Residents, Volunteers and Employees

Introduction

The Goldsworth Park Community Association (GPCA)’s commitment to residents’ and volunteers’ privacy, and this Policy Statement sets out the ways in which their personal data is collected, stored and used, in order to comply with the General Data Protection Regulations (GDPR) which came into force on 25th May 2018.

What GDPR says

The GDPR gives specific rights to individual people with regard to their personal data along with duties to those collecting and processing it as follows:

For those collecting data:

  • the data must be collected lawfully and transparently;
  • it must be used only for the reason stated for its collection;
  • data collection should be limited to that necessary data for the stated purpose;
  • data must be kept accurate and up to date;
  • data must only be stored as long as necessary for the purpose for which it was collected;
  • data security and integrity must be maintained.

Data processing will only be lawful if it satisfies at least one of the following conditions:

  • consent of the data subject;
  • necessary for the performance of a contract with the data subject;
  • necessary for compliance with a legal obligation;
  • necessary to protect the vital interests of a data subject;
  • necessary for the performance of a task carried out in the public interest;
  • necessary for the purposes of legitimate interests.

Individuals providing data have the following rights:

  • the right to be informed of the data held;
  • the right of access to that data;
  • the right to rectification of any incorrect data;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making, including profiling.

What Personal Data does the GPCA hold?

If you have previously hired the Community Hall for a function or event through the GPCA, you will complete a booking form with your name, address, contact telephone numbers and email address.  We require this information to provide the service you have requested and to fulfil our contract with you.  We do not collect or store bank details and prefer to receive secure payment for the hire by BACS.  The data is kept in paper format in a locked filing cabinet.  It will be kept for 6 years for legal and audit purposes and then destroyed securely. Please note that any new bookings are made through Dianthus Trading and not the GPCA.

If you attend a public meeting of the GPCA and request minutes by email, or request to be kept informed of GPCA activities, you will provide the Chair (and Secretary when there is one) with your name and your email address.  If you request minutes in hard copy, you will provide your address.  You may also provide a telephone number.  The information you provide is held in a mailing list on the Chair’s PC (and Secretary’s) which is password protected, virus protected and backed up.  The data is held for the purposes of legitimate interests and will be kept while there is information to distribute to interested parties or until you ask to be removed from the list, in which case the record will be deleted.

If you are a Friend of Natural Goldsworth Park, you will have provided your email address for the specific purpose of receiving information about updates and volunteer activities.  This information is held on a 3rd party email system that is password protected.  The data is held for the purposes of legitimate interests and will be kept while there is information to distribute or until you ask to be removed from the list, in which case the record will be deleted.

If you volunteer to deliver Goldsworth News, you will provide the Distributor with your name, address, telephone number and email address.  The information you provide is held on the Distributor’s laptop which is password protected, virus protected and backed up.  The data is held for the purposes of legitimate interests and will be kept as long as you are a deliverer.  When you cease to be a deliverer, the record will be deleted.

If you are an employee of the GPCA, we will hold personal data in line with current employment legislation.  We will only hold what we need to fulfil our contract with you and it will be stored on the Chair’s PC which is password protected, virus protected and backed up.  Any paper records will be kept in a locked filing cabinet.  It will be kept while you are employed and for 6 years after you leave for legal and audit purposes and then destroyed securely.

If you are a Committee Member or Trustee, you will provide the Chair with your name, address, telephone number and email address and, in the case of Trustees, information on qualifications and experience which are relevant to your Trusteeship.  This information will be stored on the Chair’s PC which is password protected, virus protected and backed up, and any paper records will be kept in a locked filing cabinet.  It will be kept while you remain a Committee Member or Trustee and for 6 years after you relinquish the position for legal and audit purposes and then destroyed securely.

If you visit our website, the GPCA does store cookies on your computer however we do not collect any personal information about you unless you leave a comment.

What we may record when you visit our website:

  • We do record web traffic to our web server in a log which identifies the pages that are being used, from what IP address and how many times certain pages have been visited to help us analyse data about web page usage.
  • We only use the web server logs for statistical and debugging analysis purposes only. The data is removed from the system after a period of 7 days, unless instructed to retain such data under law or by court order.
  • If you use the Feedback & Questions page, your email address, IP address and name will be recorded. This information may be shared with the website maintainers and the most appropriate GPCA officer to answer your question.  If you comment on a post, your email and name is recorded in the database on the server which is accessible only by the people that maintain the website and the GPCA trustees.
  • We also use Facebook Cookies to track and manage the performance of our website. Please see Facebook’s cookie policy for further details: https://en-gb.facebook.com/policy/cookies/

Information Sharing

We will not sell or otherwise hand over any personal data to any third parties without your explicit permission.  In the case of Trustees, the basic personal information is required to be shared with the Charity Commission.

Your Rights

If we hold your personal data, you have the right to know what information we hold and what we do with it, and to correct anything which is inaccurate.  You may ask for a copy of the data we hold about you by writing or emailing to the Chair who will respond within one month.  You may also ask for your information to be erased.

Complaints

If you are dissatisfied with how we handle your personal data or your request for information about the data we hold, you may make a complaint using the Complaints Procedure.