DATA PROTECTION ACT 1998 (DPA)
GENERAL DATA PROTECTION REGULATIONS (GDPR)
CHARITY NUMBER 521439
Tel: 01509 673 626
We are committed to a policy of protecting the rights and privacy of individuals. We need to collect and use certain types of Data in order to carry on our work of managing Kegworth Village Hall. This personal information must be collected and handled securely.
The purpose of this policy is to set out the Kegworth Village Hall Committee’s commitment and procedures for protecting personal data. Trustees regard the lawful and correct treatment of personal information as very important to successful working and to maintaining the confidence of those with whom we deal. We recognize the risks to individuals of identity theft and financial loss if personal data is lost or stolen.
Kegworth Village Hall is a charity, registered charity number 521439, with a mail address at Nottingham Road, Kegworth, DE74 2FH, Leicestershire, England and with the contact email address firstname.lastname@example.org.
The Data Protection Act 1998 (DPA) and General Data Protection Regulations (GDPR) govern the use of information about people (personal data). Personal data can be held on computers, laptops and mobile devices, or in a manual file which includes email, minutes of meetings and photographs.
The charity will remain the data controller for the information held. The Trustees, staff and volunteers are personally responsible for processing and using personal information in accordance with the Data Protection Act and GDPR. The Trustees, staff and volunteers who have access to personal information will therefore be expected to read and comply with this policy.
Any material changes we make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes made. This policy was last updated on 9 September 2021.
The following are definitions of terms used:
Data Controller -
The trustees to who collectively decide what personal information Kegworth Village Hall Committee will hold and how it will be held and used.
Act means Data Protection Act 1998 and GDPA –
The legislation that requires responsible behaviour by those using personal information.
Data Protection Officer (DPO) -
The person responsible for ensuring that Kegworth Village Hall Committee follows its data protection policy and complies with the Act.
NOTE: Kegworth Village Hall Committee is not required to appoint a DPO
Data Subject -
The individual whose personal information is being held or processed by Kegworth Village Hall Committee – for example a donor or hirer.
‘Explicit’ consent -
This is a freely given, specific agreement by a Data Subject, to the processing of personal information about her/him.
Explicit consent is needed for processing ‘sensitive data’, which includes
Racial or ethnic origin of the data subject
Religious beliefs or other beliefs of a similar nature
Trade union membership
Physical or mental health or condition
Proceedings for any offence committed or alleged to have been committed
Information Commissioner’s Office (ICO)
The ICO is responsible for implementing and overseeing the Data Protection Act 1998
Collecting, amending, handling, storing or disclosing personal information.
Information about living individuals that enables them to be identified eg names, addresses, telephone numbers and email addresses. It does not apply to information about organisations, companies and agencies but applies to named persons, such as individual volunteers.
The Data Protection Act
This contains 8 principles for processing personal data with which we must comply.
Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
Shall be obtained only for one or more of the purposes specified in the Act and shall not be processed in any manner incompatible with that purpose or those purposes.
Shall be adequate, relevant and not excessive in relation to those purposes.
Shall be accurate and, where necessary, kept up-to-date.
Shall not be kept for longer than is necessary.
Shall be processed in accordance with the rights of data subjects under the Act.
Shall be kept secure by the Data Controller who takes appropriate technical and other measure to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to personal information.
Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures and adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal information.
APPLYING THE DATA PROTECTION ACT WITHIN THE CHARITY
We will let people know why we are collecting their data, which is for the purpose of Kegworth Village Hall managing it’s hirings and finances. It is our responsibility to ensure the data is only used for this purpose. Access to personal information will be limited to trustees, staff and volunteers.
Individuals have a right to make a Subject Access Request (SAR) to find out whether the charity holds their personal data, where, what it is used for and to have data corrected if it is wrong, to prevent use which is causing them damage or distress, or to stop marketing information being sent to them. Any SAR must be dealt with within 30 days. Steps must first be taken to confirm the identity of the individual before providing information, requiring both photo identification eg passport and confirmation or address eg recent utility bill, bank or credit card statement.
Kegworth Village Hall Committee is the Data Controller under the Act and is legally responsible for complying with the Act, which means that it determines what purposes personal information held will be used for.
The management committee will take into account legal requirements and ensure that it is properly implemented and will, through appropriate management, adhere to strict application of criteria and controls:
collect and use information fairly
specify the purposes for which information is used
collect and process appropriate information and only to the extent that it is needed to fulfil it’s operational needs or to comply with any legal requirements
ensure the quality of information used
ensure the rights of people about whom information is held can be exercised under the Act
the right of access to one’s personal information
the right to be informed that processing is undertaken
the right to prevent processing in certain circumstances, and
the right to correct, rectify, block or erase information which is regarded as wrong information
take appropriate technical and organisational security measures to safeguard personal information
ensure that personal information is not transferred abroad without suitable safeguards
treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation, or ethnicity when dealing with requests for information
set out clear procedures for responding to requests for information
All trustees, staff and volunteers are aware that a breach of the rules and procedures identified in this policy may lead to action being taken against them.
PROCEDURES FOR HANDLING DATA AND DATA SECURITY
Kegworth Village Hall Committee has a duty to ensure that appropriate technical and organizational measures and training are taken to prevent:
Unauthorised or unlawful processing of personal data
Unauthorised disclosure of personal data
Accidental loss of personal data
All trustees, staff and volunteers must therefore ensure that personal data is dealt with properly, no matter how it is collected, recorded or used. This applies whether or not the information is held on paper, in a computer or recorded by some other means eg tablet or mobile phone.
Personal data relates to data of living individuals who can be identified from that data and use of that data could cause an individual damage or distress. This does not mean that mentioning someone’s name in a document comprises personal data; however, combining various data elements such as a person’s name and salary or religious beliefs etc would be classed as personal data and falls within the scope of the DPA. It is therefore important that all staff consider any information (which is not otherwise in the public domain) which can be used to identify an individual as personal data and observe the guidance following -
WHAT WE COLLECT
You provide information by contacting us via our Website, via email, by phone or by hosting an event. Depending on how you provide your information, we will collect some or all of the following information
Types of goods to sell
WHAT WE DO WITH THE INFORMATION WE GATHER
As it is in our legitimate interests to understand your needs and provide you with a better service, we use your personal data –
For security purposes (so that we can: verify the identity, safeguard our membership groups; keep our events safe and secure
To provide the services
For internal record keeping
To improve and tailor our services
To arrange events and, where you consent, to send you promotional emails about new events, or request feedback, or provide other information which we think you will find interesting using the email address which you have provided
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so.
SHARING AND STORING YOUR PERSONAL DATA
Data processors are third parties who provide some elements of our business services for us. Where we use a third party we have strict agreements in place governing the processing of your personal data, on which no action can be taken without instruction from us. The third parties with whom we work will never share or disclose your personal information and will hold it securely at all times.
We will share your personal data in emergencies, eg the emergency services, to the extent necessary to protect your vital interests.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
We retain your information as follows –
Personal data will be stored securely and will only be accessible to authorized volunteers or staff
Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately. For financial records this will be up to 7 years. For employee records see below. Archival material such as minutes and legal documents will be stored indefinitely. Other correspondence and emails will be disposed of when no longer required or when trustees, staff or volunteers retire.
After you have terminated your use of Kegworth Village Hall services, your information will be stored in an aggregated and anonymized format in order to use this data for statistical purposes to improve our services
Information regarding an employee or a former employee, will be kept indefinitely. If something occurs years later it might be necessary to refer back to a job application or other document to check what was disclosed earlier, in order that trustees comply with their obligations eg regarding employment law, taxation, pensions or insurance
You have certain rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. We have described these situations below, as well as how you can exercise your rights. To exercise any of your rights, please submit it to this email address email@example.com or you can write to us at Kegworth Village Hall, Nottingham Road, Kegworth DE74 2FH, Leicestershire, England.
Please note that for each of the rights following we will, in some instances, have valid legal reasons to refuse your request. In such instances we will advise you accordingly.
You have the following rights in relation to your personal data –
Access: you have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and whom we share it with;
Portability: you have the right to receive a subset of the personal data you provide us with if we process it on the basis of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. If you wish to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or it’s processing once received by the third party;
Correction: you have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed;
Erasure: you have the right to request that we erase the personal data we hold about you in the following circumstances:
Where you believe it is no longer necessary for us to hold the personal data;
We are processing it on the basis of your consent and you wish to withdraw your consent;
We are processing your data on the basis of our legitimate interest and you object to such processing;
You no longer wish us to use your data to send you marketing;
You believe we are unlawfully processing your data
Please provide as much detail as possible on your reasons to assist us in determining whether you have a valid basis for erasure.
RESTRICTIONS OF PROCESSING TO STORAGE ONLY -
You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in the following circumstances -
You believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate;
We wish to erase the personal data as the processing we are doing is unlawful, but you want us to simply restrict the use of that data;
We no longer need the personal data for the purposes of the processing, but you require us to retain the data for the establishment, exercise or defence of legal claims
You have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data
You have the right to object to our processing of data about you and we will consider your request. Please provide us with details as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
WITHDRAWAL OF CONSENT
Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by emailing firstname.lastname@example.org
OBJECTION TO MARKETING
At any time, you have the right to object to our processing of data about you in order to contact you about Kegworth Village Hall events or latest news, and we will stop processing the data for that purpose.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. In some circumstances this will prevent you from taking full advantage of the website.
You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/
LINKS TO OTHER WEBSITES
Our website will, in some circumstances, contain links to other websites of interest. However, once you have used these links you will leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org or you can write to us at Kegworth Village Hall, Nottingham Road, Kegworth, DE74 2FH, Leicestershire, England.
CONTACT US on ……… Tel: 01509 673 626 or email : enquiries@Kegworthvh.org