We need to collect and use certain personal information in order to carry on our work of managing Offord Village Hall.
However, we are committed to protecting the rights and privacy of individuals. This statement sets out what information we collect and why, how we use, store and protect it, and what data protection rights you have. It may be read alongside our overall Data Protection Policy.
2. Our contact details
Offord Village Hall
3. The information we collect and how we use it
The information we collect and process falls into the following categories:
This is name and preferred contact details (postal & email addresses, telephone numbers) as supplied by the prospective hirer via the booking enquiry or booking form. Details of event/reasons for hire etc will also be collected. The information will be used to manage any booking and maintain contact with prospective hirers.
Public events (eg fundraising, club/group meetings, fitness classes) may be displayed on the website and will show details and contact information (unless otherwise specified)
Details of private events will not be displayed.
The lawful basis for processing this data is that we are entering into a Contract with the hirer of the facilities they wish to book.
General Enquiries Data
Contact details (name, email, telephone) and nature of enquiry will be supplied by enquirer via on-line form, telephone etc. This information will be used to communicate with enquirer. The lawful basis for processing this data is consent.
300+ Club Information
Applicants for shares in the club provide will provide name and usual contact details (address, email and telephone numbers). These details will be collected and processed only for the effective administration of the club, including communicating with members. The lawful basis for processing this data is consent.
Details for Promoting Village Hall Events and Activities
This will be name and email details only. It will be provided by individuals who have explicitly consented to be on the distribution list. The information will be used as the basis for keeping in touch with hall users and supporters. The lawful basis for processing this data is consent.
This is name, contact details (address, email, telephone numbers), and date of birth. We are required by law to notify the Charity Commission of these details. We also need to maintain effective communication with trustees. We may also record any relevant skills to help with managing projects or with specific roles. Only names (and organisations represented or posts held) will be publicly displayed. The lawful basis for processing this information is consent and legal compliance.
This will be name & number of account, and sort code number. This information will only be collected and used with explicit consent for the direct payment (from the hall’s bank account) of bills (against invoices), refunds (against receipts) or prize monies (eg 300+ club monthly draws). The lawful basis for processing this data is consent and to enable us to complete a legal obligation.
This is name, address, telephone number and email address as provided by the supplier or as obtained from publicly available sources. The information is used to help communicate with appropriate suppliers for the purchase of good or services. The lawful basis for processing this data is that we may be preparing to enter into a contract for the purchase of those goods and services.
This will include name of group, club or organisation and purpose/activities covered: also, relevant contact details (eg name, email, telephone numbers). This information will be provided by groups and clubs who may wish for the hall to ‘market’ their activities via our website or newsletters etc. The lawful basis for processing this data is consent.
Disclosure of Data
We will only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations, and the following situations.
• Bookings’ data may be shared with another Trustee (normally Chair, Treasurer or Secretary) for instance where bookings involve licensable activity (for TENS applications or to confirm new/unusual hirings.
• Supplier details may be shared within the committee, eg when considering tenders/quotations.
• Bank details will be shared (currently only between Treasurer and Booking Secretary) in order to approve payment through the hall’s bank account (two signatures required).
• Trustee data is shared with the Charity Commission as this is a legal requirement.
• Some documentation may be held in ‘cloud’ storage. This is sharing in a purely technical sense as those services are delivered by 3rd parties and requires data to be held, at least temporarily, on their servers. The data is still private as this technical sharing does not give permission for those providers to read/access the data held.
• Where individuals have expressly given their consent for the information to be shared.
We do not, and will not sell any personal data.
4. How we store/secure personal data
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Paper based data (Trustee declaration forms, signed Booking Agreement Forms, etc.) is held in files by the Trustee responsible for the processing of that particular data. The data is kept in locked premises.
Electronic based data (eg Booking requests, email lists) is only stored and accessed using password protected computers/devices.
Bookings’ data provides support for financial transactions so will be retained for 6 years in order to comply with financial audit requirements. After that point, it will be destroyed/deleted.
Email addresses may be collected and stored in a distribution list to enable information on events and other hall activities to be sent (by ‘blind carbon copy’) to interested parties. This data will only be collected and used for this purpose with the express consent of the individual. It may be that such list a list will be gathered and maintained via our website, www.offordvillagehall.org.uk, using a specific service provider. In which case such data will be maintained and protected securely by that provider in accordance with their privacy regulations. In either event, information in email distribution lists will be kept on those lists until the data subject requests that their email address be removed.
Other email addresses (eg for internal communication, 300 club membership, hirers and suppliers) will only be retained for the purpose obtained.
Similarly, information related to 300+ club membership will be retained until that membership ceases.
The Hall also uses dedicated email addresses for communication with hirers and website users, and to facilitate sharing of information within the committee and with employees and volunteers, and to communicate with hirers, suppliers, local authorities, Charity Commission, CambsACRE etc. All email accounts are password protected and email, our web service and cloud storage service providers have very strict data protection policies and highly secure IT hardware and infrastructure.
Trustee data is a legitimate historical record of the Charity so will be retained indefinitely.
Supplier data will be retained until the committee considers the supplier to no longer be considered for future provision of goods or services. Data related to invoices, completed projects etc will be retained for 6 years and then destroyed.
Bank details will be deleted and not be held in hall files after payment of any invoices etc. They may be retained in the system of our banker (currently Barclays Bank) but only insofar as providing the basis for ease of future payments. Such records are held securely in accordance the bank’s own data protection policies and practices.
5. Website User Data
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
6. Your Rights
You have a number of very important rights in respect of your personal data. These include:
• The right to be informed about what data is collected and how it is used, stored, etc. – this Privacy Notice is itself a key part in that.
• The right to ask us to remove your personal data from our records (unless it is necessary for us to continue to use the data for a lawful reason).
• The right to have inaccurate data rectified.
• The right to request a copy of the information we hold about you.
There is more information about your rights at the Information Commissioner’s Office here.
Date adopted by the Management Committee: 26th May 2021