DANBURY COMMUNITY ASSOCIATION (TRUST) LIMITED – DATA PRIVACY NOTICE

1.   INTRODUCTION

This Data Privacy Notice explains how your personal information is processed by Danbury Community Association (Trust) Limited (DCA) in connection with your membership of the Sports & Social Centre, Main Road, Danbury Chelmsford, Essex CM3 4NQ.

We take your privacy seriously. We are committed to complying with the General Data Protection Regulation (“GDPR”) and all other applicable data protection and privacy laws to ensure we properly protect your personal information (information which directly identifies you or pieces of information which could allow you to be identified).

We will be the Controller of your personal information (as we are responsible for how your personal information is used).

Please take the time to read this privacy notice as it explains how we collect, use and store your personal information, and the rights you have in relation to the protection of your personal information.  If, at any time, you have any concern about how your personal information is being processed by us, please let us know.

2.     WHAT PERSONAL INFORMATION DO WE COLLECT AND HOW?

When you became a member of the DCA, you may have provided us with your full name; address; date of birth; marital status; home and mobile telephone numbers, email address and the membership plans would require.

During your membership of the DCA, you may also have amended your membership plans and personal information (full name; address; marital status etc).  If you became a member of the gym or attended fitness classes, you may have provided us with information about your health as it may affect your ability to exercise to enable us to design a fitness plan for you to follow.

We also collect additional personal information about you through our dealings with you.  For example, this will include information when you attend the gym, classes or functions, correspond with us, including by email, letters and during telephone calls; access the DCA website.

3.     WHAT WILL WE USE YOUR PERSONAL INFORMATION FOR?

We collect and process information about you for legitimate purposes relating to the operation of the DCA.  We will only use your personal information to collect membership fees, and to improve the services we provide members.

We also use your personal information to make a claim to HMRC for Gift Aid.

4.     WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

The DCA holds personal data to comply with its legal obligations as a Charity and a Company Limited by Guarantee.

We share your personal information with our professional advisers and other third parties who help us administer the membership records.  For example, we share your personal information with the company providing the membership system.

When we share your personal data with third parties who perform services for us, we require them to take appropriate steps to protect your personal information, and only to use the personal information for the purpose of performing those specific services.

5.     HOW WILL WE ENSURE THAT THE PROCESSING WE CARRY OUT IS LAWFUL?

We take appropriate measures to ensure that all processing of your personal information by us, or by our service providers, is lawful. The lawful basis for the processing of your personal information will depend on the purposes for which we process your information.

Where you use the DCA’s website, we will process your personal information collected by using cookies in accordance with their cookie policy.  (This policy will be included on the web site).

We also need to process your personal information to comply with our legal obligations, including the submission of an annual Gift Aid Return to HMRC.

We also have a legitimate interest to process your personal information to provide the services to which you have subscribed and the ongoing management of our relationship with you and to maintain contact with you (e.g. providing newsletters), and our internal business purposes which include document retention/storage and IT service continuity (e.g. back- ups) to ensure the quality of the services we provide to you.

6.     WILL WE SEND YOUR PERSONAL INFORMATION OUTSIDE THE UK?

In order for us to provide the membership service, we, (or other service providers acting on our behalf, for example, Clubright) transfer your personal information outside of the UK and the European Economic Area (EEA) to other group companies, IT providers and other suppliers. The EEA comprises those countries that are in the European Union (EU) and some other countries that are considered to have adequate laws to ensure personal information is protected.

When transferring your personal information outside of the UK or the EEA, we will protect it from improper use or disclosure and ensure the same levels of protection are in place as are applied within the UK and the EEA.

7.     HOW WILL WE STORE YOUR PERSONAL INFORMATION?

Your personal information will normally be stored electronically on our third-party membership system’s database.  Some of your personal information, for example attendees of a fitness class, is stored in paper format

8.     HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION?

The DCA needs to retain accurate membership records for six years.  We will store your information until such time as we will no longer need it.  Once your membership ends, we may decide to delete some of the information held about you after three years.

9.     HOW WILL WE KEEP YOUR PERSONAL INFORMATION SAFE?

We take the security of your personal information very seriously.  We have (and we require our relevant service providers to have) technical, administrative, and physical security measures in place to protect it.

10.     WHAT RIGHTS DO YOU HAVE?

We have briefly described your rights in relation to your personal information below.  You can find a full description of these rights in the Appendix 2 attached to this notice.

In summary, you have the right (subject to certain restrictions) to:

  • receive confirmation that we process your personal information;
  • a copy of the personal information we hold about you;
  • obtain details of how we use your personal information;
  • have the personal information we hold about you corrected if it is inaccurate;
  • request to have the personal information we hold about you erased (subject to certain restrictions);
  • have restrictions placed on how we process your personal information (in certain situations);
  • object to having your personal information processed (subject certain restrictions).

 

11.     HOW WILL YOU KNOW IF WE AMEND THIS DATA PRIVACY NOTICE?

We may need to make changes to this Data Privacy Notice at any time. If we make any material change to how we collect your personal information, or how we use or share it, we will update the Data Privacy Notice on the DCA website and place a notice in Reception in the Sports & Social Centre.

APPENDIX 1 – WEBSITE PRIVACY POLICY

1.     Who we are:

Our website address is: https://danburysportscentre.co.uk.

2.     What personal data we collect and why we collect it

Comments

 

 

When visitors leave comments on the website, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

3.     Analytics

Who we share your data with and How long we retain your data?

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

APPENDIX 2 – YOUR PRIVACY RIGHTS

1.     INTRODUCTION

We have set out below each of your rights in respect of your personal information in more detail. The various rights are not absolute and are subject to certain exceptions or qualifications.

We will respond to your requests in respect of your personal information free of charge except in the following circumstances, where we may charge a reasonable fee to cover our administrative costs or may be entitled to refuse to respond:

  • excessive/repeated requests, or
  • where you request additional copies of information already

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll let you know.

In order to exercise any of the rights described below contact us at the Sports & Social Centre

Further information and advice about your rights can be obtained from the Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 0303 123 1113 or on its website at ico.org.uk.

How can we help?

2.     ACCESSING YOUR INFORMATION What can you request access to?

You have the right to:

  • receive confirmation from us that your personal information is being processed;
  • a copy of your personal information; and
  • details in relation to how we use your personal information (which is broadly included in this Data Privacy Notice).

You can request copies of paper and electronic records (including recorded calls, where applicable) about you that we hold, share or use.  To deal with your request, we can ask for proof of your identity and enough personal information about you to enable us to locate the personal information you have requested.

When will access not be provided?

We can only provide you with your personal information, not personal information about another person.  Also, where access would negatively affect another person’s rights, we’re not required to provide this.  Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.

When requesting access to your personal information, to help us respond to your request quickly, please clearly set out in your request the personal information that you would like.  If this is not clear, we may need to ask for further information from you before we can process your request.

3.     CORRECTING YOUR INFORMATION

You have the right to require us to correct inaccurate personal information that we hold about you.

If you tell us that the personal information, we hold on you is incorrect, we will review it and if we agree with you, we will correct our records.  If we do not agree with you, we will let you know. If you believe the records we hold on you are still incorrect, you can let us know in writing, and we will include your statement when we give your personal information to anyone outside the DCA.

If you believe that we hold incomplete personal information about you, you may also have the right to have the information completed, including by providing a supplementary statement. Whether or not this right applies will depend on the purposes for which your personal information is being processed.

We need to notify any third parties with whom we have shared your personal information that you have made a correction request (see Who do we share your personal information with?). We will take reasonable steps to do this, but if it is not possible or costly, we may not be able to do so.

How you can see and correct your information

Generally, if you ask us in writing, we will let you have a copy of the personal information that we hold about you, and/or take steps to correct any inaccurate information.

In certain circumstances, it may not be possible to provide you with information we hold, for example if the information is in relation to a claim or legal proceedings.

4.     ERASING YOUR INFORMATION

When can you request deletion of your personal information?

Subject to the section below When can we refuse erasure requests? you have a right to have your personal information erased, and to prevent further processing of your personal information, where:

  • the personal information is no longer necessary for the purpose it was originally collected/processed,
  • you withdraw your consent (where consent was previously provided and required for us to process the information),
  • you object to the processing, as long as our legitimate interests in processing your personal information don’t take priority over your objection,
  • we’ve been processing your personal information unlawfully, or
  • your personal information has to be erased in order to comply with a legal

When can we refuse erasure requests?

The right to erasure does not apply where your information is processed for certain specified reasons, including to establish, exercise or defend legal claims.  Note that we will often have a legal obligation or a legitimate interest to retain certain pieces of your personal information which may override your request, for example, we have a legal obligation to pay the correct benefits under the Scheme.  We have to keep certain records so that we can assess whether an individual is entitled to receive a benefit in the event of a claim.

More importantly, if we have to erase your data, we will not be able to administer your benefits or payments from the UKRF, so please carefully consider any request to erase your personal information.

Do we have to tell other recipients of your personal data about your erasure request?

If you request that your personal information is deleted, and we have provided your personal information to any third parties (see Who do we share your personal information with?), we need to inform them about your erasure request, so they can also erase the personal information in question.  We will take reasonable steps to do this, but it may not always be possible.

Third parties can also refuse erasure requests if one of the exemptions applies.

5.     RESTRICTING PROCESSING OF YOUR INFORMATION When is restriction available?

You have the right to restrict the processing of your personal information:

  • where you consider the information we hold is inaccurate, in which case we have to restrict any processing while we verify the accuracy of your personal information, when the processing we are carrying out is unlawful and you request us to restrict processing, rather than erasing your personal information,
  • if we no longer need the personal information, but you need it to establish, exercise or defend a legal claim, or
  • while we are considering our legitimate interests for processing your personal information to which you have objected in the circumstances detailed in paragraph (a) of Objecting to processing.

What happens while processing is restricted?

We can store your personal information, but we cannot carry out any further processing of it without your consent (unless processing is required in connection with legal claims, to protect another person’s rights or for important public interest).

Do we have to tell other recipients of your personal data about the restriction?

Where we have disclosed your relevant personal information to third parties, we need to inform them about the restriction on the processing of your information, so that they do not continue to process it.

We’ll take reasonable steps to do this, but it may not always be possible. We will also let you know if we decide to lift a restriction on processing.

6.     TAKING YOUR PERSONAL DATA WITH YOU When does the right to data portability apply?

The right to transfer your personal information only applies:

  • to personal data you’ve provided to us (i.e. not any other information);
  • where we are processing your personal information because you have provided your consent for us to do so, or under a contract with you; and
  • when processing is carried out by automated means (i.e. data held electronically).

7.     OBJECTING TO PROCESSING

You can object to processing in the following circumstances:

  • Legitimate interests

You have the right to object at any time to processing of personal information concerning you which is carried out because of our legitimate interests.

If we can show compelling legitimate grounds for processing your personal information which override your interests, rights and freedoms, or we need your personal information to establish, exercise or defend legal claims, we can continue to process it.  Processing of your personal information will be restricted while we make this assessment (see Restricting processing of your information).  Otherwise, we must stop using the relevant personal information.

  • Direct marketing

We do not carry out any direct marketing and therefore this right should not arise.

8.     AUTOMATED DECISION MAKING AND PROFILING

We do not carry out any automated processing or profiling on your personal information, and therefore this right should not arise.

August 2019