At the Wandsworth Bridge Road Association we regard the lawful and correct treatment of personal information as highly important to the success of our special community. It is vital in maintaining confidence and trust between all of us; members, staff and organisers. We will always ensure that we treat personal information lawfully and correctly.
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
This policy applies to the collection and processing of personal information in manual and electronic records kept by us as part of ensuring our association operates correctly. It also covers our response to any data breach and other rights under the GDPR. Those in our organisation who have access to personal information do so in order to accomplish our purpose. No one else has access to it.
B) Categories of Personal Information
Personal Information we collect or obtain includes:
Contact details (e.g., name, address, email, telephone number),
- Personal details (e.g., skills, education, nationality)
- Financial and transaction data (e.g., purchase history, account information, billing information, etc.), and
- Other services related data (e.g., member requests, statistics, etc.).
- Google Analytics
- Analytics relating to our email newsletters
C) Data Protection principles
Under GDPR, all personal information obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing will be fair, lawful and transparent
- information be collected for specific, explicit, and legitimate purposes
- information collected will be adequate, relevant and limited to what is necessary for the purposes of processing
- information will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- information is not kept for longer than is necessary for its given purpose
- information will be processed in a manner that ensures appropriate security of the information including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we will comply with the relevant GDPR procedures for international transferring of personal information
You have the following rights in relation to the personal data we hold on you:
- the right to be informed about the information we hold on you and what we do with it;
- the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below
- the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
- the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
- the right to restrict the processing of the data;
- the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
- the right to object to the inclusion of any information;
E) Access and Erasure
If you would like to request to access, correct, object to the use, restrict or delete Personal Information that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us at firstname.lastname@example.org with the subject line “Data Subject Request.” We will respond to your request as soon as we can and in line with our responsibilities.
F) Uses and Processing
We acknowledge that processing may only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity. Here are some examples:
We may use information you have provided us to send you emails about latest news, events and topics we think you may be interested in, news from local businesses and community announcements. To receive these you will have needed to opt in to receive these communications and at any time you can also opt out. We will also occasionally ask you to update these preferences to make sure you’re getting only the information you want.
We will try to comply with your opt out request as soon as reasonably practicable. Please also note that if you do opt-out of receiving newsletter emails from us, we may still send you messages for administrative or other purposes and you cannot opt-out from receiving those messages.
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If you are a member of the Wandsworth Bridge Road Association team we will also use your data for any of our organisation responsibilities.
We will never give or sell your data to anyone else.
G) Breach notification
In the event of security breach or hack to our system we will inform everyone within 72 hours.
H) Changes to this policy
This policy will be reviewed annually in Aug but if you see any omissions before that please do get in touch with us as soon as possible.