our services to you. Your data may be stored through wix.com’s data storage, databases and the general wix.com applications. They store your data on secure servers behind a firewall. We may use the information provided to us for
Internal analytics and Service Improvements
Sending periodic Newsletters with information about Upper Vobster farm and its services that you consented to receive
Internal record keeping
Retention of your information
Personal information will only be held by the us to enable us to perform our functions and to ensure the information we process is accurate.
The information we gather about you is subject to various regulatory and legislative requirements. Our aim is not to retain your information any longer than is necessary for us to fulfil our obligations and we will only retain personal information for as long as it is necessary for the purpose for which it was collected. A Data Retention Schedule is held by the business which will stipulate the retention periods for each data type.
If you have stayed at Upper Vobster Farm your information will be kept for two (2) years, in accordance with the Farm’s legal obligations. If you unsubscribe from our Newsletter, we will remove your details from our list immediately. You can unsubscribe from our newsletter by using the ‘Un-subscribe” function at the bottom of every newsletter. You can also send a request by email to: with the word “Unsubscribe” in the subject box.
Your Data Subject Rights
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request (see above).
You can correct any inaccuracies in your personal data. To do you should contact of the person for responsible for Data in the Business.
You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact the person for responsible for Data in the Business.
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do so you should contact the person for responsible for Data in the Business.
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
You have the right to object if we process your personal data for the purposes of direct marketing.
You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
With some exceptions, you have the right not to be subjected to automated decision-making.
You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact the person for responsible for Data in the Business.
How we securely handle and store your information
The security of your personal information is of the utmost importance to us We have procedures in place to prevent unauthorised access and to prevent the loss, misuse or alteration of information you give us.
When not in use, personal information collected in hard copy (paper) form is stored confidentially in a locked cabinet.
We make sure that any personal information no longer required in hard copy (paper) form is shredded and disposed of securely, or in electronic form is permanently deleted from computers and electronic devices.
Any devices through which personal information storage is accessed, are password protected and effective security software enabled. Electronic devices are shut and all devices locked when left unattended.
Communication with the Business may be sent by electronic means e.g. email and, for ease of use and compatibility, communications (other than payments where applicable) will not be sent in an encrypted form. Email unless encrypted is not a fully secure means of communication. The security of your personal information is important to us, but no method of transmission over the internet, or other method of electronic storage is 100% secure. To the extent we can, we are committed to protecting your personal information and to preventing unauthorised access to your data.
Credit and Debit Card data provided by you through our website, via third party booking agents and other channels is automatically encrypted and stored in compliance with the current Payment Card Industry Data Security Standard Level 1 compliant payment gateway providers on our web based reservations platform. It is deleted seven (7) days after the expiry date of the service purchased by you.
Dealing with Data Breaches
We have measures in place to minimise and prevent data breaches from taking place. Should a breach of personal data occur (whether in respect of you or someone else) then we must take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals, then we must also notify the Information Commissioner’s Office within 72 hours.
If you are aware of a data breach you must contact the DPO immediately and keep any evidence you have in relation to the breach.
You may be asked to send feedback after your stay to support Upper Vobster Farm to further improve our services. Your email address will be used for this purpose. If you complete a review it may be posted on our website, Facebook page, Trip Advisor page, Twitter and / or Google Plus. However, no identifying details will ever be attached to a review posting.
Links to Other Sites
We do not knowingly collect personally identifiable information from children under 13 years of age. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we discover that a child under the age of 13 has provided us with personal information, we will delete such information from our servers and systems immediately.
Controlling your Personal Information
We will not sell or transfer your information to any third parties.
We will regularly review the information that we hold about you, but should you feel that any information we hold about you is incorrect or incomplete please email and we will correct it.
When completing a web form on Upper Vobster Farm’s website or when receiving a Newsletter from us, you can tick an ‘opt in’ box to indicate that you wish your information to be used for any marketing purposes. You can also choose to ‘opt in’ by emailing firstname.lastname@example.org.
All marketing material will contain an “Opt Out” option where you can simply select the option to remove your information and your request will be updated.
We are committed to acting promptly and respectfully to any request you have to view, amend or delete any personal information we hold about you, and equally any request to join or withdraw from any mailing lists we manage. We will aim to meet this request within five days
We only collect personal information you have consented to provide, and you may withdraw your consent at any time. You can contact us at any time using the details provided below.
We are committed to acting promptly and respectfully to any request you have to view, amend or delete any personal information we hold about you, and equally any request to join or withdraw from any mailing lists we manage.
We will not sell your personal information to a third party and will only share your personal information without your consent in response to requests by law enforcement agencies.
We will not send you service marketing material unless you have given us permission to do so and make it simple for you to opt out at any time that you elect to be removed from our mailing list.
We will protect your personal information. In order to prevent unauthorised access or disclosure we have put in place robust physical, electronic and managerial procedures to safeguard and secure the information we collect both online and offline.
We will retain your information for only as long as is necessary.
We ensure we notify the Information Commissioner’s Office (ICO) on an annual basis of the personal information we hold or are likely to hold and the general purposes that this information will be used for.
Responsibilities - Partners
The partners have overall responsibility for the business’s data protection compliance.
This policy will be reviewed and approved by the Partners annually and any changes will be posted on this page and in relevant policy communications.
We are responsible for notifying the Information Commissioner’s Office (ICO) of the personal information it holds or is likely to hold and the general purposes that this information will be used for. The notification is renewed annually by the partners for any changes in the way the business holds personal information.
Responsibilities - Others
It is the responsibility of all individuals employed or undertaking work at the farm to comply with the procedures set out in this policy. Any non-compliance with this policy will be referred to the partners and may constitute a disciplinary matter. All individuals undertaking work on behalf of the charity have a responsibility to report non-compliances. If individuals are unsure as to whether a particular activity amounts to a non-compliance they should discuss their concerns with the Partners.
Controlling your personal information
If you believe that any information we are holding on you is incorrect or incomplete, please write to us at the above address or email us. We will promptly correct any information found to be incorrect.
For any questions, concerns, complaints about how we process your information, or if you would like information deleted from our records, please email:
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.