This Privacy Notice explains what we do with your personal information. This includes what you tell us about yourself, what we learn by having you as a tenant, visitor, customer, member, guest, employee, contractor, supplier of services and so forth, and the choices you make about the marketing you ask us to send to you. It also explains how we do this, how the law protects you and outlines your privacy rights. This notice is part of our suite of privacy notices; detailed notices are made available as appropriate. We update this notice regularly in accordance with changes in privacy law and when our activities or practices change (updated May 2018).
The Bedford Estates is the generic name under which the following businesses operate. There are several data controllers who have responsibility for personal data within our group. They are:
Our London property office is managed by Bedford Estates Bloomsbury Limited, 29a Montague Street, London, WC1B 5BL (company no. 10250020; ICO registration ZX307121). www.bedfordestates.com
The Woburn Estate includes our property office for Bedfordshire, the deer farm, forestry operation & support functions (including personnel & security). These are managed by the 1987 Settlement, The Bedford Estates, Bedford Office, Woburn, Bedfordshire, MK17 9PQ (company no. 03743508; ICO registration ZA059026). www.woburnabbeydeerfarm.co.uk www.woburnabbey.co.uk/property
Our leisure businesses in Woburn, Bedfordshire are part of Woburn Enterprises Partnership. These are: Woburn Abbey & Gardens, Woburn Safari Park, Woburn Golf Club and The Sculpture Gallery. The partnership is managed by Woburn Enterprises Limited, The Bedford Office, Woburn, Milton Keynes, Bedfordshire, MK17 9PQ (company no. 00966094; ICO registration ZA307399).
Woburn Farms Partnership
Our farming operation is managed by R&A Farms, The Bedford Estates, Bedford Office, Woburn, Bedfordshire, MK17 9PQ (company no. 02748881; ICO registration ZA059026).
In the first instance, questions about how we collect, store and use personal data or concerns about how it is managed should be directed to the relevant business.
Contact the businesses to:
- Update or rectify inaccurate/incomplete personal data
- Change your marketing & contact preferences
- Object to us using your personal data
There may be legal or other official reasons why we need to keep or use your data but tell us if you think that we should not be using it.
- You would like us to transfer a copy of your data to another company.
We are working with our software providers to ensure personal data you give under contract can be made portable.
If the business cannot resolve the issue or you require a copy of your personal data please contact the Data Protection Co-ordinator:
- phone: 01525 290 333
- email: firstname.lastname@example.org
- letter: Data Protection, The Bedford Estates, Bedford Office, Woburn, Milton Keynes MK17 9PQ
If we are still not able to resolve the matter you have the right to lodge a complaint with the Information Commissioner’s Office: https://ico.org.uk/ - they will always direct you to us in the first instance.
We use different kinds of personal information, here are examples of how we group them together.
As well as our internal policies and procedures, your privacy is protected by law. We are permitted only to use personal information if we have an acceptable reason to do so. This includes sharing it outside The Bedford Estates. The law says we must have one or more of these reasons:
Below is a summary of the potential reasons we collect personal data, of course, it is much more complicated and further information is available to you in our specific Privacy Notices. We only keep the minimum amount of personal data and regularly dispose of data not required. We also take steps to anonymise data.
Examples of our legitimate interests:
- Complying with regulations that apply to us.
- Being efficient about how we fulfil our legal and contractual duties.
- Managing our facilities.
- Making decisions about continued memberships and tenancies, arranging termination and exercising our rights set out in agreements or contracts and dealing with complaints.
- Efficient and proper estate and business management, planning, communications, keeping records up to date, benchmarking, accounting and auditing.
- Responding to communications sent to us, incl. social media posts; informing you of important changes to our business or policies; reviewing and improving the performance of our systems, processes & employees (including training).
- Obtaining legal advice.
- Ensuring animal health and welfare is maintained.
- To monitor and protect people and property.
- Effective resource management.
- Delivering staff benefits.
- Notify/invite our community to events.
- To determine whether you can provide goods or services to The Bedford Estates and participate in hosted events, and to enable the same.
- Administering competition entries.
- To support the local community.
Collection & Use of Personal Data
We only use your data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. Your personal data may be used without your knowledge or consent, where this is allowable by law.
The Bedford Estates has a rich archival heritage. For future research purposes which are in the public interest we store a limited amount of personal details permanently but please bear in mind that these records remain confidential for a period of 100 years. Here are some examples of what we keep forever.
- Publicity and Print: your image, if you have agreed to appear in print.
- Golf Club Membership: your name, dates of membership and reason for resignation.
- Occupiers of our property: your name & length of agreement.
- Employees: letters of thanks; gift presentation information.
Further information can be found in detailed privacy notices available from our businesses.
The consent of a parent or guardian is required for children under the age of 13 who wish to use the limited online services available to them.
Special category data handling
Certain data requires special handling because if it disclosed accidently it could have a harmful effect on you. This includes sensitive data (race & ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life or sexual orientation), criminal data and children’s data. As such, we will only use this data with your consent unless it is in your vital interests (threat to your life), it is in our legitimate interests, where there is a legal obligation or a contractual commitment.
Some examples of where we use special category data:
- Food requirements for catering (potential health data)
- Medical information required for tournament participation hosted The Golf Club
- To support your recovery at work after an absence (health data)
- Race/ethnic origin (equal opportunities monitoring)
- DBI checks (criminal checks)
Procedures are in place to handle this data appropriately.
Security of all data
We use Internet standard encryption technology ("SSL" or "Secure Socket Layer" technology) to encode personal data that you send to us when placing an enquiry through the Website. To check that you are in a secure area of the Website before sending personal data to us, please check that your browser displays an image of a closed padlock or an unbroken key.
However, please note that whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
We will take all steps reasonably necessary to ensure that all personal information is treated securely and in accordance with this notice. All information you provide to us is stored securely, including in a physically secure environment, on our secure servers. Access to your personal information will be restricted to such staff and other individuals as are necessary for the purposes for which the information was collected. Our staff are trained. All data is stored in the UK but should any data be transferred outside the EEA appropriate protections are in place.