Who we are
Our website address is: https://crankshaftbrewery.co.uk.
What personal data we collect and why we collect it
Any images on this website are owned by Crankshaft Brewery Ltd and cannot be re-produced without the brewery’s permission.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
We share information with third parties who help us provide our orders and store services to you.
We currently use Woocommerce to process our payments. Please see below statement regarding Woocommerce.
The website is built using Word Press and by default WordPress does not share any personal data with anyone.
We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter’s IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).
By using this extension, you may be storing personal data or sharing data with an external service.
How long we retain your data
When placing an order you will be asked for address, email & a telephone number. This is for the purpose of allowing us to post the order to you and meet the requirements of the UK tax authority regarding declarations for sales.
We do not ask customers to create an account however there is an option box which will allow customers to opt whether you would us to contact you in the future. We will retain your details for this use.
In the order process there is a box for comments for delivery. If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
As we do not ask for customers to open an account or leave comments. However you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
By default WordPress does not share any personal data with anyone.
Your contact information
IIf you have privacy related concerns then please contact Crankshaft Brewery Ltd at firstname.lastname@example.org
How we protect your data
All our staff are GDPR trained and our websites are protected with anti virus and anti spam measures.
What data breach procedures we have in place
Any data breaches will automatically be dealt with by us and we will notify all those who have contacted us via the Woocommerce shop. We will then advise the customer what further actions will be taken.
What third parties we receive data from
We collect information about you during the checkout process on our store.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
In this subsection you should list which third party payment processors you’re using to take payments on your store since these may handle customer data. We’ve included PayPal as an example, but you should remove this if you’re not using PayPal.
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
- Crankshaft Brewery Ltd known as the Brewery in this document has in place a CCTV surveillance system “the CCTV system” operational at the Brewery and Tap bar inside and outside. This policy details the purpose, use and management of the CCTV system at Crankshaft Brewery Ltd and details the procedures to be followed in order to ensure that the Brewery complies with relevant legislation and the current Information Commissioner’s Office CCTV Code of Practice.
- 1.2 The Brewery will have due regard to the Data Protection Act 2018, the General Data Protection Regulation (GDPR) and any subsequent data protection legislation, and to the Freedom of Information Act 2000, the Protection of Freedoms Act 2012 and the Human Rights Act 1998. Although not a relevant authority, the Brewery will also have due regard to the Surveillance Camera Code of Practice, issued under the Protection of Freedoms Act 2012 and in particular the 12 guiding principles contained therein.
- 1.3 This policy is based upon guidance issued by the Information Commissioner’s Office, ‘In the picture: A data protection code of practice for surveillance cameras.
1.4 This policy and the procedures therein detailed, applies to all of the Brewery’s CCTV systems and any other system capturing images of identifiable individuals for the purpose of viewing and or recording the activities of such individuals. CCTV images are monitored and recorded in strict accordance with this policy.
2. CCTV System overview
- 2.1 The CCTV system is owned by the Crankshaft Brewery Ltd units 17E & 17F Boxer Place Leyland PR26 7QL and managed by the Brewery. Under current data protection legislation the Brewery is the ‘data controller’ for the images produced by the CCTV system. The Crankshaft Brewery Ltd is registered with the Information Commissioner’s Office and the registration number is ZA664871. The CCTV system operates to meet the requirements of the Data Protection Act and the Information Commissioner’s guidance.
- 2.2 The directors are responsible for the overall management and operation of the CCTV system, including activities relating to installations, recording, reviewing, monitoring and ensuring compliance with this policy.
- 2.4 Signs are placed at all pedestrian entrances in order to inform visitors and members of the public that CCTV is in operation.
- 2.5 The Directors are responsible for ensuring that adequate signage is erected in compliance with the ICO CCTV Code of Practice.
- 2.6 Cameras are sited to ensure that they cover Brewery premises as far as is possible. Cameras are installed throughout the Brewery including roadways, car parks, buildings and licensed premises,
- 2.7 Cameras are not sited to focus on commercial areas and public areas.
- 2.8 The CCTV system is operational and is capable of being monitored for 24 hours a day, every day of the year.
- 2.9 The CCTV system is subject to a Data Protection Impact Assessment.Any proposed new CCTV installation is subject to a Data Protection Impact Assessment. Any new CCTV Camera installation is subject to a privacy assessment.
- 2.10 Further information regarding the number and location of CCTV cameras is can be requested from Crankshaft Brewery Ltd
- Purposes of the CCTV system
- 3.1 The principal purposes of the Brewery CCTV system are as follows:
- – for the prevention, reduction, detection and investigation of crime and otherincidents;
- – to ensure the safety of visitors and staff;
- – to assist in the investigation of suspected breaches of Brewery regulations bystaff or visitors; and
- 3.2 The CCTV system will be used to observe the Brewery areas under surveillance in order to identify incidents requiring a response. Any response should be proportionate to the incident being witnessed.
- 3.3 The Brewery seeks to operate its CCTV system in a manner that is consistent with respect for the individual’s privacy.
4. Monitoring and Recording
4.1 Images are recorded centrally on servers located securely at the Brewery and are monitored by the Brewery.
4.2 The cameras installed provide images that are of suitable quality for the specified purposes for which they are installed and all cameras are checked daily to ensure that the images remain fit for purpose and that the date and time stamp recorded on the images is accurate.
4.3 All images recorded by the CCTV System remain the property and copyright of the Brewery
4.4 The monitoring of staff activities will be carried out in accordance with Part 3 of the Employment Practices Code.2
4.7 The use of covert cameras will be restricted to rare occasions, when a series of criminal acts have taken place within a particular area that is not otherwise fitted with CCTV. A request for the use of covert cameras will clearly state the purpose and reasons for use and the authority of the Directors will be sought before the installation of any covert cameras. The Directors should be satisfied that all other physical methods of prevention have been exhausted prior to the use of covert recording.
4.8 Covert recording will only take place if informing the individual(s) concerned would seriously prejudice the reason for making the recording and where there is reasonable grounds to suspect that illegal or unauthorised activity is taking place. All such monitoring will be fully documented and will only take place for a limited and reasonable period.
5. Compliance with Data Protection Legislation
5.1 In its administration of its CCTV system, the Brewery complies with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Due regard is given to the data protection principles embodied in GDPR. These principles require that personal data shall be:
- a) processed lawfully,fairly and in a transparent manner;
- b) collected for specified,explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- d) accurate and,where necessary, kept upto date;
- e) kept in a form which permits identification of the data subjects for no longerthan is necessary for the purposes for which the personal data are processed;
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, usinga ppropriate technical or organizational measures.
The Brewery ensures it is responsible for, and able to demonstrate compliance with GDPR
6. Applications for disclosure of images
Applications by individual data subjects
- 6.1 Requests by individual data subjects for images relating to themselves “Subject Access Request” should be submitted in writing to the Brewery together with proof of identification.
- 6.2 In order to locate the images on the Brewery’s system, sufficient detail must be provided by the data subject in order to allow the relevant images to be located and the data subject to be identified.
- 6.3 Where the Brewery is unable to comply with a Subject Access Request without disclosing the personal data of another individual who is identified or identifiable from that information, it is not obliged to comply with the request unless satisfied that the individual has provided their express consent to the disclosure, or if it is reasonable, having regard to the circumstances, to comply without the consent of the individual.
- Access to and disclosure of images to third parties
- 6.4 A request for images made by a third party should be made in writing to the the Brewery.
- 6.5 In limited circumstances it may be appropriate to disclose images to a third party, such as when a disclosure is required by law, in relation to the prevention or detection of crime or in other circumstances where an exemption applies under relevant legislation.
- 6.6 Such disclosures will be made at the discretion of the Directors, with reference to relevant legislation and where necessary.
- 6.9 A record of any disclosure made under this policy will be held on the CCTV management system, itemising the date, time, camera, requestor, authoriser and reason for the disclosure.
- 7. Retention of images
- 7.1 Unless required for evidential purposes, the investigation of an offence or as required by law, CCTV images will be retained for no longer than 30 days from the date of recording. Images will be automatically overwritten after this point.
- 7.2 Where an image is required to be held in excess of the retention period referred to in 7.1, the Directors, will be responsible for authorising such a request.
- 7.4 Access to retained CCTV images is restricted to the Directors and other persons as required and as authorised by the Directors.
- 8.1 Complaints concerning the Brewery’s use of its CCTV system or the disclosure of CCTV images should be made in writing to the Directors at: email@example.com.
The Brewery’s usage of CCTV and the content of this policy shall be reviewed annually by the Directors with reference to the relevant legislation or guidance in effect at the time. Further reviews will take place as required.