Terrington Village Hall - Data Privacy Statement

Download the data privacy statement

TERRINGTON VILLAGE HALL & RECREATION GROUND Registered Charity No. 1183854

Data Privacy

1. Introduction

Terrington Village Hall & Recreation Ground Trust is committed to protecting and respecting the privacy of personal data. Being transparent and providing accessible information to individuals about how we use personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR).

The purpose of this privacy notice is to help you understand what we do with any data you provide and how we process and protect it.

Under the GDPR we do not have a statutory requirement to have a named Data Protection Officer. For Terrington Village Hall, the Data Controller is the management committee of the Village Hall. If you have any questions regarding your personal data please contact terringtonvillagehallinfo@gmail.com.

2. The Data We Collect and How We Use It

The data we process falls into 5 main categories:

(a) Bookings Data. This is name, address, telephone number and email address as supplied by the prospective hirer via the booking request. The data is collected via the Booking Agreement Form and used to ensure effective communication throughout the booking process, from initial request through to invoicing and banking of payment. The lawful basis for processing this data is that we are entering into a Contract with you for the hire of the facilities you wish to book.

(b) "100 Club" Data. This is name, address, telephone number and email address as supplied by the individual applying for a share in the club. The data is collected via the 100 Club Share Application Form and used to ensure effective running of the monthly draws and communication to prize winners. The lawful basis for processing this data is that we are entering into a Contract with you for including you in the monthly prize draw.

(c) Email Distribution List “Friends of Terrington Village Hall”. This is email address only. The distribution list is only used to notify recipients of events and information relating to the village hall. The email address is on our distribution list only if there has been explicit ‘opt in’. The lawful basis for processing this data is Consent.

(d) Trustee Data. This is name, address, telephone number, email address and date of birth. We are required by law to notify the Charity Commission of these details of the trustees. It is also necessary for there to be effective communication between trustees. The lawful basis for processing this data is therefore twofold. Firstly, there is the Legal Obligation of keeping details up to date with the Charity Commission. Secondly, there is Legitimate Need for effective communication between committee members.

(e) Supplier Data. This is name, address, telephone number and email address as provided by the supplier or as obtained from publicly available sources (e.g. internet, telephone book, etc.). The information is used to help communicate with appropriate suppliers for the purchase of good or services. The lawful basis for processing this data is that we are preparing to enter into a Contract for the purchase of those goods and services.

3. How We Store Your Personal Data

Paper based data (e.g. Trustee declaration forms, 100 Club Share Application Forms, signed Booking Agreement Forms, etc.) is held in files by the Trustee responsible for the processing of that particular data. The data is in locked premises.

Electronic based data is only stored and accessed using password protected computers/devices.

The village hall has a Google account used primarily for Gmail. The email distribution list "Friends of Terrington Village Hall" is a contact group held within the Contacts section of this Gmail account. The village hall’s Gmail account also provides some 'cloud' storage in a Google Drive. Some documentation is held on Google Drive to facilitate sharing of information within the committee (e.g. Booking Secretary and Treasurer have joint access to the Bookings Data).

The village hall committee makes extensive use of email to communicate with each other, with suppliers, with volunteers, with hirers, etc. Email requires the use of 3rd party email services and, as part of this, there is at least transient use of this 3rd party 'cloud' storage.

The Google Drive account and all email accounts are password protected. Google and other email and cloud storage service providers themselves have very strict data protection policies and highly secure IT hardware and infrastructure.

4. How Long We Retain Your Personal Data Fors

Bookings data provides support to financial transaction so will be retained for 7 years in order to comply with financial audit requirements. After that point, it will be destroyed/deleted.

100 Club data is held until the final monthly prize of the 100 Club year has been paid. After that point, it will be destroyed/deleted.

Email addresses in the email distribution list will be kept on the distribution list until the data subject requests that their email address be removed.

Trustee data is a legitimate historical record of the Charity so will be retained indefinitely.

Supplier data will be retained until the committee considers the supplier to no longer be considered for future provision of goods or services.

5. Who We Share Your Personal Data With

We do not and will not sell any personal data.

We will only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations, and the following situations:

bookings data is shared with our Designated Premises Supervisor (DPS) where bookings involve licensable activity as the DPS approval is required in order for a booking to make use of our Premises Licence;
for the 100 Club, the name of each monthly draw winner is shared with the Howardian for publication in the next Howardian magazine;
trustee data is shared with the Charity Commission as this is a legal requirement;
as stated in section 3 above, some documentation is held in 'cloud' storage. This is "sharing" in a purely technical sense as those services are delivered by 3rd parties and requires data to be held, at least temporarily, on their servers. The data is still private as this technical 'sharing' does not give permission for those providers (e.g. Google) to read/access the data held;
where you have expressly given your consent for the information to be shared.

6. Your Rights

You have a number of very important rights. These include

the right to be informed about what data is collected and how it is used, stored, etc. - this Privacy Notice is itself a key part in that;
the right to ask us to remove your personal data from our records (unless it is necessary for us to continue to use the data for a lawful reason);
the right to have inaccurate data rectified;
the right to request a copy of the information we hold about you.

There is more information about your rights at the Information Commission Office at this link:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individualrights/

If you have any questions regarding your personal data please contact terringtonvillagehallinfo@gmail.com.