Our Privacy Policy is designed to ensure compliance with GDPR regulations.

We are a retreat centre owned by the Society of the Sacred Heart, England and Wales - a Catholic institution, with communities throughout England and Wales.

What information we gather

We may gather certain information, either personal or anonymous, based on your activities or data submitted while browsing our website, in the following formats.

Form information

If you contact us, register as a guest or submit a booking then we collect any personal data submitted by you.

Cookie information

We collect cookies, both directly and through trusted third-parties, in order to improve the performance and user experience on our website. Please see our Cookie Policy for more information on usage and to manage your cookie settings.

Links

We may provide links to third-party websites, such as those of other parts of the Catholic Church. While on these sites, these parties may collect information about you. Because we do not control the information policies or practices of these third parties, you should review their privacy policies to learn more about how they collect and use personally identifiable information.

How we use your information

We may use your personal information when we have a valid reason to do so. This includes:

1. Deliver subscriber services (ie. mailing list blast);
2. Process and respond to a directly submitted enquiry or request;
3. Personalize services in order to provide a better user experience;
4. Improve your website experience.

You have the right to request that we cease to use or store your information. See Accessing your data for more information.

How we protect your information

We take the greatest care in the security of your submitted information. Our website uses up-to-date Secure Socket Layers (SSL) encryption in order to protect the transmission of your data upon submission to our servers.

Where your information is stored

Depending on the type of information you have submitted, your data will either be stored securely in a database on our server; or in the database of our trusted third-party partners, if data was directly submitted by you for a particular purpose on our website. These third-party partners include:

1. Mailchimp - to provide you with electronic newsletters .

Information stored by these third-parties are protected by and subject to their privacy policy. You can find their policies at the links below: Mailchimp

International Transfers

Due to the multinational locations of our servers, as well as our third-party partners, any information which you consented to providing may be transferred to a location outside of the country or region you are located in. Data will only be transferred to either:

1. Our servers;
2. Trusted third-party partners, as indicated in the above section, which we determine to have adequate transparency and security parameters in place for the protection, storage and accessibility of your data.

Data breach prevention

Our servers and website infrastructure are kept up to date and secured by a Wireless Application Firewall (WAF) to protect against a data breach via a third party attack. In the unlikely event of a breach where your stored data is, or may have been compromised, we will inform you within 24 hours after becoming aware of the data breach, and provide you with our action(s) taken in order to protect your data moving forward. Note that due to a multitude of different vulnerabilities which are present during the submission of data and are outside of our control (local computer viruses, unsecured/compromised internet connections, etc.), we cannot guarantee and are not responsible for compromised data which occurs during the submission of data and as the result of such factors outside of our control. However, once the data has been submitted and is stored in our infrastructure, we ensure that the data is responsibly held and secured.

Data Controller & Data Protection Officer

The data controller is the organization/entity responsible for the protection of information on and submitted to this website. The data controller is the Society of Sacred Heart, England and Wales.  Complaints, concerns or requests will be fielded by the Data Protection Officer who can be reached by logging in from our Booking menu and completing the Message form.

How long we store your data for

Personally information submitted directly on our website through a form is stored indefinitely, or until manual deletion is requested.

Accessing your data

If you have submitted data on our site, you have the right to access, change or request erasion of this data at any time. Please log in from our Booking menu and complete the Message form to request a file of your submitted personal data. You can also request that we erase any personal data we hold about you by by logging in from our Booking menu and completing the Message form.

Our Cookie Policy

We use cookies to personalise content. In order to see the cookies we use, or to change your cookie settings, view our Cookie Policy.

Changing your cookie settings

You can adjust your cookie settings or withdraw your consent on our Cookie Policy page.

Changes to this Policy

Any changes to this Policy will be posted directly on this page. We will also inform you when we make these changes, and what changes were made below.

Previous changes to this policy

December 28, 2019: Implemented Privacy Policy, addressed and added information for GDPR compliance.