POLICY ON PROCESSING PERSONAL DATA AND PRIVACY POLICY
Introduction. Welcome to The October Club's Privacy Policy. TOC is committed to
safeguarding the privacy of its contacts, and will only use the information it collects about
you lawfully. You should check this page from time to time to ensure that you are happy
with any changes.
This policy is effective from 25th May 2018.
Purpose of this policy. We are obliged to provide you with this privacy policy under the
European Union’s General Data Protection Regulation (GDPR). This policy is for our
contacts, those charities who apply for grants, attend our events or supply us with
services. It explains:
About Us. For the purposes of applicable data protection laws, The October Club CIC is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.
Contact Us. The Head of Operations and events has the responsibility for your data protection compliance. If you have any queries relating to this privacy notice (including any requests to exercise your legal rights in respect of your data, you can contact us at narinder@octoberclub.com
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information we collect about you.
Personal information we may collect directly from you (as applicable)
If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected.
Why do we collect your personal information and on what grounds?
We will only use your personal data if we have a permitted lawful basis to do so. Generally, we collect your personal data because is it necessary for:
We may also rely on your consent to use your personal data for:
You have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the website and/or services. The primary purpose for which we collect information about you is to provide you with services you have requested from us. We also collect information about you for the following purposes:
To perform our contract with you
For our legitimate interests
To comply with our legal obligations
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with TOC. In this case, we may not be able to accept your application for membership or to provide you with our services, but we will notify you if this is the case at the time.
Who do we share your information with?
Your personal data is primarily only used within TOC. However, in certain limited circumstances we may share your information with other third parties particularly where that is necessary to provide our services to you. These include:
Sensitive Personal Data. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Retention of Personal Data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data Subject’s Rights. In certain circumstances you have rights under data protection laws in relation to the personal data we hold about you. These are summarised below:
Right of Access. You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism, of a Subject Access Request (SAR) and you have the right to obtain:
o Confirmation that your data is being processed (held)
o Access to your personal data (copy) and
o Other supplementary information that corresponds to the information in this Privacy Notice
Fees and Timings. Under GDPR and from 25 May 2018 this information will be provided without charge, without delay and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, TOC may:
Identity Verification. To protect your personal data, TOC will seek to verify your identity before releasing any information, which will normally be in electronic format. This will normally be a simple process.
Right of Rectification. You are entitled to have personal data rectified or corrected if it is inaccurate or incomplete. TOC will respond within one month of your request. In the unlikely event that the rectification does not take place, TOC will inform you of your rights to complain or seek judicial remedy.
Right of Erasure. You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’. However, you do have a right to have personal data erased and to prevent processing in specific circumstances:
o Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
o When you withdraw consent
o When you object to the processing and there is no overriding legitimate reason for continuing the processing
o The personal data was unlawfully processed
o The personal data has to be erased in order to comply with a legal obligation
Right to Restrict Processing. Under the Act, you have a right to ‘block’ or suppress processing of personal data. The restriction of processing under GDPR is similar. When processing is restricted, TOC is permitted to store the personal data, but not process it further. In this event, exactly what is held and why will be explained to you.
Right to Data Portability. You may ask to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
o To personal data you have supplied to TOC
o Where the processing is based upon your consent or for the performance of a contract and
o When processing is carried out by automated means
In these circumstances, TOC will provide you with a copy of your data in free of charge, without delay and within one month. If there is going to be a delay you will be informed.
Right to Object. You have the right to object to:
o Processing based on legitimate interests or the performance of a task in
the public interest/exercise of official authority (including profiling)
o Direct marketing (including profiling) and
o Processing for purposes of scientific/historical research and statistics
Security of your data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Third party links on our site
Our site may, from time to time, contain links to and from the websites of our charities, affiliates, suppliers and social media pages. If you follow a link to any of these websites, please note that websites have their own privacy policies and that we are not in control of, and do not accept any responsibility or liability for these policies or any third-party website linked to our site. Please check these policies before you submit any personal information through these websites.
Cookies, IP Addresses and Non-Personal Information
We may collect and store information about your visit on an anonymous, aggregate basis. This information may include the time and length of your visit, the pages you look at on our sites, and the site you visited just before coming to ours. We may also record the name of your Internet service provider, browser type, and country of origin. We use this information to measure site activity, to develop ideas for improving our site(s) and, where we observe a particular area of interest, and your business domain name is visible to us, additional information may be offered or sent to you.
In addition cookies are used. A cookie is a small file that is stored on your computer when you visit a website. If you visit the website again, it is recognised as a repeat visit by means of the cookie. The cookie contains a unique number but no personal data. We therefore cannot and would not use the cookie to identify you personally. Furthermore, the cookie cannot be used to identify you on websites of third parties. You can configure your web browser to refuse cookies, to delete cookies, or to be informed if a cookie is set. You can find out how to do this by clicking "help" on your browser menu.
Changes to this policy
We may from time to time review and amend this Privacy Policy to take into account changes in law, technology and our operations. We will post any changes to this Privacy Policy on our website from time to time and, where appropriate, notify you by e-mail.
25th May 2018
e. enquiries@theoctoberclub.co.uk t. 07768 464 592
Privacy Policy
Website by Adept