Garrigill Village Hall Data Protection and Privacy Policy

Garrigill Village Hall Data Protection & Privacy Policy

Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper and includes images and audio recordings as well as written information.

Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

Responsibility

Overall and final responsibility for data protection lies with the Garrigill Village Hall Trustees, who are responsible for overseeing activities and ensuring this policy is upheld.

All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the Hall.

Policy Statement

We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people's privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.

We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.

We will provide individuals with details of the data we have about them when requested by the relevant individual.

We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.

We will endeavour to keep personal data up-to-date and accurate.

We will store personal data securely and endeavour not to have data breaches.

We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.

We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.

Data Held

We hold no personal data on our own files except for details of our trustees and those whom we pay for services.

The names and email addresses and in some cases telephone numbers of current and former local residents with whom we have previously been in contact or to whom we email regular updates of local information and events are held on our Thunderbird email account and are not disclosed by us to any third party without their express consent.

Such names, addresses, email addresses and telephone numbers as may be supplied by those booking the hall, bunkroom or campsite are held by Freetobook, our proprietary booking system and are also entered on our secure Google calendar. Such details not disclosed by us to any third party without the booker's express consent. 

We do not have access to the credit/debit card details of any persons who pay through our secure payment system Stripe. Where we refund such payments, Stripe informs us of the last four digits of the payer's card to enable us to advise refunded customers of the destination of the refund.

We do not have access to the credit/debit card details of any persons who pay on our premises by means of our Square payment terminal.

We do not retain any credit/debit card details supplied to us by telephone by persons booking our facilities or events.

Any person wishing to check upon or seek removal of their details held on our email and booking systems should email their request to secretary@garrigillvh.org

Complaints Procedure

If you believe that Garrigill Village Hall has not complied with data legislation or the commitments undertaken in this Data Protection and Privacy policy, please put you complaint in writing to the secretary at secretary@garrigillvh.org . As required by the Information Commissioner's Office, we will endeavour to respond to your complaint within one calendar month, although complex requests may take up to 3 months to respond to.