The General Data Protection Regulation (GDPR) (25.5.2018) legally holds Cleobury Community Hub responsible for ensuring any personal information we hold is kept secure at all times, used for the reasons we have explained to you and disposed of in a timely and secure manner.
We take the security of your personal information extremely seriously.
Cleobury Community Hub only stores the personal information you give to us and you can amend or delete it at any time. Your information is used exclusively by Cleobury Community Hub to help us provide you with current and future information about hub activities, for financial giving and Gift Aid and for historical analysis.
We do not pass any of your personal data to outside organisations and/or individuals, except with your express consent.
This policy aims to explain how we as a charity will be continuing to meet this high standard and you have 8 legal rights in this respect:-
The Right to be Informed
This information we hold is generally, name, address, telephone, email, date of birth, emergency contact details, medical information (if you have a life threatening or life-changing condition that requires us to be able to act quickly in order to save life).
We will collect as much of your personal data as possible to give us a fuller picture of what services, training, hub activities we need as a community hub to provide. We do not share your data outside of the charity other than for legal reasons (listed at the end of the policy). You have control over how much personal information you give to us and can make changes at any time in the future. In some instances, for example, if you Gift Aid your donations then certain detail has to be taken in order for the Gift Aid process to take place, which includes sharing your information with the treasurer of Cleobury Community Hub (CCH).
Your data is shared with trusted staff and volunteers who help us to keep your details up to date, make contact with you and set up rotas.
The data is held or shared with and stored by our “data processor” Churchsuite who manage the security and back-ups of the data software. (A list of all data processors/3rd parties are listed at the end of the policy)
Paper documentation and other electronic files like spreadsheets (see Data Retention Policy & Information Security Policy) are saved on staff individual computers (individually password protected and passwords are changed every 3 months).
The Right to Access
This is called a “Data Subject Access Request” and we have to provide you with this information within 30 days. Your request will be logged when received and when completed. No fee will be charged.
The Right to Rectification
If we are holding some personal information that is incorrect; misspelling of your address or an incorrect email address, for example, please contact Mark Greaves (Director) on 07828 116810 or email mark@cleoburyhub.org.uk. We are legally bound to make the changes within 30 days.
The Right to Object
You can object to fund raising requests.
You can object to certain types of data processing, for example processing based on attendance, performance or for the purposes of scientific/historical research and statistics.
However, a lawful basis supersedes the right to object, for example, if you are on a rota you must provide contact details.
If you have any objections please contact the Data Protection lead, Mark Greaves – mark@cleobruyhub.org.uk
The Right to Restrict Processing
If you have provided us with new contact information and, for example, our emails are coming out to the wrong address we will stop contacting you until this is corrected.
If you want us to hold your data rather than delete it, for example, because you are temporarily out of the area, we can archive all of it or parts of it.
The Right to Erasure (to be forgotten)
You can ask us to delete all of your data and we must comply unless there is a lawful reason; for example,
If you give under the Gift Aid Scheme your details must be kept on file until after the end of the financial year. However, we only need name and mailing address all other personal details will be deleted.
If there are Safeguarding issues
If your removal affects another person’s information, for example if your children attend we will need your emergency contact details.
The Right to Portability
To move your data so that you can send it to another organisation. We have 30 days to comply and provide it in a format that is secure and confidential.
The Rights related to automated decision making and profiling
The GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual, for example, performance at work, economic situation, health, reliability, behaviour or personal preferences.
- Cleobury Community Hub (CCH) does not use automatic decision making or profiling.
- Our Data Protection lead is Mark Greaves (mark@cleoburyhub.org.uk)
List of Data Processors / 3rd parties used by Cleobury Community Hub (CCH)
- Trusted Volunteers, members of Cleobury Community Hub, providing on the ground technical expertise for our computers
- Social Media Sites: Facebook, Instagram, Youtube, Dropbox
- Churchsuite manages our database using SSL encryption and secure back-ups on a 30 day cycle.
- Stripe take credit & debit card payments online (integrated through Churchsuite)
- Squareup manage our POS for the CCH
- Go Cardless receive donations online from our members (integrated through Churchsuite)
- HMRC Gift Aid information
- Outlook/Office 365 Email provider