DATA PROTECTION POLICY

 

Ardagh Community Trust – Data Protection Policy

Effective Date: January 2022

Introduction

We, at Ardagh Community Trust, take data security and privacy very seriously because we know that confidentiality and the protection of information is a fundamental feature of our relationship with our service users. When we use your personal data we are required to do so in accordance with the General Data Protection Regulation (GDPR). We are responsible as ‘controller’ of your personal data for the purposes of the GDPR. We will use your personal data in accordance with your engagement with us and your instructions, the GDPR, other relevant legislation and our professional duty of confidentiality.

Please read this policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights and how to contact us in the event you would like to exercise any of these rights.

What we’re doing

Giving you more transparency: You have the right to access the information we hold about you. We don’t hold an excess amount of data and most of the data we do hold and process we do so to comply with legal obligations and to pursue legitimate interests. We’re happy to share with you, at any time, any of your data that we hold and tell you how we use it. 

Increasing privacy: As part of our data protection updates we’re changing, and in some cases limiting, how we store and access certain information to restrict use to only necessary people. You have the right to be informed about why and how we use your data.

Improving data access, deletion, and control: You also have the right to correct or update any information and additionally to request that your information be deleted or have restricted use. We do have statutory requirements to comply with but we will always work with you to exercise your rights.

If you would like to exercise any of these rights please email hello@theardagh.com 

Privacy Notice (How we use your information)

We provide a range of services and therefore we work with various service users. The main categories of information that we collect, hold and share include:

  • Personal information (such as name, email address, home address, phone number, date of birth)

  • Characteristics (such as gender, ethnicity, language, nationality and country of birth)

  • Emergency contact / carer / next of kin details (name, relation, address, email address, phone number(s))

  • GP information

  • Bank details for payment

  • Information about health, preferences and abilities

  • Photographs

Depending on the service(s) you use, some of these categories of information will not apply.

Why we collect and use this information

If you are a Member

  • To provide you with communications specific to your interests

If you receive our Mailing List

  • To provide you with information about our development, activities and events

  • To tailor our offerings to your preferences and interests

If you benefit from our Community Development services

  • To provide you with information about the various initiatives we are involved in, activities that run at the Ardagh, partnership working projects that can be city wide, volunteering opportunities as well as our classes and offers.

  • To keep you safe whilst you engage with our services

  • To provide you with the materials needed to engage with our services. For example, we may collect allergy information for our food based programs

  • To tailor our offerings to your preferences and interests

If you are a customer (including room hire, market stall rental, and clubs)

  • To communicate processes and expectations and to answer your questions

  • To facilitate payment

If you have given financial support to the charity

  • To maintain a record of support

  • To provide you with necessary communication about funds used and/or payments due

  • To provide you with required reports/ feedback/ on-going communication about the work we are doing and how we are using the money you’ve donated.

If you are an employee, volunteer or trustee

  • To provide you with necessary communication

  • To maintain a record of your history with the charity; training and development, accidents, disciplinary action, grievances, etc.

  • To measure your efforts and attendance against what is stated in your employment contract

  • To facilitate your training and development

  • To facilitate payment

  • For statutory purposes

If you are a supplier

  • To contact you for orders and queries

  • To maintain a record of our relationship with you (orders placed/received)

  • To facilitate payment

During and after our organised events we share photos from the events on our social media channels. We ensure we have consent to do this from all involved. In the case of bigger events, mainly those that are open to the public, we will post notices that photographs and video are being taken and allow anyone in attendance the opportunity to opt-out of being photographed.

The lawful basis on which we use this information

We collect and use your information under Article 6 of EU General Data Protection Regulations (GDPR) to ensure the organisation carries out its duties lawfully and appropriately.

Data is required:

6a for the purpose of complying with any consent you’ve provided us

6b for the performance of a contract we have entered into with you

6c for compliance with our legal obligations

6d for the necessary purpose of protecting your vital interests

6e for the necessary propose of carrying out a task in the public interest

6f   for the necessary purpose of carrying out our legitimate duties

Collecting your information

Depending on your relationship with Ardagh Community Trust and in what capacity we collect and hold your information, the majority of your information you provide to us is mandatory. This is chiefly applicable to our employees. Some information is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.

Consent is required and will be requested any time we need to collect and/or use your data and we do not have a legal reason to do so.

Storing your data

If you are a Member

  • We hold personal information unless and until you unsubscribe.

If you benefit from our Community Development services

  • We hold personal information for a period of 7 years after you stop using our services.

If you are a customer

  • We hold personal information for a period of 7 years after you stop using our services.

If you have given financial support to the charity

  • We hold personal information for a period of 7 years after a one-off donation.

  • We hold personal information for a period of 7 years after a grant has been awarded and received.

If you are an employee, volunteer or trustee

  • We hold information for a period of 7 years after you cease employment.

  • We hold information for a period of 7 years after you cease being a volunteer and/ or trustee

If you are a supplier

  • We hold information for 7 years.

Miscellaneous

  • We hold application forms and interview notes for unsuccessful candidates for 1 year.

  • We hold child protection information for any allegations against anyone involved within the organisation until that person reaches normal retirement age or for 10 years if that is longer.

  • We hold records of any reportable death, injury, disease or dangerous occurrence for 3 years after the date on which it happened.

  • We hold accident/medical records as specified by the Control of Substances Hazardous to Health Regulations (COSHH) 1999 for 40 years from the date of the last entry.

  • We hold records of complaints for at least three years from the date of the last record.

  • We hold insurance liability documents for 40 years from the date of issue.

  • We hold meeting minutes for 6 years from the date of the meeting.

Who we share your information with

We don’t share your data with anyone unless you;

Have given financial support to the charity

  • Registry Trust Limited

  • We may share your data with third party, financial auditing companies.

If you are an employee, volunteer or trustee

  • If you an employee, we may share your data with our auditors, HM Revenue & Customs (HMRC) and National Employment Savings Trust (NEST).

  • If you are a Trustee, we may register your information with Companies House and Charities Commission.

  • Some employees and Trustees will have a profile on our public website.

Requesting access to your personal data

Under data protection legislation, any person has the right to request access to information about them that we hold. To make a request for your personal information, please contact us at hello@theardagh.com.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing you damage or distress

  • prevent processing for the purpose of direct marketing

  • object to decisions being taken by automated means; and

  • have inaccurate personal data rectified, blocked, erased or destroyed

Contact

If you would like to discuss anything in this data protection policy, please contact us at hello@theardagh.com