Privacy Policy (GDPR)

This is the longer version. The shorter overview can be seen at: https://minydon.com/gdpr-privacy-policy-overview/

Min y Don Christian Adventure Centre’s policy is to respect and protect the privacy of our website users, our guests and our staff. This Privacy Policy sets out what personal data Min y Don Christian Adventure Centre (“Min y Don”) may process, how it may be used, and how we protect any information that you give us. This policy has been updated to comply with the General Data Protection LawsWe take great care to protect the personal data of anyone who gives us their details, and especially those under 18.

What information we collect

In order to process your holiday booking, we collect details from you such as your:

  • Guests to Min y Don on a Family Holiday:
    • Name of parents and children, Address, Telephone Number, Email Address, Age, Medical Conditions.
  • Guests to Min y Don with a School:
    • School Name, Address, Postcode and Phone Number
    • Organiser Name, Email and Phone Number
    • Child’s Name, Date of Birth, Home Address, Telephone Number (On Parental Content Form)
    • Doctor’s Name, Address and Telephone Number, Allergies, Medication, NHS Medical Number (On Parental Content Form)
  • Guests to Min y Don with a Youth or Church Group:
    • Church/Organisation Name (and Youth Group Name), Email Address, Phone Number
    • Organisers Name, Email and Phone Number
    • Child’s Name, Date of Birth, Home Address, Telephone Number (On Parental Content Form)
    • Doctor’s Name, Address and Telephone Number, Allergies, Medication, NHS Medical Number (On Parental Content Form)

Once you have given us your details, it is securely stored (see below) for a maximum of 2 years after your visit, at which point it is destroyed. This is required by our insurers. If you choose not to provide any of the data we require, we may not be able to process your booking.

If you contact Min y Don through our Contact Page, we may collect details from you such as your First Name, Last Name, Phone number, Postal address, Email address and any other information you give us. When you browse minydon.com, we might also collect Usage Data. This helps us to improve the site by monitoring how you use it and respond to any feedback or communications you send us, if you’ve asked us to.

Staff and applicants are given a Privacy Policy relevant to them at the time of their application or employment.

What happens to your information?

At Min y Don, we’re always working to improve our website and services, and so may use this information to better understand your requirements. We may also store your information internally for record keeping, which is then destroyed when it is no longer necessary to keep it.

You have the right to request what data we have about you, and for that data to be deleted (“right to be forgotten”). If you ask us to delete data about you before the storage period is up, we may keep a record of your name and what holiday you were on, to satisfy our insurance obligations. This will be destroyed, along with the rest of that holiday’s data, once the period is up. There may be a small administrative charge if you request your data.

Where is your data stored?

Your data is stored securely on our local computer systems, web servers, as well as on various third party services we use as part of our IT System (e.g. email or file storage). As such, your information may be transferred to, stored, or processed in the United States where these companies and their servers are based. We are satisfied that all third party providers we use have either their own GDPR Compliant Policy in place, or participate in and have certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework.

We don’t share your information with any other organisations for marketing, market research or commercial purposes. Payment transactions are always encrypted and your payment details are never stored on our servers.

Paperwork with your personally identifiable information on it is stored securely onsite at Min y Don. The only people who have access to this data are those who need to process your booking, and those responsible with keeping you safe whilst at Min y Don.

Data Breach Policy

Every care is taken to protect your personal data and to avoid, either accidentally or deliberately, a data protection breach. Min y Don is obliged under the General Data Protection Regulation Directive to have in place a framework designed to ensure the security of all personal data during its lifecycle, including clear lines of responsibility. Any individual who accesses, uses or manages data is responsible for reporting data breaches immediately. If the breach occurs or is discovered outside normal working hours, it must be reported as soon as is practicable.

In the event of a breach, an investigation will be undertaken immediately. The investigation will need to take into account the following:

  • the type of data involved
  • its sensitivity
  • the protections in place (e.g. encryptions)
  • what’s happened to the data (has it been lost or stolen)
  • who the individuals are, the number of individuals involved and the potential effects on the data subject(s)
  • whether there are wider consequences to the breach

The Min y Don Centre Managers will then determine who needs to be notified of the breach. Any incidents will be assessed on a case by case basis; however, the following will need to be considered:

  • whether there are any legal/contractual notification requirements
  • whether notification would assist the individual affected – could they act on the information to mitigate risks?
  • whether notification would help prevent the unauthorised or unlawful use of personal data
  • whether the Information Commissioner’s Office (ICO) should be notified. The ICO will only be notified if personal data is involved. Guidance on when and how to notify ICO is available from their website at: https://ico.org.uk/media/1536/breach_reporting.pdf
  • the dangers of over notifying. Not every incident warrants notification and over notification may cause disproportionate enquiries and work.

Notification to the individuals whose personal data has been affected by the incident will include a description of how and when the breach occurred and the data involved. Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks.

Once the initial incident is contained, Min y Don will carry out a full review of the causes of the breach; the effectiveness of the response and whether any changes to systems, policies and procedures should be undertaken. Existing controls will be reviewed to determine their adequacy, and whether any corrective action should be taken to minimise the risk of similar incidents occurring. If deemed necessary a report recommending any changes to systems, policies and procedures will be considered.

Links to other websites

minydon.com does contain links to and from other websites. This privacy policy only applies to this website, and cannot cover other websites that we link to. It’s important to know that if you go to another website from this one, you read the privacy policy on that website to find out what it does with your information.

This privacy policy was updated: Feb 2023