Privacy Policy

Privacy Policy of Hillandale Caravan Parks and Hillandale Caravan Finance Ltd.

Introduction

This Policy sets out the basis on which we as a Data Controller shall use any personal information we receive from you, whether through the website or otherwise, when you interact with us.

Your data will be controlled by the entity of Hillandale Caravan Parks and Hillandale Caravan Finance Ltd which you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data.

This Notice applies to Hillandale Caravan Parks and Hillandale Caravan Finance Ltd and hereafter we will refer to them as Hillandale in this document.

We reserve the right to change this Policy from time to time and in such cases, a revised Policy will be posted on our website. Please check back frequently to see any updates or changes to our Notice.

Questions, comments and requests regarding this Privacy Policy should be addressed to [email protected] for the attention of the Hillandale’s Data Protection Officer (DPO). Alternatively, please phone us on 01299 822024 and ask to speak to Hillandale’s DPO or write to Hillandale’s DPO at Hillandale Caravan Parks, Lincomb Lock, Titton, Stourport-on-Severn, Worcestershire DY13 9QR.

Whose data do we hold?

The people for whom we may hold data about include:

• Customers and prospective customers
• Suppliers
• Employees and prospective employees.

Please note this list is not exhaustive.

What data will we collect?

We will only collect information from you that is relevant to the matter or issue that we are dealing with. In particular, we may collect and record the following information from you which is defined as ‘personal data’:
 

• Contact details – name, address, telephone number, email address, etc. 
• Details of a specific enquiry or complaint
• Details of financial transactions made with the company.

Please note this list is not exhaustive.

If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to [email protected]
We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

If you fail to provide personal data

Where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to stop acting/cancel your instructions to us but we will notify you if this is the case at the time.

Basis for processing

The basis on which we process your personal data is one or more of the following:

• It is necessary for the performance of our contract with you
• It is necessary for us to comply with a legal obligation
• It is in our legitimate interests to do so
• You have given us your consent (this can be withdrawn at any time by emailing [email protected]).

How will we use your data?

We may use your information for the following purposes:

• Maintaining accounts and records
• Promotion of our services
• In anyway necessary for the performance of our contract with you.

Please note this list is not exhaustive.

Marketing

We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services may be relevant for you.

You will receive marketing communications from us if you have requested information from us or ‘opted in’ to receiving further information regarding the services we provide.

Third-party marketing

We do not provide your personal data to third parties for marketing purposes.

Opting out of marketing

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing [email protected]

Where you opt out of receiving these marketing messages, this will not apply to communications necessary for the performance of our contract with you.

Right to withdraw consent

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms.

Who will we share your information with?

Hillandale will not share your personal data with any third parties, unless there is a legal obligation. For example a statutory requirement or a court order..

However, where you authorise us in writing via email or by letter then we may also disclose your information to the likes of your family who you ask us to share your data with.

We may also share your personal data if Hillandale’s corporate structure changes in future (for example, selling/buying a part or all of our business).

How long will we keep your information for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Hillandale to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Security arrangements

Using appropriate technical and organisational measures, we shall ensure that all the information you provide to us is kept secure.

In the event of a personal data breach, we have in place procedures to seek to ensure that the effects of such a breach are minimised and as appropriate we shall liaise with The Information Commissioner and youself.

Any transmission of personal data from you to us before it reaches us is at your own risk.
This reflects the fact that the transmission of information via the internet is not completely secure.

What rights do you have?

You have various rights with respect to our use of your personal data:

Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact the Hillandale head office. There will be no charge to you for the first access request, however if further requests are made then a reasonable admin fee will be charged to you.  

Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.

Erasure: You have the right to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed. We will deal with your request free of charge but we reserve the right to refuse to erase information that we are required to retain by law or that is necessary for the performance of our contract with you.

Complaint: You have the right to complain about the processing of your personal information. Please contact us using the details supplied above. If you are still dissatisfied you have the right to complain to The Information Commissioner (www.ico.org.uk) at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, telephone 0303 123 1113.

You may, at any time, ask for the exercise of any of the above rights, by contacting us together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs). We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority - FCA Firm Reference Number: 742313
• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority - FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

• Creditsafe Privacy / Transparency Notice: Transparency Notice | Customers & Suppliers
• TransUnion CRAIN (Credit Reference Agency Information Notice): https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

1. The source of personal data (if not obtained directly from the data subject). 

We may collect personal data about you from: 

• you directly 
• employers/clients when you apply for a role or are considered for an opportunity. 
• referees (where relevant and permitted) 
• publicly available sources (for example professional networking sites, business websites, and public records) 
• credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks. 
• third party service providers used to support recruitment, screening, and compliance processes. 

2. Details of any international data transfers outside the UK/EU and the safeguards in place. 

We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA). 

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection. 

3. Details of any automated decision-making or profiling, including meaningful information about the logic involved and potential consequences for the data subject. Wording for privacy policy below based on which method is used. 

Based on this if they do NOT use Automated Decision Making: 

Non-Automated Decision Making and Profiling Making and Profiling 

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management. 

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review. 

The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement. 

Based on this if they DO use Automated Decision Making 

Automated Decision Making and Profiling Making and Profiling 

In some circumstances, we may conduct automated decision making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. Making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. 

Where automated decision making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service. Making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service. 

Individuals have the right to request human intervention, to express their point of view, and to challenge decisions made solely by automated means. Further information about automated decision making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy. Making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy 

Cookies

In order to facilitate use of this website, we use ‘cookies’, such as Google Analytics. A cookie is a small text file sent by our server to a user’s web browser which enables the server to collect information from the browser. This helps us to monitor the use of the website and users’ browsing patterns, to build up a demographic profile and to review, improve and customise the website’s content and layout (on the basis of data which is totally anonymous and cannot be linked to an individual user).