(Where the words 'BAY Centre', 'us' or 'we' are used it will mean the registered charity known as the 'Burnham Area Youth Centre', registration number 304500.) Summary
We collect your personal data through an online booking form. Any bookings made by phone, emails or verbally will be entered into the online booking form.
Our website uses HTTPS (an online security protocol) that encrypts (scrambles) all data entered into the online booking form to keep it safe from hackers. (see note 1)
The collection of personal data for Employees, Vendors, Donors, Grantors and Volunteers is currently done through the use of paper forms (these will be migrated to online versions as soon as we can).
Note 1: The online booking form data is scrambled as soon as the ‘Submit’ button on the form is clicked.This scrambled data will travel through the 3rd party computers of Cloudflare (our website caching host) and TSOhost (our website host), before being passed to Google who store the data in their G Suite online storage. (‘website host’ means the computer that stores all the code that makes up our website. ‘Website caching host’ means the computer that stores copies of our website to help speed up the website on your computer).
All digital personal data is held online in Google’s G Suite where it is encrypted and password protected. Click here to see further details about Google G Suite and the EU Data Protection Regulation.
Digital personal data is also held in backups on a seperate computer which is encrypted and password protected.
Any physical documents containing personal data are held in an alarmed, locked steel cabinet in a building which itself is alarmed and locked.
The online personal data is only accessible by 4 BAY Centre volunteers, the Chairman, the Secretary, the Treasurer and the bookings clerk. Access is secured by the use of passwords.
Each of the 4 has a dedicated laptop for access. The laptop hard drives are encrypted by Microsoft’s ‘bitlocker’ software and the Windows logins are controlled by Microsoft’s Azure Directory service. This service allows the laptops to be blocked if they were to be lost or stolen. Access to G suite is controlled by Google’s mobile management service which controls the passwords and can also block access to G Suite should the laptops be lost or stolen.
Access to paper documents containing personal data is restricted to the chairman and the bookings clerk. Access to the backups is currently restricted to one person, the bookings clerk (Backups will be switched to online storage as soon as we can).
April 2018 Document initially published. The policy is one of a series of policy documents that replace all previous policy documents that existed in a variety of different formats, some electronic, some paper and some verbal.
