Privacy Policy

Who We Are

https://horncastlerbl.co.uk is an official Branch of the Royal British Legion

Who We Share Your Data With

We do not sell our users’ private personal information.

We use third-party services (data processors) across our site. We list the specific third-parties in use (with links to their privacy policies) in the sections below.

We disclose potentially personally-identifying and personally-identifying information only to our employees and contractors that (i) need to know that information in order to process it on our behalf or to provide services, and (ii) that have agreed, in writing, not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using our websites and services, you consent to the transfer of such information to them. We will not rent or sell potentially personally-identifying and personally-identifying information to anyone.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.

Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies across our site to help identify and track visitors, their usage of our services, and their website access preferences. We describe the specific cookies used in the sections below. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our websites, with the drawback that certain features may not function properly without the aid of cookies.

Email/Contact Forms

We use Google/G Suite to process all internal email and communication with our customers. Google’s privacy policy is available here: https://policies.google.com/privacy.

Customers that email us, or use any of the contact forms on our websites, will have their email address, IP address, and any data provided in the contact form or body of the email stored in G Suite archives.

Analytics

We use Google Analytics for tracking visitors and aggregating information about the traffic to our websites. The Google Analytics privacy policy can be found here: https://policies.google.com/privacy. You can learn more about how to opt-out of tracking in Google Analytics here: https://tools.google.com/dlpage/gaoptout/.

We’ve turned on the IP Anonymization feature in Google Analytics. You can learn more about this here: https://support.google.com/analytics/answer/2763052?hl=en

Web Services

All web servers and hosting are managed by Smarthosting. This includes website hosting, backups, web databse, file storage, APIs, and log files. Smarthosting’s privacy policy can be found here: https://www.bestwebhosting.co.uk/privacy.php

What Rights You Have Over Your Data

You can request deletion of all data we hold about you by emailing us using the contact form.

How We Protect Your Data

The security and reliability of our service is our number one priority.

See https://wordpress.org/about/security for details on the security of the WordPress core itself.

Prevention is best when it comes to security, and as a first step, we follow all WordPress Code Standards in the plugins that we build and use.

All staff only have access to systems that are directly required to complete the functions of their job.

All staff (including any contractors) undergo initial training to ensure proper understanding of all security-related processes.

What Data Breach Procedures We Have In Place

Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our clients/customers via email no later than 48 hours of our team becoming aware of the event. We will also report such incident to any required data protection authority. We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.