THE LEGAL STUFF

Our Policy

General Terms and Conditions

Big Cat Coma is an independent partner of Hawthorn LeisureAdmiral Taverns and Red Oak Taverns. Our registered company number is 10758227. By using this web site you automatically accept our terms and conditions related to this site and your rights to access and use information on it.

We try to ensure that the information given on this site is updated regularly but cannot guarantee that it is accurate or up-to-date all of the time. The images we use on our pages are for illustrative purposes. If an image causes offence in any way please Contact Us as soon as you can and tell us about it.

 

Contact Us

If you would like to ask a question or give us feedback please contact us directly at the email addresses given below. We will try and respond within 2 days of receipt of your email.

 

Contact us about your experience in The Bear/Five Bells - Stuart Turtill: stuartturtill@gmail.com

Contact us about your experience in The Barley Mow/The Plough - Katee Turtill: kturtill@gmail.com

Contact us with general questions about Big Cat Coma - Stuart Turtill: stuartturtill@gmail.com or Katee Turtill: kturtill@gmail.com

 

Access to Site

 

We reserve the right to withdraw or amend the service we provide on this site without notice. There will be periods when the site is down maintenance or for updating. Notices explaining this will be posted at those times. We will not be liable if the site is unavailable for any other reason, at any time, for any length of time.

Part of the site has restricted access and is for Users who have registered with us and/or have joined our pub communities.

If the site is misused, for example, where viruses, trojans, worms or other such material is knowingly introduced and is malicious or technologically harmful, it will be immediately taken down for all of our protections. Unauthorised access and/or viewing may be an infringement of copyright and/or other intellectual property rights of Big Cat Coma and/or our Partners and may result in civil/criminal liability.

 

About External Links

We offer links to other websites for your information only. We have no control over the content of those sites and accept no responsibility for them, or for any loss or damage that may arise from your use of them.

 

Privacy Policy

We, and our Partners, take privacy online seriously. We treat any user information submitted through this site as privileged and do not share with third parties. Our privacy policy is coming soon.

Data Protection Policy and GDPR Statement

We are committed to the principles built into the GDPR and particularly to the concepts of privacy by
design, the right to be forgotten, consent, and a risk-based approach. In addition, we aim to ensure:

  • Transparency with regard to the use of data.

  • That any processing is lawful, fair, transparent and necessary for a specific purpose.

  • That data is accurate, kept up to date and removed when no longer necessary.

  • That data is kept safely and securely.

Data Protection

The Big Cat Coma Group of companies comprising, Big Cat Coma Ltd, Big Cat Food Ltd, Turtills Pub
Co Ltd and the Cople Pub Company Limited (‘the Group’), respects the privacy of all individuals and
takes very seriously its responsibilities under the Data Protection Act 1998 (“DPA”).


This policy is designed to ensure that all information held on individuals is properly handled in all
cases. The DPA requires that the “personal data” of living individuals that is kept by the Group on
computers or in paper files must be “processed” in accordance with eight principles (which are
described in Table A).


Personal data is defined very widely and is any data from which a living individual can be identified
either from the information alone, or with other information which is in (or likely to come into) the
possession of ‘the Group’.


Examples of personal data include names, addresses, email addresses, photographs, CCTV images of
individuals, salary/job titles or opinions which allow individuals to be identified. Personal data also
includes “sensitive personal data” – this is information about an individual’s racial or ethnic origin,
political opinions, religious beliefs or other beliefs of a similar nature, trade union membership,
physical or mental health or condition, sexual life or criminal offences/proceedings.


“Individuals” could be any living person – for example, employees, agency staff, customers,
contractors, suppliers, and job applicants.


“Processing” includes obtaining, recording, holding, using, disclosing, or erasing the personal data. In
effect almost any activity involving personal data will fall within the scope of the DPA.
The Group’s policy is to comply with the DPA and it does not condone anyone processing personal
data inappropriately on its behalf. Any breach of the DPA by the Group may lead to fines and/or
enforcement action being taken against the Group by the Information Commissioner (the body that
enforces compliance with the DPA). Of equal concern is that any breach may attract media scrutiny
and may lead to a potentially adverse impact on our reputation.


This policy applies to all companies in the Group and all staff working within them (including
Directors and shareholders, employees, zero hours workers, agency workers, contractors, and

temporary staff) who may process personal data about employees or other individuals. Compliance
with this policy is mandatory.


The Managing Director and his delegates for each company (The Pub Managers) has the
responsibility for establishing and implementing effective practices and procedures across it to give
effect to this policy.


The UK Data Protection Policy requires the following.


1. Each company must be registered with the Information Commissioner as a data controller
for the personal data that it processes and must keep that registration up-to-date.
2. Each company must appoint a Data Protection Officer (“DPO”) whose role is to ensure
compliance by their operating company with the DPA, this policy and any relevant company
procedures and practices. Specific responsibilities include assessing the current knowledge
of data protection within the operating company, ensuring that appropriate training on data
protection is provided to operating company staff as required and managing any data
security breaches (such as the loss of a laptop or memory stick with personal data stored on
it).
3. A process must be established so that any data security breach (such as a loss of personal
data) is immediately reported to the DPO and all staff must co-operate with the DPO in the
investigation and management of that breach.
4. Each company must satisfy itself that any third party that it appoints to process personal
data on its behalf (such as a payroll processor or a flexible benefits administrator)
understands its responsibilities under the DPA. The company should enter into a written
contract with that third party that requires the third party to act only on instructions from
the company and to comply with obligations equivalent to those imposed on the company
relating to security of the personal data.
5. Personal data must be processed in accordance with the eight principles set out in the DPA
(see Principles overleaf), and the practices and procedures of ‘the Group’.


Our reputation and our ongoing relationships with our employees and customers are some of our
most valuable assets. By adhering in our daily business work to this policy we will all contribute to
maintaining Big Cat Coma’s name and its good relationships with its customers and other
stakeholders.


If you have any questions about this policy or need further assistance on data protection matters,
please ask the Group’s Data Protection Officer (Stuart Turtill).


We will review this policy on a regular basis.


Stuart Turtill
Managing Director of the Group
September 2019

Policy Principles

1. Personal Data must be processed fairly and lawfully

 

For processing to be fair and lawful, the DPA requires that certain information be provided to
individuals about how their personal data is to be processed. Each company must:


• only use information in a way that individuals would reasonably expect; and
• ensure individuals are made aware of, in a “privacy notice”, the identity of the company that
will be processing the personal data, the purposes for which it is processed, and any other
additional information necessary to ensure that the processing is fair in the circumstances
(eg: any third parties involved, such as other companies, to whom it may be disclosed).

 

Privacy notices could be written (eg: in job application forms, employment contracts or privacy
policy) or electronic (eg: published on a website).

 

Privacy notices do not have to be actively communicated each time personal data of the individual is
processed, provided that the individual has been made aware of the privacy notice, that he or she
has the right to see it if he/she wishes and where to find it/who to contact for a copy.

 

For processing to be fair and lawful, the DPA requires that one of the following conditions must also
be met:

 

(i) The individual consents to the processing.
(ii) The processing is necessary:

• To enter into, or perform, a contract with the individual.
• To comply with a legal obligation of the company (other than a contractual one).
• For the legitimate interests of the company or a third party to whom the data is
disclosed.

 

There is no automatic right to transfer personal data between companies. One of the above
conditions must be met before doing so. Particular care should be taken with sensitive personal data
and any processing of it should first be discussed with the DPO as it is likely to be necessary to first
obtain the express consent of the individual to that processing.

 

2. Personal data must be obtained and processed only for a lawful purpose and must not be
further processed in a manner that is incompatible with that purpose,

 

Each company should anticipate and fully describe upfront all processing activities that are proposed
for that personal data. If the personal data later needs to be processed for a different purpose,
operating companies should consider if it is necessary to seek the consent of the individual to the
processing of their personal data for that new purpose.

3. Personal data held must be relevant and not excessive given the purpose for which it is
processed.

 

Personal data should only be collected if it is really needed. Duplicate files of the same personal data
held by multiple persons should not be kept where possible.

 

4. Personal data held must be accurate and kept up-to-date

 

Each company should conduct regular reviews to see if personal data held is still accurate.

 

5. Personal data processed for a specific purpose must not be kept for longer than is necessary.

 

Each company should conduct regular reviews of the personal data held and safely delete/dispose of
outdated data.

 

6. Personal data must be processed in accordance with the rights of the individual

 

Each company should respond to requests by individuals for details of the individual’s personal data
held (known as “data subject access requests”) within the time period set out in the DPA.

 

7. Appropriate measures must be taken to prevent unauthorised or unlawful processing, loss or
damage to personal data

 

Each company should consider using measures such as password protection or encryption or
restricting access to personal data to those who have a legitimate need to know.

 

8. Personal data must not be transferred outside the European Economic Area (EEA) unless the
destination country has adequate protection.

 

Special care must be taken to ensure that transfers to our external partners are permitted under the
DPA – there is no automatic right under the DPA for such transfer.