Summary

A new EU General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. This new regulation changes the way that businesses and charities process personal data.

This Publicity policy explains what personal data the BAY Centre may collect when publishing a publicity article , how we store that data, how we use that data and how to view that data.

>>Back to Top
    

Personal Data that we may collect for a Publicity Article


The BAY Centre may collect an individual’s photo and/or name when preparing a publicity article either through personal contact, phone calls, emails or some other method.

>>Back to Top
    

What is the Data used for?


The BAY Centre may, with Consent, use personal data to prepare a publicity article for publishing on our websites. www.bayc.uk and our Facebook website.

With Consent, a published article containing personal data may also be sent to other news outlets for publishing.

Only four people have access to the personal data. They are the Chairman, the Secretary, the Treasurer and the Booking clerk.

>>Back to Top
    

Where is the Data stored?


The BAY Centre uses a business form of Google drive (known as G Suite) to store personal data. Google encrypt all data on their online storage.

Access to the personal data is via G Suite Userids and passwords. (Click here to see info on Google's cloud security). Only 4 people have access to the data, the Chairman, the Treasurer, the Secretary and the booking clerk.

Backups are held on a separate server and are encrypted and password protected.

This website uses HTTPS which is a secure, encrypted internet transmission protocol. If the online forms are used, personal data will be encrypted and securely transmitted to our website caching host (Cloudflare), then onto our website host (TSOHost), then automatically transferred to our Google online storage.

>>Back to Top
    

How long is the Data kept?


The BAY Centre will retain personal data obtained for publicity purposes for the following periods -

Personal contact data will be deleted 15 months after the publicity article has been published.

An individual may request at any time that their personal data be removed from a publicity article and this will be actioned as soon as possible.

If consent has been withdrawn by an individual in a group photo it should be possible to make that individual unrecognisable without removing the photo. If this cannot be achieved then the photo will be removed.

>>Back to Top
    

How to view, change, object to or delete the Data used for publicity


If a person wishes to view, change, object to or delete their personal data, they can visit our Privacy Centre web page (link is on the www.bayc.uk homepage) or use the following -

1) Use the online forms on our website, www.bayc.uk,
see the ‘View your personal data',
See the ‘Change your personal data’,
See the ‘Delete your personal data
See the ‘Object to processing’
options in the GDPR menu on www.bayc.uk.

2) Download forms (See the ‘GDPR Downloads’ option in the GDPR menu on www.bayc.uk ) that can be filled in then emailed to ‘[email protected]’ or posted to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.

3) Request a form by writing to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’. 

4) Write a letter to ‘ Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’ detailing whether you wish to view, change or delete your data.

Note: Personal Data deletion is available if the Lawful Basis for processing is
Consent: which is applicable to
Donors & Grantors: whose personal data has been used in a publicity article.
Volunteers: whose personal data is used to communicate with them and to record their names in Charity documents.
Hirer's; who have consented to show their personal data on our website and
Individuals whose personal data has been used in a publicity article.
Employees who wish to be paid their wages by bank payments.
Volunteers who have their names recorded in committee minutes.

Note: Any use of personal data before the consent has been withdrawn remains valid.

Note: Objecting to the use of personal data is available and, optionally, deleting personal data if the lawful basis for processing is
Legitimate Interests: which is currently used for
Donors; to communicate with them.
CCTV; collecting images for the prevention and detection of crime.

>>Back to Top
    

Data Breaches


The BAY Centre will report any data breaches of personal data to the relevant authorities within 72 hours of becoming aware of a data breach.

The BAY Centre will also inform the individuals whose Persona Data has been breached. We will also inform all other individuals that a Data Protection breach has occured.

The data breach will be reported to the ICO (Information Commissioner’s Office) which is the UK's independent body set up to uphold personal information rights.

>>Back to Top
    

3rd Party Processors


The BAY Centre may use the following third parties to process personal data -

> List to come ……………….

>>Back to Top
    

Lawful Basis for processing Donor Personal Data


Under the new Regulation, the BAY Centre needs a lawful basis (reason) to store and process a donor’s personal data. The BAY Centre uses the following lawful bases -

> Consent. This basis is used for the processing of all personal data for publicity purposes. Separate consent will be obtained for the use of Photos, Names and passing a publicity article containing personal data to 3rd parties.

For individuals or very small groups, consent will be sought on a personal basis with each individual granting consent by use of a Google form (where possible), word of mouth or any others means that the individual wishes to use.

For other groups of people where individual consent would be extremely difficult if not impossible to collect then the consent will be gained verbally and recorded by the use of a Google form (where possible) or any other means that can be used. In this case the people whose photos or names are to be collected will be informed before a photo is taken and given the option to participate or not.

Consent can be withdrawn by individuals at any time by using the BAY Centre’s ‘Delete Personal Data’ form on our website. A Link to the form can be found on the Home page of our website, www.bayc.uk

>>Back to Top
    

ICO


The ICO (Information Commissioner’s Office) is the UK's independent body set up to uphold personal information rights.

A person can report a concern to the ICO if they think there is a problem with the way the BAY Centre is handling their data.

The ICO webpage for reporting a concern can be found at  https://ico.org.uk/concerns/

>>Back to Top
    

Data Controller and Processor


For the purpose of the new EU Data Protection Regulation, the BAY Centre is both a data controller and a data processor of the personal data.

The BAY Centre is a registered UK charity (registered charity number 304500)

whose registered office is -

1 Cassis Close,
Burnham-on-Sea,
Somerset
TA8 1NN

>>Back to Top
    

Change Log

April 2018
Document initially published. The policy is one of a series of policy documents that replace all previous policy documents that existed in a variety of different formats, some electronic, some paper and some verbal.

>>Back to Top

BAY Centre,
Cassis Close,
BOS TA8 1NN

Registered charity number 304500

©  Burnham Area Youth Centre 2017


Bookings:
[email protected]
07835 143187

This website uses cookies.
Please see our Cookie Policy for details