data protection policy
Under the Animal Welfare Act, Elmtree Cattery is required to hold certain personal data on our customers in order to care for their pets and liaise with their vet and local authority inspectors. Under the GDPR we are required to take care of such data to keep it safe.
Data sources: emails, record forms/contract, emergency phone numbers and postal addresses
- Email details: we will keep good and up to date antiviral protection to ensure customers emails are not hacked or otherwise maliciously affected.
- Information Forms/Contract: we will retain the minimum necessary customer and staff details on file in the Office which will be securely locked when not in supervised use. Only trained authorised staff will have access to these forms. We do not have a Database which stores personal information and have no intention to introduce any such system.
- Staff will be trained to respect and care for customer data according to GDPR. Our acceptable-use policy is we only use customer information as required for the job in hand of pet care.
- Security software messages must be checked on a regular basis, plus control logs and other reporting systems that we have in place. We must also act on any alerts that are issued by these monitoring services.
- We run regular vulnerability scans and make sure we address any vulnerabilities identified.
- We will not post images of pets on Social Media (FB) without owners’ permission and only when they have returned home. This also applies to any postings to our website.
- Data use: we ask permission to hold customer’s data, giving Lawful Need as primary requirement, with Contract as secondary need and Consent needed for continuing to capture data after more than 2 years after the boarding period is over. Forms will be shredded after 2 years from last date of boarding. Annual record reviews are made to ensure only necessary records are retained.
- We inform customers and staff of GDPR requirements separately from our terms and conditions and contract.
- We specify why we need the data and what we will do with it
- We use clear language to explain why we need personal data
- We tell individuals they can withdraw their consent after the legal storage period is over (currently 2 years)
- We make it possible for individuals to access their data and rectify errors or omissions
- We make it possible for people to have records removed once the legal period is over on request with no fuss or penalty
- We will check any requests for customer information is legitimate and respond within 1 calendar month
- We keep records of what those customers were told at that time by file kept in correspondence folder
- We regularly review the GDPR process and basis for retaining personal data along with updating security features
- If any 3rd party controllers will use this data the customers must be so informed
- We specify the periods which data is stored for (min 2 years post date of stay, maximum 6 years from last stay)
- We specify which governing body deals with complaints as being www.ico.org.uk
- Information on restricting data can be found at: httsp://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulations-gdrp/individual-righrs/right-to-restrict-processing/
- If data is breached: httsp://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulations-gdrp/personal-data-breaches/ Report to ico within 72 hours and to persons affected if this breach is likely to affect their rights and freedoms. Details of any data breaches to be stored with this document in correspondence folder
- We give the consequence of withholding data as us not being able to board their pet.
- Data protection information is provided at the time that personal data is provided on completion of form/contract.
- The data controller is : Myrtle White, Elmtree Cattery, Frocester, Nr Stonehouse, Glos GL10 3TG