Personal Data Protection, Privacy and Security Policy May 2018
1. Who We Are
1.1. Thank you for taking the time to read our Personal Data Protection, Privacy and Security Policy. We know that your personal data is important to you and that is why we are committed to ensuring any data you share with us is treated with the same care and respect with which we treat the items in our care.
1.2. The North Devon Athenaeum is a small registered charity – Charity number 300755. Our registered office is; North Devon Athenaeum, Tuly Street, Barnstaple, Devon EX31 1EL.
1.3. The North Devon Athenaeum (“we”) promise to respect any personal data you share with us, or that we get from other organisations, and to keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
1.4. Developing a better understanding of the people who access our physical and digital sites through their personal data allows us to make better decisions, prepare appropriate communications and fundraise more efficiently. Ultimately it helps us to reach our goal of celebrating and protecting our rich heritage, helping everyone to enjoy it now and in the future.
2. Where we collect information about you from
2.1. When processing data we will always have a legal reason for doing so. The legal reasons for data collection and retention are defined in the General Data Protection Regulations (GDPR).
2.2. Direct information collection
You may give us your information to register as a volunteer, attend an event, donate, purchase products, visit a site, access our services or communicate with us.
2.3. Website or ‘app’ information collection
2.3.1. Online enquiry/contact forms – your details will be used for the purposes of recording and responding to your enquiry.
2.3.4. The type of deice you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating provider will have more details about want information your device makes available to us.
2.4. Indirect information collection from other organisations
2.4.1. This relates to information we receive when you give permission to other organisations to share the information you give them or it is available publicly.
2.4.2. We may combine information you provide to us with information available from external sources to gain a better understanding of our users and to improve our products and services. We will only do this if your consent has been granted or implied through your privacy settings.
2.4.3. The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources.
a. Third party organisations – you may have provided permission for a company or other organisation to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition or sign up with a comparison site.
b. Social Media – depending on your settings or the privacy policies for social media and messaging services like, Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
c. Information available publicly – this may include information found in places such as Companies House and information that has been published in articles and newspapers.
3. What personal data we collect and how we use it
3.1. The type and quantity of information we collect and how we use it depends in why you are providing it.
3.2. If you support us, for example donate, volunteer, sign up for an event or purchase something from us, we will usually collect:
a. Your name and title
b. Your contact details
c. Where relevant, details for an emergency contact.
3.3. We will mainly use your data to:
a. Provide you with the services, products or information you asked for
b. Administer your donation
c. Thank you for your support
d. Ensure our communications are appropriate and relevant to you
e. Keep a record of your relationship with us
f. Ensure we know how you prefer to be contacted
g. Understand how we can improve our services, products or information
3.4 We may also use your personal information to detect fraud and credit risk.
3.5. We do not sell or share personal details to third parties for the purposes of marketing.
3.6. We may also collect and retain your information if you send feedback about our service or make a complaint.
4. How we keep your data safe and who has access
4.1. We ensure that there are appropriate technical controls in place to protect your personal details. For example, our online forms are always encrypted, and our network is protected and routinely monitored.
4.2. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, authorised volunteers and contractors.
4.3. We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.
4.4. Some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection on accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
4.5. We may need to disclose your details, if required, to the police, regulatory bodies or legal advisors.
4.6. We will only ever share your data in other circumstances if we have your explicit and informed consent.
5. Keeping your information up to date
5.1. Where possible we use publicly available sources to keep your records up to date, for example, the Post Office’s National Change of Address database.
5.2. We really appreciate it if you can let us know when your contact details change.
6. Your right to know what we know about you, make changes or ask us to stop using your data
6.1. You have the right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your donation or registering for an event) we will do so. Contact us on 01271 342174 or firstname.lastname@example.org if you have any concerns.
6.2. You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
6.3. If you want to access your information, send a description of the information you want to see and proof of your identity by post to North Devon Athenaeum, Tuly Street, Barnstaple, Devon EX31 1EL.We do not accept these requests by email so we can ensure that we only provide personal data to the right person.
6.4. If you have any questions please send them to email@example.com , and for further information see the Information Commissioner’s guidance here (external link).
7. Changes to this Policy
7.2. If you have any questions, comments or suggestions, please let us know by contacting the North Devon Athenaeum, Tuly Street, Barnstaple, Devon EX31 1EL or email firstname.lastname@example.org.