Bay Centre Privacy Policy

Summary

A new EU General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. This new regulation changes the way that businesses and charities process personal data.

It will mean that Privacy notices will be more transparent, consumer rights will be increased and data breaches will have to be reported within 72 hours.

Consumers will have more control over how their personal data is stored and used with the ability to view their personal data held by an organisation, change that data and in certain cases, have that data deleted.

This privacy policy explains what personal data the BAY Centre collects, how we store that data, how we use that data and how to view, change and delete that data.

Personal data we collect

Personal data is any information that can be used to identify an individual, for example, a name, an email adress, a phone number, a postal address, a photo and many other items of information.

The BAY Centre collects personal data from Hirers, Vendors, Volunteers and Employees. This data is collected by the BAY Centre through booking forms, volunteer forms, employee forms, phones, texts or by some other means.

The personal data that the BAY Centre collects is a person's name and contact data. The contact data would be one or more of the following -

> An email address,
> A phone number
> A postal address.

It may also store an Employee's bank details.  

What is the data used for?

The BAY Centre uses the personal data for communication purposes in the administration of Hirer's booking contracts, Vendor contracts, Employee contracts and to communicate with Volunteers.

Only four people have access to the personal data. They are the Chairman, the Secretary, the Treasurer and the Booking clerk. All 4 may commnicate with -

> Hirers about all aspects of the their bookings,

> Vendors about all aspects of their services,

> Employees about all aspects of their employment.

> Hirers, Vendors, Volunteeers, and Employees about all aspects of the running and administration of the BAY Centre.

The Bay Centre will use an Employee's bank details to pay their wages.

where is the data stored?

The BAY Centre uses a business form of Google drive (known as G Suite) to store personal data. Google encrypt all data on their online storage.

Access to the personal data is via G Suite Userids and passwords. (Click here to see info on Google's cloud security)

Backups are held on a separate server and are encrypted and password protected.

This website uses HTTPS which is a secure, encryped internet transmission protocol. If the online forms are used, personal data will be encrypted and securely transmitted to our website caching host (Cloudflare), then onto our website host (TSOHost), then automatically transferred to our Google online storage.

How long is data kept?

The BAY Centre will retain personal data for the following periods -

> Hirers. Personal data will be deleted 7 years after the last date that a Hirer used the BAY Centre unless the data has to be kept longer for regulatory reasons.

> Vendors. Personal data will be deleted 7 years after the last date that a Vendor supplied services to the BAY Centre unless the data has to be kept longer for regulatory reasons.

> Employees. Personal data will be deleted 7 years after the employee has stopped working for the BAY Centre unless the data has to be kept longer for regulatory reasons.

>
Volunteers. Personal data will be deleted 7 years after the volunteer has stopped working for the BAY Centre unless the data has to be kept longer for regulatory reasons.

Lawful basis for processing data

Under the new Regulation, the BAY Centre needs a lawful basis (reason) to store and process personal data. The BAY Centre uses the following lawful bases -

> Contract. This basis is used for Hirers who enter into a contract with the BAY Centre to hire a room and Vendors who enter into a contract with the BAY Centre to provide their services.

> Legal Obligation. This basis is used for Hirers, Vendors, Volunteers and Employees where the BAY Centre has to comply with any legal obligations.

> Consent. This basis is used for Volunteers and Employees.


How to view, change or delete data.

If a person wishes to view, change or delete their personal data, they can use the following -

1) Use the online forms on our website, www.bayc.uk, (see the ‘View your personal data', ‘Change your personal data’, ‘Delete your personal datate’ options in the GDPR menu on www.bayc.uk).

2) Download forms (See the ‘GDPR Downloads’ option in the GDPR menu on www.bayc.uk ) that can be filled in then emailed to ‘[email protected]’ or posted to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.

3) Request a form by writing to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’. 

4) Write a letter to ‘ Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’ detailing whether you wish to view, change or delete your data.

The BAY Centre will respond as soon as possible.

How to ask a Data Protection question

If a person has a privacy concern, complaint, or a question for the BAY Centre, they can use the following -

1) Use the online form on the website, www.bayc.uk, (See the ‘Ask A Data Protection Question’ option in the GDPR menu on www.bayc.uk).

2) Download the form (See the ‘GDPR Downloads’ option in the GDPR menu on www.bayc.uk.) that can be filled in then emailed to ‘[email protected]’ or posted to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.

3) Request the form by writing to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.

4) Write a letter to ‘ Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’ detailing your question.

The BAY Centre will respond to questions, concerns or complaints as soon as possible.

data controller and processor

For the purpose of the new EU Data Protection Regulation, the BAY Centre is both a data controller and a data processor of the personal data.

The BAY Centre is a registered UK charity (registered charity number 304500)

whose registered office is -

1 Casis Close,
Burnham-on-Sea,
Somerset
TA8 1NN

3rd party data processors

The BAY Centre uses the folowing third parties to process personal data -

> TSOhost (operating as Paragon Internet Group Ltd t/a Tsohost), who host our charity website for free.
(Click here to view their privacy policy)

> Cloudflare, who provide our website caching (it speeds up the website loading).
(Click here to view their privacy policy)

> Google, who store our personal data in their business online storage known as 'G Suite'.
(Click here to view their privacy policy)

> Lloyds Bank, who store and process our Employee bank details.
(Click here to view their privacy policy)

Data Breaches

The BAY Centre will report any breach of personal data to the relevant authorities no later than 72 hours after having become aware of it.

The data will be reported to the ICO
(Information Commissioner’s Office) which is the UK's independent body set up to uphold personal information rights.

ICO

The ICO (Information Commissioner’s Office) is the UK's independent body set up to uphold personal information rights.

A person can report a concern to the ICO if they think there is a problem with the way the BAY Centre is handling their data.

The ICO webpage for reporting a concern can be found at   https://ico.org.uk/concerns/

Data Protection links

Click here to go to the EU General Data Protection 2016 (GDPR) (It is very long)

Click here to go to the GDPR portal.

Change log

December 2017
Document initially published. The policy is one of a series of policy documents that replace all previous policy documents that existed in a variety of different formats, some electronic, some paper and some verbal.

January 2018
‘Lawful basis’ added.

February 2018
Simplified the policy.

March 2018
Added Lloyds Bank to 3rd party proessors


BAY Centre,
Cassis Close,
BOS TA8 1NN

Registered charity number 304500

©  Burnham Area Youth Centre 2017


Bookings:
[email protected]
07835 143187