A new EU General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. This new regulation changes the way that businesses and charities process personal data.
This Donor policy explains what personal data the BAY Centre collects when receiving donations , how we store that data, how we use that data and how to view that data.
A donation could be in the form of money, time or materials either from an individual, a group, a company or a grant.
The BAY Centre wishes to acknowledge with great thanks, past, present and future donors whose donations allow us to continue to serve the community.
The BAY Centre collects personal contact data (name, email address, phone number or postal address) when receiving a donation either through personal contact, phone calls, emails or some other method.
The BAY Centre uses a Donor’s personal data to contact the Donor to send them communications such as a ‘thank you’ letter and ongoing reports as to the use made of their donation.
In the case of a grant, reports may be sent on the progress of any work being carried out with the grant money.
The BAY Centre will also store the Donor’s personal data to meet Regulatory requirements such as retaining donation records to comply with Tax Office and the Charities Act.
With Consent, a Donor’s personal data like a photo or name may be used to publicise the donation on the BAY Centre’s website and Facebook page.
With Consent, a Donor’s personal data like a photo or name may be used in publicity material sent to other news outlets.
Only four people have access to the personal data. They are the Chairman, the Secretary, the Treasurer and the Booking clerk.
The BAY Centre uses a business form of Google drive (known as G Suite) to store personal data. Google encrypt all data on their online storage.
Access to the personal data is via G Suite Userids and passwords. (Click here to see info on Google's cloud security). Only 4 people have access to the data, the Chairman, the Treasurer, the Secretary and the booking clerk.
Backups are held on a separate server and are encrypted and password protected.
This website uses HTTPS which is a secure, encrypted internet transmission protocol. If the online forms are used, personal data will be encrypted and securely transmitted to our website caching host (Cloudflare), then onto our website host (TSOHost), then automatically transferred to our Google online storage.
The BAY Centre will retain a Donors personal data for the following periods -
Personal contact data will be deleted 7 years after the last date that a Donor donated to the BAY Centre unless the data has to be kept longer for regulatory reasons.
Personal data used in publicising the donation on the BAY Centre websites will be deleted after 2 years.
How to view, change or delete the Data used for publicity
If a person wishes to view, change or delete their personal data used for publicity purposes, they can visit our Privacy Centre web page (link is on the www.bayc.uk homepage) or use the following -
2) Download forms (See the ‘GDPR Downloads’ option in the GDPR menu on www.bayc.uk ) that can be filled in then emailed to ‘[email protected]’ or posted to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.
3) Request a form by writing to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.
4) Write a letter to ‘ Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’ detailing whether you wish to view, change or delete your data.
Note: Personal Data deletion is available if the Lawful Basis for processing is Consent: which is applicable to Donors & Grantors: whose personal data has been used in a publicity article. Volunteers: whose personal data is used to communicate with them and to record their names in Charity documents. Hirer's; who have consented to show their personal data on our website and Individuals whose personal data has been used in a publicity article. Employees who wish to be paid their wages by bank payments. Volunteers who have their names recorded in committee minutes. Note: Any use of personal data before the consent has been withdrawn remains valid.
Note: Objecting to the use of personal data is available and, optionally, deleting personal data if the lawful basis for processing is Legitimate Interests: which is currently used for Donors; to communicate with them. CCTV; collecting images for the prevention and detection of crime.
The BAY Centre will report any data breaches of a donor’s personal data to the relevant authorities within 72 hours of becoming aware of a data breach.
The BAY Centre will also inform the donors whose Persona Data has been breached. We will also inform all other individuals that a Data Protection breach has occured.
The data breach will be reported to the ICO (Information Commissioner’s Office) which is the UK's independent body set up to uphold personal information rights.
Under the new Regulation, the BAY Centre needs a lawful basis (reason) to store and process a donor’s personal data. The BAY Centre uses the following lawful bases -
> Legitimate Interests. This basis is used for the processing of a Donor’s personal data for contact purposes. It is considered that communicating with the Donor is of a legitimate interest to both the BAY Centre and the Donor.
> Legal Obligation. This basis is used for Donors personal data where the BAY Centre has to comply with any legal obligations such as retaining donation records to comply with the Tax Office and the Charities Act.
> Consent. This basis is used for the processing of a Donor’s personal data for publicity purposes. Consent can be withdrawn by a Donor at any time.
April 2018 Document initially published. The policy is one of a series of policy documents that replace all previous policy documents that existed in a variety of different formats, some electronic, some paper and some verbal.
