Under the Animal Welfare Act, Audley Lodge Kennels is required to hold certain personal data on our customers in order to care for or groom their pets and liaise with their vet and local authority inspectors. Under the GDPR (General Data Protection Regulations) we are required to take care of such data to keep it safe.
E-mails, Forms, Face to Face - Verbally, Website, Phone, Post, Social Media.
We keep good and up to date antiviral protection to ensure customers emails are not hacked or otherwise maliciously affected, using multiple layers and providers, and checking recipient address is correct before sending any communication to a client.
Computer for main database, e-mails & social media + Forms for providing information. Computer systems are protected by use of computer with inbuilt security software. Software updates are performed regularly. Unused software is removed, rather than updated. Forms are kept in locked storage.
Our computer database system is accessed by the owners & staff + groomer for the purpose of accessing grooming details and contact details where a client is requiring a grooming service.
Passwords are strong and changed regularly, not written and stored in easily accessed places.
We retain the minimum necessary of customer and staff details on our database.
The database is only accessible by password by individual trained, authorised staff & on site groomer.
Out of hours the computer is kept in a securely locked & manned building.
Backup devices which are regularly used (daily backups) are stored separately and securely. Files will not be stored in cloud storage. Archived data will be stored separately in a locked area.
Staff & any outside groomers will be trained to respect and care for customer data according to GDPR. They are trained to recognise threats by phishing emails, social media leaks and miss posting as well as noting & implementing updates and securing machine safety. Reading of news updates will facilitate awareness of scams in vogue. They are also shown the correct filing process and security for paper forms containing personal information.
Acceptable use policy
We only use customer information as required for the job in handling of pet care & grooming, checking we correctly address all outgoing communications. Customer communication will only be related to any proposed, existing or past bookings or service updates.
No customer information is shared with any third party other than the on- site groomer (unless required by law).
No customer information is used for any marketing activity (other than service updates). Any data on machines that are to be disposed of is securely wiped before disposal.
Any paper records that need to be disposed of will be burnt.
Security software messages are checked on a regular basis. We also act on any alerts that are issued by these monitoring services. We check that any software or services that are running on our network are up to date and we subscribe with our main software provider to ensure the most up to date security is used.
We run vulnerability scans and penetration tests to scan our systems for known vulnerabilities – and make sure we address any vulnerabilities identified.
Where we do use Social media, we may post dogs at play and no personal details are posted. Some communication may be on messenger but this is done privately. We post images of pets only with owners’ permissions. The same applies to website posting.
We ask permission to hold customer’s data, giving lawful need as the primary requirement, with contact as secondary need and consent needed for continuing to capture data after more than 3 years after the boarding period is over. Erasure happens by deletion after 20 years from last date of boarding. Annual record reviews are made to ensure only necessary records are retained.
We inform customers and staff of GDPR requirements separately from our terms and conditions and contract.
We specify why we need the data and what we will do with it.
We use clear language to explain why we need personal data.
We tell individuals they can withdraw their consent after the legal storage period is over (currently 3 years).
We make it possible for individuals to access their data and rectify errors or omissions.
We make it possible for people to have records removed once the legal period is over on request with no fuss or penalty.
We check any request for customer information is legitimate and respond within 1 calendar month.
We keep records of what those customers were told at that time by file kept in correspondence folder.
We regularly review the GDPR process and basis for retaining personal data along with updating security features. If any 3rd party (other than the on-site groomer) controllers will use this data the customers will be so informed.
We specify the periods which data is stored for (minimum 3 years post date of stay, maximum 12 years from last stay).
We specify which governing body deals with complaints as being www.ico.org.uk
Information on restricting data can be found at: ico.org.uk/for-organisations/guide-to-thegeneral-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/
If data is breached: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-gdpr/personal-data-breaches/ Report to ICO within 72 hours and to persons affected if this breach is likely to affect their rights and freedoms. Detail of any data breaches to be stored with this document in correspondence folder.
We give the consequence of customers withholding data as: Not having the legally required information to comply with the licensing laws required to board or groom the customers pet. Data protection information is available on our website, provided at the time that personal data is provided, therefore orally, if a phone booking is made and otherwise as a form. If oral consent is required we will explain the following:
Under the Animal Welfare Act we are required by law to keep certain personal information.
Your information will only be used for the job of boarding or grooming your pet or providing service updates.
You can withdraw your consent at any time prior to boarding.
You can request access to your data at any time.
You can request to have your data removed only after 3 years after your last boarding.
We will store your data for a maximum of 12 years after your last groom or boarding.
Oral consent event details are recorded on the booking form.
If client is not happy to proceed then no details will be taken or stored. The personal data storage consent form will also need to be signed prior to the clients first day of boarding.
The data controller is: Andrew Langley, Audley Lodge Boarding Kennels, Old Barn, Moat Lane, Audley, Stoke-On-Trent. ST7 8HS.