GPCA Wordpress Admin

Privacy & Data Security Policy Statement

Residents, Volunteers and Employees

Introduction

The Goldsworth Park Community Association (GPCA)’s commitment to residents’ and volunteers’ privacy, and this Policy Statement sets out the ways in which their personal data is collected, stored and used, in order to comply with the General Data Protection Regulations (GDPR) which came into force on 25th May 2018.

 

What GDPR says

The GDPR gives specific rights to individual people with regard to their personal data along with duties to those collecting and processing it as follows:

For those collecting data:

  • the data must be collected lawfully and transparently;
  • it must be used only for the reason stated for its collection;
  • data collection should be limited to that necessary data for the stated purpose;
  • data must be kept accurate and up to date;
  • data must only be stored as long as necessary for the purpose for which it was collected;
  • data security and integrity must be maintained.

 

Data processing will only be lawful if it satisfies at least one of the following conditions:

  • consent of the data subject;
  • necessary for the performance of a contract with the data subject;
  • necessary for compliance with a legal obligation;
  • necessary to protect the vital interests of a data subject;
  • necessary for the performance of a task carried out in the public interest;
  • necessary for the purposes of legitimate interests.

 

Individuals providing data have the following rights:

  • the right to be informed of the data held;
  • the right of access to that data;
  • the right to rectification of any incorrect data;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making, including profiling

 

What Personal Data does the GPCA hold?

If you hire the Community Hall for a function or event, you will complete a booking form with your name, address, contact telephone numbers and email address.  We require this information to provide the service you have requested and to fulfil our contract with you.  We do not collect or store bank details and prefer to receive secure payment for the hire by BACS.  The data is kept in paper format in a locked filing cabinet.  It will be kept for 6 years for legal and audit purposes and then destroyed securely.

If you attend a public meeting of the GPCA and request minutes by email, or request to be kept informed of GPCA activities, you will provide the Chair (and Secretary when there is one) with your name and your email address.  If you request minutes in hard copy, you will provide your address.  You may also provide a telephone number.  The information you provide is held in a mailing list on the Chair’s PC (and Secretary’s) which is password protected, virus protected and backed up.  The data is held for the purposes of legitimate interests and will be kept while there is information to distribute to interested parties or until you ask to be removed from the list, in which case the record will be deleted.

If you are a Friend of Natural Goldsworth Park, you will have provided your email address for the specific purpose of receiving information about updates and volunteer activities.  This information is held on a 3rd party email system that is password protected.  The data is held for the purposes of legitimate interests and will be kept while there is information to distribute or until you ask to be removed from the list, in which case the record will be deleted.

If you volunteer to deliver Goldsworth News, you will provide the Distributor with your name, address, telephone number and email address.  The information you provide is held on the Distributor’s laptop which is password protected, virus protected and backed up.  The data is held for the purposes of legitimate interests and will be kept as long as you are a deliverer.  When you cease to be a deliverer, the record will be deleted.

If you are an employee of the GPCA, we will hold personal data in line with current employment legislation.  We will only hold what we need to fulfil our contract with you and it will be stored on the Chair’s PC which is password protected, virus protected and backed up.  Any paper records will be kept in a locked filing cabinet.  It will be kept while you are employed and for 6 years after you leave for legal and audit purposes and then destroyed securely.

If you are a Committee Member or Trustee, you will provide the Chair with your name, address, telephone number and email address and, in the case of Trustees, information on qualifications and experience which are relevant to your Trusteeship.  This information will be stored on the Chair’s PC which is password protected, virus protected and backed up, and any paper records will be kept in a locked filing cabinet.  It will be kept while you remain a Committee Member or Trustee and for 6 years after you relinquish the position for legal and audit purposes and then destroyed securely.

If you visit our website, the GPCA will not place cookies on your computer nor will it collect any personal information about you.  A traffic log identifies which pages are being used and how many times certain pages have been visited to help us analyse data about web page usage.  We only use this information for statistical analysis purposes and then the data is removed from the system.  If you use the Feedback & Questions page, your email address will be recorded in the email that is sent to the web master and the most appropriate officer to answer your question.  If you comment on a post, your email is recorded in the database on the server which is accessible only by someone with admin rights.

 

Information sharing

We will not sell or otherwise hand over any personal data to any third parties without your explicit permission.  In the case of Trustees, the basic personal information is required to be shared with the Charity Commission.

 

Your rights

If we hold your personal data, you have the right to know what information we hold and what we do with it, and to correct anything which is inaccurate.  You may ask for a copy of the data we hold about you by writing or emailing to the Chair who will respond within one month.  You may also ask for your information to be erased.

 

Complaints

If you are dissatisfied with how we handle your personal data or your request for information about the data we hold, you may make a complaint using the Complaints Procedure.