GDPR FAIR PROCESSING NOTICE
Village Hall Bookings
1. About this document
1.1 During the course of our activities we, Woolmer Green Parish Council, will process personal data (which may be held on paper, electronically, or otherwise) about users of our village hall and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 1998 (DPA) and GDPR (from 25th May 2018). The purpose of this notice is to make you aware of how we will handle your personal data.
1.2 This notice may be amended at any time.
1.3 This notice applies to all users of Woolmer Green Village Hall.
2. Data protection principles
2.1 We will comply with the eight data protection principles in the DPA, which say that personal data must be:
(a) Processed fairly and lawfully.
(b) Processed for limited purposes and in an appropriate way.
(c) Adequate, relevant and not excessive for the purpose.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with individuals' rights.
(h) Not transferred to people or organisations situated in countries without adequate protection.
2.2 "Personal data" means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
3. Fair and lawful processing
3.1 We will usually only process your personal data for the legitimate interest of the provision of village hall booking services. With your consent, your data may also be used for marketing purposes related to the Village Hall and the Woolmer Green Parish Council.
4. How we are likely to use your personal data
4.1 In providing village hall booking services to you, we use your data in the following ways:
To update and enhance booking records;
For statistical analysis to help us manage our village hall;
In order to complete statutory returns; and
For legal and regulatory compliance.
5. Processing for limited purposes
We will only process your personal data for the specific purpose or purposes notified to you or for any other purposes specifically permitted by the DPA/GDPR.
6. Adequate, relevant and non-excessive processing
Your personal data will only be processed to the extent that it is necessary for the specific purposes notified to you.
7. Accurate data
We will keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
8. Data retention
We will not keep your personal data for longer than is necessary for the purpose. This means that, unless you have provided your consent to continue to receive marketing material from Woolmer Green Parish Council, your data will be destroyed or erased from our systems when it is no longer required. Most personal data, other than data that we are required to retain for legal reasons, will be destroyed after a period of 1 year following the cessation of your regular or one off booking. Any data that we are legally required to retain will be destroyed within 6 months of that legal obligation ceasing to apply.
You may withdraw your consent to the use of your data for marketing purposes at any time. Any data used for that purpose will be destroyed within 7 days of notification of withdrawal of such consent.
9. Processing in line with your rights
You have the right to:
(a) Request access to any personal data we hold about you.
(b) Prevent the processing of your data for direct-marketing purposes.
(c) Ask to have inaccurate data held about you amended.
(d) Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
(e) Object to any decision that significantly affects you being taken solely by a computer or other automated process.
10. Data security
10.1 We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
10.2 We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
10.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
11. Providing information to third parties
Please note that our services for you may require us to pass on such information to third parties. We may also give such information to others who perform services for us. Our organisation may be audited or checked by our accountants or our professional body, or by other organisations. We do not normally copy such information to anyone outside the European Economic Area. All such third parties are required to maintain confidentiality in relation to your personal data.
12. Subject access requests
If you wish to know what personal data we hold about you, you must make the request in writing to the clerk of Woolmer Green Parish Council.
13. Breaches of data protection principles
If you consider that the data protection principles have not been followed in respect of personal data about yourself or others you should raise the matter with the Parish Clerk:
By post: Village Hall, Hall Lane, Woolmer Green, Herts SG3 6XA
By telephone: 03707 776132
By email: firstname.lastname@example.org
Adopted 8th May 2018