Your personal data

We respect the privacy and security of your personal data and we are committed to protecting it. This Privacy Statement provides information about the personal data we process, why and how we process it, and your legal rights in connection with it.

It is important that you read this, together with any other privacy notice, fair processing notice or other documentation (such as our terms and conditions) that we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we use your data.

We reserve the right to amend the terms of this Privacy Statement from time to time so that it is up to date with any new laws or changes in the ways we handle data.

What are our responsibilities?

As a data controller we are responsible for the processing of personal data that you provide. We are required to comply with data protection laws, including the General Data Protection Regulation 2018 and subsequently any national implementing laws or successor legislation (collectively referred to as the “Data Protection Legislation”).

We are committed to following the recommended data processing principles to ensure that data is:

  • Processed in a lawful, fair and transparent way
  • Collected and processed for limited purposes with a view to minimising that data and its storage
  • Accurate and processed in a manner that ensures integrity and confidentiality
  • Collected and processed in a manner that allows for accountability

What is personal data?

Your personal data includes all the information we hold that identifies you or is about you, for example your name, email address, postal address or location data.

At Community Works we do not generally collect ‘special categories’ of sensitive personal data about you relating to your religious or philosophical beliefs, sex life, sexual orientation, political opinions, criminal records, trade union membership, health or genetic and biometric data. The only exceptions to this are if any of the following apply:

  • You register as a user on our online volunteering platform.
  • You apply for a volunteering role within our organisation.
  • Additionally, we may process sensitive personal data related to your race/ethnicity only where you have explicitly consented, for example by submitting that information as part of your CV. For more information on exceptions such as these, see ‘Why do we process your personal data?’ below.

What is processing?

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We are therefore required to comply with the Data Protection Legislation to make sure that your information is properly protected and used appropriately.

Why do we process your personal data?

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. However, please note that we may process your personal data without your knowledge or consent in accordance with these rules.

Most of the personal information we process is provided to us directly by you. We process your personal data for different purposes depending on who you are:

  • If you are making or have made a general enquiry with us then we may need to process data in relation to your name, contact information and the contents of your enquiry in order to be able to respond to you.
  • In order to add you to our contacts database we may process data related to your name, and contact information. This information may include some special category data, specifically: Disability.
  • Once added to our database we may use your data in order to update your contact preferences, and to add you to or remove you from mailing lists. In addition, we may process data relating to meetings we have held with you or events you have attended.
  • If you wish to attend, or have attended, a voluntary sector event organised by us, we may need to process data in relation to your name, contact information and the details of your booking in order to fulfil your request. This may include, but is not limited to, our members’ conferences, training courses, briefings, or network meetings.
  • If you subscribe to one of our e-newsletters or email lists we may need to process data in relation to your name and contact information.
  • If you currently provide or are contacting us because you are interested in providing goods or services to us then we may need to process data in relation to your identity, contact information or bank account information in order to enter into or perform a contract with you.
  • If you have taken part in a consultation or survey managed or commissioned by us we may need to process data in relation to your name and contact information.
  • If you have registered your interest in a volunteering opportunity using our online brokerage platform, or made a volunteering enquiry to our volunteer centre, we may process data related to your name, and contact information as well as other information to enable your enquiry to be answered. This data is collected in order that we can fulfil our contractual obligations to Brighton and Hove City Council and Adur and Worthing Councils in delivering infrastructure support to those communities.The information collected may include some special category data, specifically:
    • Date of Birth
    • Gender
    • Employment Status
    • Ethnicity
    • Sexual Orientation
    • Religion or Belief
    • Disability
    • Carer status.
  • If you have applied for a volunteer role within our organisation we may process data related to your name, and contact information as well as other information related to your application. This data is collected in order that we can fulfil our contractual obligations to Brighton and Hove City Council and Adur and Worthing Councils in delivering infrastructure support to those communities. The information collected may include some special category data, specifically:
    • Date of Birth
    • Gender
    • Employment Status
    • Ethnicity
    • Sexual Orientation
    • Religion or Belief
    • Disability
    • Carer status.
  • If you have approached us regarding a potential employment opportunity, we may need to process information provided by you in your CV and covering letter, including your name, title, address, telephone number, email address, postal address, date of birth, gender, location information, employment history, qualifications and general professional experience.
  • Our website may use “cookies” to enhance the user’s experience. A user’s web browser places these cookies on their hard drive for record-keeping purposes and sometimes to track information about them. Users can choose to set their web browser to refuse cookies, or to alert them when cookies are being sent. If cookies are disabled, please note that some parts of the website may not function properly.
  • Community Works employees are registered as users on our website in order that they can use our CRM database and post articles to our website; we store the personal information they provide in their user profile. All such users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
  • Personal identification information: We may collect personal identification information from users of our website in a variety of ways, including, but not limited to, when users visit our site, fill out a form, and in connection with other activities, services, features or resources we make available on our website. We will collect personal identification information from users only if they voluntarily submit such information to us.
  • Non-personal identification information: We may collect non-personal identification information about users of our website whenever they interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about users’ means of connection to our website, such as the operating system and the internet service providers utilised and other similar information.
  • Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
  • Third party websites: users may find advertising or other content on our website that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our website. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our website, is subject to that website’s own terms and policies.

On what grounds do we process your personal data?

We may rely on different grounds to lawfully process your personal data depending on the nature of our relationship with you. The lawful processing of your personal data will fall into one of these categories:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

Who will receive your personal data?

We only transfer your personal data to the extent we need to. Recipients of your personal data may include:

  • Service providers
  • Professional advisers or consultants
  • Our partner organisations

We may transfer your personal data outside of the EEA to service providers or professional advisers operating in other jurisdictions. We will only transfer data where a finding of adequacy has been made in respect of that jurisdiction, which means the EU Commission is satisfied that any data transferred will be adequately protected or where a data transfer agreement incorporates EU model clauses meaning that appropriate safeguards will govern the transfer of the data.

We use Google Analytics to obtain website statistics and to see who visits the site, not for any marketing or selling purposes. We may collect non-personal identification information about users whenever they interact with our website. Non-personal identification information may include the browser name, the type of computer and technical information about users means of connection to our website, such as the operating system, the internet service providers utilised, and other similar information.

How do we ensure that your data is secure?

We have put in place appropriate physical, technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. In the unlikely event of a suspected or actual breach of personal data, we have procedures in place to address the breach as well as to notify you and any applicable regulator where we are required to do so.

How long will we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or regulatory reporting requirements. In determining the appropriate retention period for personal data we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.  In line with our retention policy.

What are your rights?

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ These rights apply for the period in which we process your data.

1. Access to your data

You have the right to request confirmation that we process your personal data, as well as access to your personal data. You can also ask us to provide some additional information in relation to our processing of your personal data, although most of that information corresponds to the contents of this privacy statement.

We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge you if you request more than one copy of the same information.

We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we will let you know.

2. Rectification of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate in which case we will let you know why. We will also let you know if we need more time to comply with your request.

3. Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

  • where we no longer need your personal data for the purpose for which we collected it;
  • where we have collected your personal data on the grounds of consent and you withdraw that consent;
  • where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;
  • where we have unlawfully processed your personal data (i.e. we have failed to comply with the Data Protection Legislation); and
  • where the personal data has to be deleted to comply with a legal obligation.

There are certain scenarios in which we are entitled to refuse to comply with a request; if any of those apply, we will let you know.

4. Right to restrict processing

In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:

  • if you believe the personal data we hold isn’t accurate then we will cease processing it until we can verify its accuracy;
  • if you have objected to us processing the data (see below) then we will cease processing it until we have determined whether our legitimate interests override your objection;
  • if the processing is unlawful; or
  • if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.

5. Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us:

  • where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
  • where we carry out the processing by automated means.

We will respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we will let you know.

6. Right to object

You are entitled to object to us processing your personal data:

  • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority
  • for direct marketing purposes (including profiling)
  • for the purposes of scientific or historical research and statistics

In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Automated decision making

Automated decision making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).

We don’t carry out any automated decision making using your personal data.

Your right to complain about our processing

If you think we have processed your personal data unlawfully or that we have not complied with the Data Protection Legislation, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website – https://ico.org.uk/concerns/.

Data Protection Officer and Data Controller

The data controller for Community Works is:

Ian Bretman
Trustee, Community Works
Community Base
113 Queens Road
Brighton
BN1 3XG

ceo@bhcommunityworks.org.uk

Our Central Services Manager, Sean Skinner, has day to day responsibility for ensuring we comply with the Data Protection Legislation and for dealing with any requests we receive from individuals exercising their rights under the Data Protection Legislation.

Further information

If you have any questions or would like more information about the ways in which we process your data, please contact Sean Skinner, on 01273 234023 or email sean@bhcommunityworks.org.uk

[Version 1, September 2018]


Cookies Usage Policy

Our website, like lots of websites, uses cookies. Cookies are small data files that we place on your computer, they help our website work better and you to have a more enjoyable browsing experience.

They can improve things by:

  • Remembering settings, so you don’t have to keep re-entering them whenever you visit a new page
  • Remembering information you’ve given (eg your postcode) so you don’t need to keep entering it
  • Measuring how you use the website so we can make sure it meets your needs

The cookies aren’t used to identify you personally. They’re just here to make the site work better for you. However, if you don’t want the cookies on your computer, you can manage and/or delete these small files as you wish. Learn more about cookies and how to manage them.

Cookies on this website

Our site uses Google Analytic cookies:

  • _UTMA. This randomly generated number is used to determine unique visitors to our site. It expires after two years
  • _UTMB. This randomly generated number works with _utmc to calculate the average length of time users spend on our site. It expires after 30 minutes
  • _UTMC. This randomly generated number works with _utmb to calculate when you close your browser. It expires when you close your browser
  • _UTMZ. This is a randomly generated number and information about how the site was reached (eg direct or via a link, organic search or paid search). It expires after six months

These cookies are used to collect information about how visitors use our site. We use information to compile reports and to help us improve the site.

The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they have visited. Read Google’s privacy policy.

Consent

By using this website you consent to the terms of this privacy statement.

Our site contains links to external websites. We are not responsible for the privacy practices of any websites other than our own.