GDPR data protection

Stonehouse Community Association– GDPR Privacy Notice

Stonehouse Community Association are committed to protecting and respecting your privacy.

We aim to be transparent and fair in all aspects of how we collect, manage and account for your personal data.

We take the privacy and security of your personal information very seriously and we are committed to complying with our legal obligations under Data Protection legislation (the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)) and any subsequent updated legislation.

This Privacy Notice explains what types of personal information we collect about you, what we do with that personal information, the legal basis for our processing of your personal information, what rights you have in relation to your personal information and how you can exercise those rights. It also explains how we keep your personal information safe and secure.

Stonehouse Community Association is a “data controller” and this means that we are responsible for deciding how we hold and use personal information about you.

We are required under Data Protection legislation to notify you of the information contained in this Privacy Notice.

Our Privacy Notice applies to the personal data that we collect from and about you, including any personal data that is shared with us by any of our partners.

It is important that you read this Privacy Notice together with any other Privacy Notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This notice supplements other Privacy Notices and is not intended to override them. We may update this notice at any time, details of which are found at the end of this document.

1. Who we are and how to contact us

Stonehouse Community Association, a registered charity (charity number 301624).

You can contact us in writing at Stonehouse Community Association, The Community Centre, Laburnum Walk, Stonehouse GL10 2NS or by email at info@stonehousecommunitycentre.co.uk 

 

Any changes you make to your communication preferences will be processed by us within ten working days of our receipt of your instruction; however, you may still receive non-essential communications in the intervening time between the submission of your change and when we process that change.

You have the right to make a complaint at any time to the Information

Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by emailing us at info@stonehousecommunitycentre.co.uk

2. Data Protection principles

The GDPR is based on six principles which are to be considered when processing Personal Data. Under the GDPR, Article 5 (1) Personal Data should:

i. Be processed fairly, lawfully and transparently;

ii. Be collected and processed only for specified, explicit and legitimate purposes;

iii. Be adequate, relevant and limited to what is necessary for the purposes for which it is processed;

iv. Be kept accurate and up to date and any inaccurate data must be deleted or rectified without delay;

v. Be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed;

vi. Be processed in a manner that ensures appropriate security, using appropriate technical and organisational measures.

Additionally, the UK GDPR Article 5 (2) requires organisations to demonstrate compliance with all the above principles and is sometimes known as the seventh principle.

3. Why do we process your personal data?

Privacy is very important to us. We will only use your personal data in a way that is fair to you and in a clear, honest and transparent way. We will only collect your personal data where it is necessary for us to do so and if it is relevant to our dealings with you.

Essential uses:

We may need to process personal data and record your contact details for the purpose of managing the centre, hiring out the centre, marketing and publicity for events, fundraising activities and managing our finances.

• Due diligence on donations: Our trustees have a duty to ensure that there is no reputational or financial risk to accepting a donation or other kind of support. Where you are a supporter or potential supporter, we may therefore use publicly available sources to carry out due diligence on you to ensure that we are fundraising within the law.

For more information on the circumstances this may apply in and the type of information required please visit https://www.gov.uk/government/publications/charities-due- diligence-checks-and-monitoring-end-use-of-funds.

If we cannot process your personal data for these purposes, then we may be unable to accept your donation or other support.

• This processing of your personal data is on an opt-in basis. If you have opted in, you can choose to opt out of your personal data being used for any of these purposes by emailing us at info@stonehousecommunitycentre.co.uk

4. Lawfulness of our Processing

It’s lawful for us to process personal data where the following conditions apply:

• Consent: This applies where you have given your consent to the processing of your personal data for one or more specific purposes.

In some cases, withdrawing your consent may impact on our ability to provide the Services to you.

• Contractual Necessity: This will apply where you are a hirer, our staff and/or trustees the processing of your personal data is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract with us.

Where you are a hirer, we process personal data about you in order to make the Services available to you. We cannot provide the Services without access to this personal data.

• Legal Obligation: This will apply where the processing is necessary in order for us to comply with a legal obligation which applies to us.

This might include, for example, where we have a legal obligation in relation to a safeguarding issue or in relation to our statutory reporting requirements.

5. Personal data that we collect

• We may collect and use some or all of the following types of personal data, which may include information that you provide to us or for example, in relation to your use of the website and/or the Services, and information that we collect from third parties:

• Title;

• Full name;

• Contact information (address, telephone number, email address etc.);

• Images (print and digital photographs, moving images, CCTV recordings);

• Correspondence information;

• Safeguarding records (concerns, disclosures, meetings etc.);

• Financial information;

• With regard to your visits to our website, we may collect the following information:

• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

• information about your visit to the website, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

6. Who do we share information with?

We may also share your personal data with statutory and regulatory bodies (for example, the Charity Commission, Health and Safety Executive, Information Commissioner’s Office) where there is a legal requirement to do so.

This might include, for example, for the purposes of registration and maintenance of statutory information.

We may also pass personal data to various third parties who provide various goods and/services to us, or on our behalf, which we require in order to provide you with the Services.

 

7. Where we store your personal data

We have in place appropriate technical and security measures to prevent unauthorised or unlawful access to or accidental loss of or destruction or damage to your information.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Any hard copies of your data will be stored securely with limited access by staff / trustees.

8. Your rights

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Your rights in connection with personal information Under certain circumstances, by law you have the right to:

• Be informed of how your personal information is processed, by the provision of Privacy Notices such as this notice.

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

• Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process

it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.

• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the absolute right to object where we are processing your personal information for direct marketing purposes.

• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.

• Request the transfer of your personal information to another party (data portability).

• Request a review of automated decision making, including profiling. This gives you the right to not be subject to a decision based solely on automated processing which has a legal effect on you. It is unlikely we will use automated decision making but we will inform you if this changes.

In the limited circumstances where you may have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Please note if you ask us to erase your data and/or restrict processing of your data, we may not be able to provide you with the Services.

9. How long we keep personal data

We will only keep personal data for as long as we are either required to by law or as is relevant for the purposes for which it was collected.

Retention of data will normally be in line with statutory requirements, except where legitimate interest or best practice recommendations relevant to on-going provision of the charitable services dictate alternative periods.

We will keep a record of your name and email address on our ‘do not contact’ suppression list if you request that we do not send you direct marketing.

10. Cookies

By visiting www.stonehousecommunitycentre.co.uk

(“our website”) you are accepting and consenting to the practices described in this Privacy Notice.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

11. Social Media Platforms

Any communication through external social media platforms that we participate on are subject to the terms and conditions as well as the Privacy Notices held with each social media platform respectively.

Our website may use social sharing buttons which help share web content directly from web pages to the social media platform in question.

Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

12. Changes to this Privacy Notice & change of purpose

We may amend this Privacy Notice from time to time and any amended notice will be posted on our website.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.