This website does not collect any data that identifies you personally without your knowledge.
However, the site may use cookies to collect anonymised information about how you browse this site, unless you opt out using a browser extension or change the settings on your device.
The site also contains links to and from other websites. Usually, you will see a difference in the look of the web pages, flagging that you have gone into another website but if you are unsure, you can check the web address. All the pages within this site start with www.helenwalton.gg, https://helenwalton.gg or helenwalton.gg. Other websites will have a different privacy policy, so if you go to another website from this one, make sure you read the privacy policy on that website to find out what it does with your information.
You can use the forms within this site to securely send information, including personal data, to Helen.
Helen will process any personal data collected by her via these forms or any other means in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017 (‘the Law’), which provides for your rights as a Data Subject, as described in the Fair Processing Notice below.
Helen, trading as Helen Walton, Saddle Fitting & Horsewear Repairs, undertakes activities which involve the processing of personal data. Helen is the controller for any personal data processed for:
The controller acknowledges her obligations as per the Law, which has a number of requirements in terms of processing activities involving personal data. The controller further acknowledges the general principles of processing as well as the rights of a data subject in the Bailiwick of Guernsey. More information in relation to these can be found by visiting www.gov.gg/DP.
Lawfulness, fairness and transparency
Personal data must be processed lawfully, fairly and in a transparent manner. This section summarises the personal data that is collected and how it is processed in relation to each of the activities noted above:
Helen processes this personal data in accordance with sections 1 and 4 of Schedule 2 of the Law, which state: “The data subject has requested or given consent to the processing of the personal data for the purpose for which it is processed.” And, “The processing is necessary for the purposes of the legitimate interests of the controller”.
Purpose limitation
Personal data must not be collected except for a specific, explicit and legitimate purpose and, once collected, must not be further processed in a manner incompatible with the purpose for which it was collected. The controller acknowledges her responsibility with regards to this data protection principle and therefore the controller maintains that she will not further process that personal data in a way which is incompatible to its original reason for processing as specified above, unless the controller is required to do so by law. The personal data will not be transferred to a recipient in an authorised or an unauthorised jurisdiction (as per the definition within the Law).
Purpose limitation
Personal data must not be collected except for a specific, explicit and legitimate purpose and, once collected, must not be further processed in a manner incompatible with the purpose for which it was collected. The controller acknowledges her responsibility with regards to this data protection principle and therefore the controller maintains that she will not further process that personal data in a way which is incompatible to its original reason for processing as specified above, unless the controller is required to do so by law. The personal data will not be transferred to a recipient in an authorised or an unauthorised jurisdiction (as per the definition within the Law).
Minimisation
Personal data processed must be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed. The controller maintains that she will only process the personal data which is detailed above, and will not process any further personal data that is not necessary in relation to the original reason for processing personal data as specified above, unless the controller is required to do so by law.
Accuracy
Personal data processed must be accurate, kept up-to-date (where applicable) and reasonable steps must be taken to ensure that personal data that is inaccurate is erased or corrected without delay. The controller will ensure that all personal data that she holds is accurate and kept up-to-date, and any personal data that is inaccurate will be erased or corrected without delay.
Storage limitation
Personal data must not be kept in a form that permits identification of a data subject for any longer than is necessary for the purpose for which it is processed.
The personal data described above will be held for 5 years after the data subject’s last interaction with the controller.
Integrity and confidentiality
Personal data must be processed in a manner that ensures its appropriate security, including protecting it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Paper records are stored in a locked container, for which only the controller has a key.
Digital records are similarly only accessible to the controller via devices to which only she has access (via physical access restrictions or device security). These records are backed up monthly.
Accountability
The controller is responsible for, and must be able to demonstrate, compliance with the data protection principles.
The contact details of the controller are as follows: