CHOLSEY PAVILION TRUST
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by legislation known as the General Data Protection Regulations (the GDPR).
Who are we?
Cholsey Pavilion Trust is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
Cholsey Pavilion Trust complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We will not collect or process any data that we do not need in order to operate the Pavilion.
We use your personal data for the following purposes:
|
For visitors to our website: |
Our website uses cookies to optimise your visitor experience. |
|
For enquirers and hirers: |
We process your personal data, including names, addresses and contact details and in some circumstances age and special occasion information in order to legitimately administer your booking and comply with our hiring policy.
We may also use your personal data for marketing purposes – to promote our Pavilion for future events you may be considering. From 25th May 2018 this will be purely on an informed consent basis. |
|
For suppliers: |
We process your contact information in order to manage our commercial relationship with you and to meet financial reporting obligations. |
|
For volunteers and trustees: |
We process your contact information in order to manage your contribution to our work, and to report to the Charity Commission. |
|
For employees: |
We process your personal data for health and safety and HMRC matters, as well as to legitimately operate the Pavilion. |
|
For those who pay online: |
We process data from our suppliers Barclays and Paypal in order to legitimately administer our accounts. |
|
For those using the building or the surrounding area: |
We process CCTV images to ensure security and safety of the building and users. |
What is the legal basis for processing your personal data?
With the exception of the marketing purposes above, we have considered that processing the data is in the legitimate interests of the Trust to properly and responsibly operate the Pavilion.
From 25th May 2018, the processing of the data of hirers for marketing purposes will be in the basis of informed consent, through an opt-in email list.
How long will we keep the data?
|
For visitors to our website: |
Our website stores cookies for up to one year. |
|
For enquirers and hirers: |
Data related to enquiries/bookings will be held for up to seven years, as part of our financial records.
Data related to marketing will be held for two years after unsubscription. |
|
For suppliers: |
Data related to suppliers/potential suppliers will be held for up to seven years, as part of our financial records. |
|
For volunteers and trustees: |
Data will be held for the duration of service, plus two years. |
|
For employees: |
Data related to employees will be held for up to seven years, as part of our financial records. |
|
For those who pay online: |
Data related to transactions will be held for up to seven years, as part of our financial records. |
|
For those using the building or the surrounding area: |
Recordings are held for 30 days. Downloaded clips will be held until 12 months after matter is resolved . |
What are your rights?
If at any point you believe the information we process on you is incorrect you may request to see this information (this is called a Data Subject Access Request) and even have it corrected or deleted (subject to some legal restrictions). To make a Data Subject Access Request or to make a complaint about how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (www.ico.org.uk).
Our Data Protection Officer is our Chairman, James Butler and you can contact him at cholseypaviliontrust@gmail.com.
