Who we are

Our website address is: https://horseclinics.co.uk.

 

Privacy Policy

Keeping your personal information safe is very important to us.  We are committed to complying with privacy and data protection laws and being transparent about how we process personal data.

We have policies, procedures and training in place to help our employees and volunteers understand their data protection responsibilities and follow the data protection principles.

We have a nominated member of staff who serves as our Data Protection Lead.

If you have any questions regarding our Privacy Policy, please email chrissy@horseclinics.co.uk

This privacy policy relates to our use of any personal information we process about you.

 

 

For our customers:

How we Collect Personal Data

We may collect your personal data in different ways, for example:

  • When you communicate with us by post, telephone, SMS, email or via our website
  • From the information you provide to us when you make a booking on our website
  • As you interact with us in other ways, as a contractor, or in any other capacity
  • Contact information that available on the internet  

 

How we use Personal Data

 We may collect your personal data in different ways, for example:

 

  • Membership applications, administration, and renewals
  • Provision of training courses to individuals
  • Accredited Professional Coach applications
  • Managing and responding to issues
  • Fulfilling purchases from our online shop
  • Processing donations
  • Dealing with complaints
  • Carrying out surveys
  • Processing expenses

We only collect personal information that we genuinely need.

 

This may include:

 

  • Contact details such as name address, email address and phone numbers
  • Credit card details and any purchases you have made
  • Date of birth and gender
  • Qualifications
  • Nationality

 

Dealing with complaints and appeals

 

If a complaint or an appeal is raised with us, we will process the personal information that is provided to us to manage and resolve the complaint or appeal. This may include sharing relevant information with an affiliated organisation, such as The BEF or a riding club, a coach, welfare officer or other organisation, depending upon the nature of the complaint and the area it relates to. Our legal basis for using personal information for this purpose is to fulfil our commitment to providing the best services to our members.

 

 

Your Rights

 

If you no longer wish to receive communications about products and services from us, please contact chrissy@horseclinics.co.uk. You can also unsubscribe at any time to emails that we may send to you about the products and services that we think will be of interest to you.

 

Fulfilling purchases from our online shop

If you choose to make a booking through our online service shop, we will not use the bank details information you provide, as they will be securely processed through PayPal. 

 

 

For our members:

 

Legitimate interest and how we fulfil our objective of resolving complaints in a careful and appropriate manner. This is also how are processing our members data to let them know about the service we are providing.

 

 

General Statement About Using Research to Update Contact Information

 

Horse Clinics may make use of profiling and screening methods to produce relevant communications and provide a better experience for our members. Profiling can help us target our resources more effectively by gaining an insight into the background of our members and helping us to build relationships that are appropriate to your interests and capacity to give.

To do this we may use external data sources, such as telephone look up, via carefully selected agencies. This helps us meet one of the requirements of GDPR – Article 5.1.(d):  Personal data should be accurate and, where necessary, kept up to date.

This may include obtaining details of changes of address, date of birth, telephone numbers and other contact details.

 

For mailing and telephone based direct marketing campaigns, we may contact you by telephone and mailing campaigns under legitimate interest. If you do not wish to be contacted, you may inform us at the moment of your registration. We will provide a clear option to opt-out of email communications and we will have a data deletion and retention log to ensure that any opt-out contacts are not targeted again.

 

 

Legitimate interest:

 

We use legitimate interest to contact potential members using information that is readily available on the internet. This is the legal basis for processing any member data as this is a service which we feel anybody we target will have a legitimate interest in receiving. We will actively opt-in all of the members when they register their interest with us, or via an online data capture form. We will provide a clear option to opt-out of email communications and we will have a data deletion and retention log to ensure that any opt-out contacts are not targeted again.

 

 

Cookies: 

We may use cookies and log files on our website to store information about how you use our website. A cookie is a piece of data stored on the user’s computer tied to information about the user.  This enables us to create a profile which details your viewing preferences. We use your profile to tailor your visit to our website, to make navigation easier and direct you to information that best corresponds to your interests and country. 

This information is not linked to personal profiles or to personally identifiable information provided by users.  We use it to analyse visitor trends and use of our website, administer the website and to gather broad demographic information of our website users. Our legal basis for using your information in this way is for our legitimate interest.

 

 

Data sharing:

 

We will never share any member, or customer data with any third party. We have information security measures relating to the processing and protection of any data we may use.

 

 

Information Security Policy 

1.0   Overview

1.1   All staff are aware of their information security responsibilities and will comply with the measures set out in the GDPR and within this policy.

1.2   All computers are password protected and have high level anti-virus security software.

1.3   Documentation exists to ensure the investigation and reporting of security breaches complies with the measures set out in the GDPR.

2.0 Scope

2.1 This policy relates to all members of staff at Horse Clinics and any action taken by HORSE CLINICS related to Information Security.

3.0 Access to a Computer

3.1 All users will be provided with secure, personal log in details and users are forbidden to share their account details with anyone inside or outside Horse Clinics.

3.2 All accounts of former employees will be disabled and deleted when an employee leaves Horse Clinics.

4.0 Email Policy

4.1 All Emails sent by Horse Clinics will use appropriate language and meet the requirements set out in the Data Retention Policy and the GDPR.

4.2 Any miss-use of company Email including non-work related emails, or Emails that don’t comply with the Data Retention Policy and the GDPR, will result in disciplinary action.

5.0 Password Policies

5.1 Passwords must conform to a standardised and encrypted form including upper and lower-case letters, a number and a symbol.

5.2 These Passwords must be changed monthly, within the standard form.

6.0 Remote Working

6.1 Due to the nature of the personal data handled by Horse Clinics these are important policies relating to remote working.

6.2 Any Staff Members who work remotely must ensure they do not process any data on an unsecured network, this can include hot desks, café’s or restaurants.

6.3 Any Staff Members not on Horse Clinics’s network must take appropriate provision to ensure they are logged in via VPN.

6.4 Any Staff Member working remotely has to ensure these steps are taken to ensure the security of this information.

7.0 Use of Internet

7.1 The Internet must only be used for the purposes of Horse Clinics.

7.2 If any staff member is found to be misusing the internet to view inappropriate material they will face disciplinary action.

7.3 Horse Clinics is able to view and monitor staff browsing history and cookies to ensure that this policy is followed.

8.0 Laptop

8.1 All Laptops are, and remain, property of Horse Clinics and therefore must be used in line with the related points set out in this policy.

8.2 No un-authorized software is allowed to be installed on any laptop without express consent of IT support.

8.3 Any damage/loss/theft must be reported to the Managing Director immediately.

8.4 Any action that results in damage/loss/theft of the Laptop’s is the responsibility of the user.

9.0 Storage Device

9.1 No portable/removable storage devices are to be used in Horse Clinics by any staff member to keep in line with the Data Retention and Destruction policy.

  1. Network

10.1 All Horse Clinics files are securely stored on the company network.

11.1 Confidential files are encrypted, password secured and stored on the company network.

  1. Software

11.1 All software used by Horse Clinics is installed by our IT Support.

  1. Starters and Leavers

12.1 It is Horse Clinics’s responsibility to ensure that all new staff members are informed of the contents of these documents and any GDPR related policy.

12.2 All new staff members will be informed of this policy and they will signify their acceptance by providing their signature as proof of compliance.

12.3 Any staff member leaving Horse Clinics will be removed from all related logs/policies/documents.

  1. Document Owner and Approval

The Managing Director is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.

A current version of this document is available to all members of staff on Horse Clinics intranet.

 

 

GDPR Training Policy

  1. Scope

This policy applies to Horse Clinics’s training and awareness programme where relevant to the GDPR, compliance with the GDPR, and other matters relating to data protection and privacy.

  1. Training Policy

2.1   D.P.O/ GDPR Manager assigns data protection responsibilities to Employees/Staff in relation to Horse Clinics’s policies and procedures on personal data management.

2.2   D.P.O/ GDPR Manager shall ensure that all Employees/Staff with day-to-day responsibilities involving personal data and processing operations, and those with permanent/regular access to personal data, demonstrate compliance with the GDPR.

2.3   D.P.O/ GDPR Manager ensures that these members of Employees/Staff are kept up to date and informed of any issues related to personal data.

2.4   D.P.O/ GDPR Manager maintains a list of relevant external bodies, the most important of which is the Information Commissioner’s Office. (ICO.org.uk)

2.5   D.P.O/ GDPR Manager ensures that all security requirements related to data protection are demonstrated and communicated to Employees/Staff to the same effect.

2.6   Employees/Staff are provided with specific training on processing personal data relevant to their individual day-today roles and responsibilities, and in accordance with Horse Clinics’s policies and procedures.

2.7   Employees/Staff are provided with specific training on any information security requirements and procedures applicable to data protection and the data processing with their individual day-to-day roles and responsibilities, including reporting personal data breaches.

2.8   Employees/Staff are provided with training on dealing with complaints relating to data protection and processing personal data.

2.9   The Staff Training Log can be accessed at the request of the data subject.

 

Document Owner and Approval

The Managing Director is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the review requirements stated above.

A current version of this document is available to all staff on Horse Clinics intranet and is

This policy was approved by the Managing Director on 01/07/2020.

 

Retention of Records – Data Retention and Destruction Policy 

  1. Scope

1.1 All Horse Clinics’s records, whether analogue or digital, are subject to the retention and destruction requirements of this procedure.

1.2 This policy enables Horse Clinics to meet the requirements of the GDPR and ensure that the rights of data subjects are maintained.

1.3 This policy relates solely to electronic data.

1.4 This document exists to ensure that data is retained and destroyed appropriately and in line the GDPR.

  1. Responsibilities

2.1 The following roles are responsible for retention of these records because they are the information asset owners.

2.2 Asset owners are responsible for ensuring that all personal data is collected, retained and destroyed in line with the requirements of the GDPR.

2.3 The Managing Director is responsible for retention of financial (accounting, tax) and related records.

2.4 The Managing Director is responsible for retention of all HR records.

2.5 The Managing Director is responsible for retention of all Health and Safety records.

2.6 The Managing Director is responsible for retention of all other statutory and regulatory records.

2.7 The Managing Director is responsible for storage of data in line with this procedure.

2.8 The Managing Director is responsible for ensuring that retained records are included in business continuity and disaster recovery plans.

  1. Procedure

3.1 The required retention periods, by record type, are recorded in (Retention and Destruction Log) under the following categories:

3.1.1 Record Type

3.1.2 Retention period

3.1.3 Retention period to start from

3.1.4 Retention justification

3.1.5 Record medium

3.1.6 Disposal method

3.2 Cryptographic keys, which are required for personal data records are retained.

3.3 For all storage media, Horse Clinics retains the means to access the data.

3.4 Portable/removeable storage media are destroyed in line with the GDPR.

3.5 Horse Clinics handles personal data of organisations employees which includes; Organisation name, Size, Organisation location, Prospect Name, Job Title, DOB, Email Address, Telephone number, TPS Screening result, Data Source, Company ID, Contact ID, Address ID, Primary Industry Sector, Secondary Industry Sector, Currency, Revenue, IT Staff, Number of PC’s.

3.5 Horse Clinics will retain information of all prospects/organisations/contacts and contents of the calling activity, in keeping with the Data Protection Act, for no longer than Six Years after the last point of contact.

3.6 Horse Clinics will not store data beyond the duration of any campaign undertaken, unless specifically stated in the retention log, after which it will be kept for the maximum of Six Years and then destroyed in accordance to the Data Protection Act and GDPR.

3.7 Horse Clinics will ensure that no personal data will be kept longer than is absolutely necessary.

3.8 Horse Clinics will ensure that no data will be held longer than stated in the Data Retention and Destruction Log.

3.9 Horse Clinics will ensure that all Data is destroyed in line with the GDPR.

3.9.1 All staff are responsible for ensuring that all Data is kept for only the allocated time within the Data Retention Log and that all Data is destroyed in line with this policy after the allocated time of retention.

3.9.2 All staff are responsible for ensuring that Data is destroyed in line with this policy and the GDPR and will destroyed using a digital document shredder.

3.9.3 Information related to the retention of records can be found in the Data Retention and Deletion Log, available on request from the data subject.

3.9.4 Information about the destruction can be found in the Data Retention and Destruction Log, available on request from the data subject.

3.9.5 All data will be stored securely.

3.9.6 All data will be accurate and complete.

3.9.7 No data will be archived except for data subjects who do not want to be contacted again.

3.9.8 Any data stored for this purpose will be anonymised.

 

Document Owner and Approval

The Managing Director is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.

A current version of this document is available to all members of staff on Horse Clinics’s intranet.  

 

 

Signed: Christine Cockerton                                        Date: 01/07/2020

Ernest Dillon

Ernest Dillon FBHS​