Lamorbey Residents Association Logo

Privacy Policy

Watercolour splash in green

Introduction

We need to collect and use certain personal information in order to carry on our work of managing Lamorbey Residents’ Association. However, we are committed to protecting the rights and privacy of individuals. This statement sets out what information we collect and why, how we use, store and protect it, and what data protection rights you have. It may be read alongside our overall Data Protection Policy.

Our contact details

21a Burnt Oak Lane, Sidcup DA15 9DB

lrassoc.org.uk

Any questions regarding your personal data please contact: secretary@lrassoc.org.uk

The information we collect and how we use it

The information we collect and process falls into the following categories:

Bookings Data

This is name and preferred contact details (postal & email addresses, telephone numbers) as supplied by the prospective hirer via the booking enquiry or booking form. Details of event/reasons for hire etc will also be collected. The information will be used to manage any booking and maintain contact with prospective hirers.

Public events (eg fundraising, club/group meetings, fitness classes) may be displayed on the website and will show details and contact information (unless otherwise specified). Details of private events will not be displayed.

The lawful basis for processing this data is that we are entering into a Contract with the hirer of the facilities they wish to book.

General Enquiries Data

Contact details (name, email, telephone) and nature of enquiry will be supplied by enquirer via on-line form, telephone etc. This information will be used to communicate with enquirer. The lawful basis for processing this data is consent.

Trustee Data

This is name, contact details (address, email, telephone numbers), and date of birth. We are required by law to notify the Charity Commission of these details. We also need to maintain effective communication with trustees. We may also record any relevant skills to help with managing projects or with specific roles. Only names (and organisations represented or posts held) will be publicly displayed. The lawful basis for processing this information is consent and legal compliance.

Bank Details

This will be name & number of account, and sort code number. This information will only be collected and used with explicit consent for the direct payment (from the hall’s bank account) of bills (against invoices), refunds (against receipts). The lawful basis for processing this data is consent and to enable us to complete a legal obligation.

Supplier Data

This is name, address, telephone number and email address as provided by the supplier or as obtained from publicly available sources. The information is used to help communicate with appropriate suppliers for the purchase of good or services. The lawful basis for processing this data is that we may be preparing to enter into a contract for the purchase of those goods and services

Club/Group Data

This will include name of group, club or organisation and purpose/activities covered: also, relevant contact details (eg name, email, telephone numbers). This information will be provided by groups and clubs who may wish for the hall to ‘market’ their activities via our website or newsletters etc. The lawful basis for processing this data is consent.

Disclosure of Data

We will only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations, and the following situations.

  • Bookings’ data may be shared with another Trustee (normally Chair, Treasurer or Secretary) for instance where bookings involve licensable activity (e.g. to confirm new/unusual hirings).
  • Supplier details may be shared within the committee, eg when considering tenders/quotations.
  • Bank details will be shared (currently only between Treasurer and Booking Secretary) in order to approve payment through the hall’s bank account (two signatures required).
  • Trustee data is shared with the Charity Commission as this is a legal requirement.
  • Some documentation may be held in ‘cloud’ storage. This is sharing in a purely technical sense as those services are delivered by 3rd parties and requires data to be held, at least temporarily, on their servers. The data is still private as this technical sharing does not give permission for those providers to read/access the data held.
  • Where individuals have expressly given their consent for the information to be shared.
  • We do not, and will not sell any personal data.

How we store/secure personal data

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Paper based data: (Trustee declaration forms, signed Booking Agreement Forms, etc.) is held in files by the Trustee responsible for the processing of that particular data. The data is kept in locked premises.

Electronic based data: (eg Booking requests, email lists) is only stored and accessed using password protected computers/devices.

Bookings’ data: provides support for financial transactions so will be retained for 6 years in order to comply with financial audit requirements. After that point, it will be destroyed/deleted.

Email addresses may be collected and stored in a distribution list to enable information on events and other hall activities to be sent (by ‘blind carbon copy’) to interested parties. This data will only be collected and used for this purpose with the express consent of the individual. It may be that such list a list will be gathered and maintained via our website, www.lrassoc.org.uk using a specific service provider. In which case such data will be maintained and protected securely by that provider in accordance with their privacy regulations. In either event, information in email distribution lists will be kept on those lists until the data subject requests that their email address be removed. Other email addresses (eg for internal communication, hirers and suppliers) will only be retained for the purpose obtained. The Hall also uses dedicated email addresses for communication with hirers and website users, and to facilitate sharing of information within the committee and with volunteers, and to communicate with hirers, suppliers, local authorities, Charity Commission, etc. All email accounts are password protected and email, our web service and cloud storage service providers have very strict data protection policies and highly secure IT hardware and infrastructure.

Trustee data is a legitimate historical record of the Charity so will be retained indefinitely.

Supplier data will be retained until the committee considers the supplier to no longer be considered for future provision of goods or services. Data related to invoices, completed projects etc will be retained for 6 years and then destroyed. Bank details will be deleted and not be held in hall files after payment of any invoices etc. They may be retained in the system of our banker (currently Natwest Bank) but only insofar as providing the basis for ease of future payments. Such records are held securely in accordance the bank’s own data protection policies and practices.

Website User Data

We use cookiesi to help us to analyse the use and performance of our website and services. Our service provider uses Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your Rights

You have a number of very important rights in respect of your personal data. These include:

  • The right to be informed about what data is collected and how it is used, stored, etc. - this Privacy Notice is itself a key part in that.
  • The right to ask us to remove your personal data from our records (unless it is necessary for us to continue to use the data for a lawful reason).
  • The right to have inaccurate data rectified.
  • The right to request a copy of the information we hold about you.

    • There is more information about your rights at the Information Commissioner’s Office here.

Cookies are files created by websites you visit. They make your online experience easier by saving browsing information. With cookies, sites can keep you signed in, remember your site preferences, and give you locally relevant content. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version