St. Lawrence Friends Heritage Trust
Charity number 1048528
DATA PROTECTION NOTICE
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
Who are we?
The St. Lawrence Friends Heritage Trust (the “Trust”) is the data controller (contact details are provided below). This means that the Trust decides how your personal data is processed and for what purposes.
Which personal data do we collect?
We collect the following personal data:
– contact details (address, telephone and mobile numbers, email address)
– bank account details.
How do we collect your personal data?
We collect your personal data from information which you give us, including but not limited to:
– information set out in any donation, application or subscription form with the Trust; and
– information provided by you by way of correspondence with us by phone, email, website or otherwise.
How do we process your personal data?
The Trust complies with its obligations under the GDPR by keeping personal data up-to-date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect personal data.
Why do we process your personal data?
We use your personal data for the following purposes:
– to further the Trust’s object to restore, maintain and repair the St Lawrence Church, with its attached hall, and St Saviours Church, Valley End, as specified in the Trust’s constitution;
– to administer membership records;
– to fundraise and promote the interests of the Trust;
– to enable us to manage the Trust’s members and volunteers;
– to maintain the Trust’s own accounts and records;
– to operate the Trust’s website and deliver the services that individuals have requested;
– to inform individuals of news, events, activities or services run by the Trust;
– to process donations, including Gift Aid applications;
– to contact individuals via surveys to conduct research about matters relating to the Trust’s object.
What is the legal basis for the Trust processing your personal data?
The Trust is entitled to hold and process your personal data on the following lawful grounds:
– you have given consent to the processing of your personal data for one or more specific purposes;
– processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
– processing is necessary for compliance with a legal obligation to which the Trust is subject;
– processing is necessary in order to protect your vital interests or those of another natural person;
– processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– processing is necessary for the purposes of the legitimate interests pursued by the Trust or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child.
Some of the grounds for processing described above will overlap and there may be several grounds which justify the Trust’s use of your personal data.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with:
– banks with whom the Trust holds a bank account (where standing order mandates or other similar arrangements are put in place);
– our email service providers we use to email you;
– HMRC in order for us to process Gift Aid donations;
– our cloud-based data storage provider.
How long do we keep your personal data?
Your personal data will be retained for the longest of the following periods:
– for the Trust and/or any authorised third parties to carry out the purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with the Trust;
– in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and
– any retention period that is required by the GDPR and any applicable laws or regulatory requirements.
How do we keep your personal data secure? Your personal data is held in:
– encrypted files in our cloud-based data storage provider. Access to the cloud-based data storage provider is password-protected, as are the files held there; and
– our email service provider, access to which is password protected.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
– the right to request a copy of your personal data which the Trust holds about you;
– the right to request that the Trust corrects any personal data if it is found to be inaccurate or out of date;
– the right to request your personal data is erased where it is no longer necessary for the Trust to retain such data;
– the right to withdraw your consent to the processing at any time;
– the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
– the right to object to the processing of personal data (where applicable); and
– the right to lodge a complaint with the Information Commissioners Office.
Keeping your personal data up-to-date
Please let us know of any of your personal data changes as soon as possible.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this policy
This privacy notice is dated 25 May 2018.
We reserve the right to amend this privacy notice at any time without notice. Upon amendment, the date of the policy will be revised accordingly.
To exercise all relevant rights, queries or complaints please get in touch with the Trust by contacting Matthew Brehaut at:
Address: Long Meadow, Castle Grove Road, Chobham GU24 8EF.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.