Everyone has rights with regard to how their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, known as users. This includes those hiring the halls and those who participate in our monthly prize draw. All personal data is held securely by the committee members who require using it. This involves password protected files for electronic information or locked away if in written form.
The trustees of Bishops Lydeard Village Hall take their responsibility to care for personal data under the General Data Protection Regulation (GDPR) very seriously. We will never hold personal data unnecessarily nor will we sell or pass personal information to third parties unless we are required to do so for legal reasons, such as the police or HMRC.
Our lawful basis for collecting this information is legitimate interest. We need the information in order to fulfil the request to use our services. We collect this information from the hirer completing the hire agreement or from the application form for the prize draw.
The charity will remain the data controller for the information held. The trustees and volunteers are personally responsible for processing and using personal information in accordance with the Data Protection Act and GDPR.
- What information do we require?
- Names, addresses, email addresses and telephone numbers.
- How we use this information?
- Names, addresses, email addresses and telephone numbers: So we can communicate with the hirer or prize draw participants.
- How long will we keep this information?
- We keep this personal information securely for a limited time after a hiring or after a person stops taking part in the prize draw.
- What we do when we no longer require personal information?
- All personal information that is no longer required is securely destroyed.
Your rights to see the information that we hold about you
Individuals have a right to make a Subject Access Request (SAR) to find out whether the charity holds their personal data, where, what it is used for and to have data corrected if it is wrong, to prevent use which is causing them damage or distress, or to stop marketing information being sent to them. Any SAR must be dealt with within 30 days. Steps must first be taken to confirm the identity of the individual before providing information, requiring both photo identification e.g. passport and confirmation of address e.g. recent utility bill, bank or credit card statements in relation to the processing of personal information.