Privacy Notice

  1. What this Privacy Notice Covers
  2. Turnchapel Residents' Association (referred to in this document as “we”, “us” or “our”) takes privacy very seriously. This Privacy Notice explains our practices including your choice regarding the collection, use and disclosure of your personal data. You will need to provide personal data to us for us to provide our service to you. This Notice applies to all data that we collect about you. Please read this Notice carefully and contact us if you have any questions using the details provided in the contact and feedback section below.

    This Privacy Notice sets out;

    • Personal data we collect about you
    • Why we collect your personal data
    • When we collect your data and how long we keep it for
    • What we do with your data
    • How we and other organisations will keep your personal data safe
    • The rights and choices you have when it comes to your personal data

    1.1 Responsibilities

    We are the Data Controller of the personal data we process and therefore are responsible for ensuring our systems, processes, suppliers and personnel comply with Data Protection laws in relation to the data we handle.

    We have a Data Protection Officer, who oversees compliance with Data Protection laws and this Privacy Notice, and provides guidance and advice as required. You can contact our Data Protection Officer by emailing chair@turnchapel.org or by writing to our registered office the details for which are provided in the contact and feedback section below.

  3. Personal data we collect about you
    • We collect your personal details including name, address, telephone and email address details, so that we may provide our service to you.
    • Website usage data is collected using cookies. Please see our separate cookies policy for more information on this topic. This can be found on our website at: turnchapel.org/cookies
    • We only collect personal data that we need from you to provide and oversee this service to you and will not collect any unnecessary data.
    • Shared email addresses: If you provide us with an email address, we may send information about your account to this address. Please make sure that the email address you provide is not shared with anyone else or if shared, ensure that you trust them to have access to your account data.
  4. Why we collect your personal data
    • We collect data about you to enable us to provide you with our services. If you do not provide us with the data we request, we may not be able to provide you with our services.
    • We will only provide our services to individuals who properly identify themselves.
    • We do not sell your data or pass on your data to be used to contact you about other products or services, unless we have notified you of this beforehand.
  5. When we collect your data and how long we keep it for
    • We collect personal data from you before we issue you with an account so that we can identify and assess whether we are willing and able to provide you with our services.
    • We are legally required to keep some documentation to demonstrate that we meet our regulatory and statutory obligations.
    • We may wish to use your personal data for a new purpose, not covered by this Privacy Notice, if this should occur we will provide you with a new Privacy Notice setting out the relevant purposes and processing conditions and seek your prior consent.
  6. What we do with your data
  7. In general terms we will use your data to

    1. Assess whether we are able to provide you with our service
    2. Manage the services we provide to you
    3. Contact and communicate with you; using your preferred contact method. This method can be updated at any time.
    4. Maintain internal record keeping and analysis
    5. Measure and gain feedback on your experience of our services, through user experience surveys for example
    6. Train and manage our personnel who deliver those services
    7. Help investigate any worries or complaints you have about our services

    In addition we may need to share your data to meet our regulatory and legal obligations, with the following organisations:

    • Serious Organised Crime Agency (SOCA) where criminal activity is suspected.
    • National Crime Agency where fraudulent activity is suspected.
    • We need to provide reports on customers that could potentially be involved in money laundering activities.

    We will seek to gain specific consent from you if we wish to involve you in:

    • Public relation activities where we wish to promote our services.
    • Research activities where we wish to gain your opinion on issues affecting the village and/or its residents.

    We will contact you at any point that these activities are planned to gain your consent. Should you agree to be involved in these activities you can withdraw your consent at any point. You can also decide not to be involved.

  8. How we will keep your personal data safe
  9. We endeavor to keep all data safe by taking all reasonable precautions to protect data from misuse, loss and unauthorised access, modification or disclosure. Examples of our security are as follows:

    • Encryption, meaning that information is hidden so that it cannot be read by anybody who does not have the special key (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
    • We carefully control access to systems and networks only allowing authorised people to view your personal information.
    • We train our personnel on how to handle personal and special category information and how and when to report when something goes wrong.
    • We regularly test our systems and network to ensure they are safe and secure.
    • We work hard to ensure that our systems are up to date with the latest security enhancements.
    • We use anti-virus software to protect our systems and data.
    • We operate from secure premises.
    • We operate a clear desk policy which ensures that all data is securely stored when not in use.
    • From time to time we may need to process some of your data using third party processors located in countries outside of the European Economic Area (EEA), for example, for the purposes of data hosting, analytics, credit searches and fraud prevention. If your data is processed outside of the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is an agreement in place with the third parties which provides the same level of protection as required by the data protection regulations in the UK and EEA.

  10. The rights and choices you have when it comes to your personal data
  11. The Data Protection law gives you a number of rights to control what personal information is used and how it is used by us. The following summarises your rights in relation to this. For more detailed information please visit the Information Commissioner’s Office website.

    7.1 Right to be informed

    This document informs you of your right to fair processing of information and provides transparency over how we use your personal data.

    7.2 Right of Access

    You also have the right to ask for all the information we have about you and the services you receive from us. This is called a Subject Access Request. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you within 30 calendar days. We will do this free of charge.

    However, we can’t let you see any parts of your record which contain

    • Confidential information about other people; or
    • Data that a professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or if we think that giving you the information may stop us from detecting or reporting a crime.

    This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your records, (except if one of the points above applies), using the most secure method possible.

    If you can’t ask for your records in writing, we’ll make sure there are other ways that you can. If you have any queries about access to your information please contact secretary@turnchapel.org for more details. More information about subject access can be found on theInformation Commissioners website.

  12. You can ask to change information you think is inaccurate
  13. You have the right to request your data to be updated where you believe it to be incorrect. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

  14. You can ask to delete information (right to be forgotten)
  15. In some circumstances you can ask for your personal information to be deleted, for example

    • Where your personal information is no longer needed for the reason why it was collected in the first place
    • Where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
    • Where there is no legal reason for the use of your information.

    Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure, but again you may need to contact them separately to exercise this right.

    Please note that we can’t delete your information where

    • We’re required to keep it by law
    • We require it to meet our regulatory and statutory obligations
  16. You can ask to limit what we use your personal data for
  17. You have the right to ask us to restrict what we use your personal information for

    • Where you have identified inaccurate information, and have told us of it
    • Where we have no legal reason to use that information, but you want us to restrict what we use it for rather than erase the information altogether.

    You have the right to withdraw your consent to us processing your personal data at any time.

  18. Contact and Feedback
  19. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.

    If at any time you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to theInformation Commissioners Office.

    For queries regarding complaints, in the first instance please contact our Data Protection Officer in writing to:

    Data Protection Officer, Turnchapel Residents' Association, c/o 16 Boringdon Terrace, Turnchapel, PL9 9TQ.

    You can also email us at secretary@turnchapel.org.

  20. Defining terms
  21. Personal Data

    Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

    Processing

    Means obtaining, recording or holding the information or data, or carrying out any operation or set of operations on the information or data, including

    • Organisation, adaptation or alteration of the information or data
    • Retrieval, consultation or use of the information or data
    • Disclosure of the information or data by transmission, dissemination or otherwise making available
    • Alignment, combination, blocking, erasure or destruction of the information or data

    Data Controller

    The person at Turnchapel Residents' Association who

    • is the first point of contact for supervisory authorities, customers and colleagues whose data is processed
    • monitors compliance with data protection laws, including managing internal data protection activities, advising on data protection impact assessments; training staff and conduct internal audits.

    Supplier

    • Organisations that we work with under agreement/contract to support the services we provide to you.

Last updated: 21 October 2020