Privacy Notice

How your personal information is used by the Phoenix Hall Charity

Your information will be held by Phoenix Hall Charity (“Phoenix Hall”, “we/us”) as the Data Controller, and its Booking System Provider (“HallMaster”) as the Data Processor. Phoenix Hall is the not-for-profit charity which manages the village hall of the same name for the use of the inhabitants of the Parishes of Fittleton and Netheravon, in the County of Wiltshire. The village hall is intended for every section of the community, without distinction of political, religious or other opinions, including use for meetings, lectures and classes, and for other forms of recreation and leisure time occupation, with the object of improving the conditions of life for the said inhabitants. The hall shall also be made available to interested parties not resident in the villages of Netheravon, Fittleton and Haxton, according to the scale of charges laid down for such use, and also at the discretion of the management committee.

This privacy notice covers

Why we use your personal information
The legal basis for processing
What personal information we use
How we use your personal information
Your rights under data protection legislation
How long we may keep your information
Changes to our privacy notice
Contact details for our Data Protection Officer

Why we use your personal information

We process your personal data for the following purposes:

to provide you with the service you requested (e.g. customers booking the village hall)
for the prevention and detection of crime, fraud and anti-money laundering
for the ongoing administration of the village hall
to allow us to improve the services we offer to our customers
to enable us to comply with our legal and regulatory obligations (e.g. Annual Return for Charity Commission - Trustees’ details)
to offer new services or opportunities to you which are relevant and appropriate, and only to the extent that would be reasonably expected.

If we plan to introduce further processes for the use of your information, we will provide information about that purpose prior to such processing.

The legal basis for processing

Your privacy is protected by law. This section explains how that works.

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. The law says we must have one or more of these reasons:

To fulfil a contract, we have with you or
When it is our legal duty or
When it is in our legitimate interest or
When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on your legitimate interest, we will tell you what that is.

What personal information we use

Here is a list of the ways that we may use your personal information, and which of these reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

What information is held	Where information is from	Who holds the information / Who we share it with	Lawful basis for holding / processing
Name, Surname Telephone number Email address Postal address (optional) Type of event planned Timing of event planned	Customers	The Booking Clerk The Treasurer Our Data Processor HallMaster, protected by authentication procedure. Accessed by Administrators of our HallMaster account Note that event information will be visible to all other users, unless set to Private.	To fulfil a contract, we have with you. It is in our legitimate interests: Complying with regulations that apply to us, Being efficient about how we fulfil our legal and contractual duties.
Name, Surname Telephone Number Email Address Postal address Date of Birth Date of appointment to committee Date ceased being member of committee	Committee Members	The Management Committee - normally delegated to either Secretary or Treasurer Shared with HMRC, Charity Commission Shared with our Data Processor HallMaster - contact details Booking Clerk only.	To fulfil our legal obligations It is in our legitimate interests: Complying with regulations that apply to us, Being efficient about how we fulfil our legal and contractual duties.

Note that we do not hold authentication data, username and password. That information is held securely by our Data Processor HallMaster and covered in their Privacy Policy with each registered user.

How we process your personal information

We use your personal information, and some of our committee members have access to such information, only in accordance with our lawful basis as stated above.

We have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.

The majority of personal information from users is held securely on the HallMaster booking system, protected by authentication procedures of username and password. The data can be accessed by committee members who are appointed as Administrators of the HallMaster booking system. It is not stored electronically outside this system.

The personal information from committee members may be held electronically on servers of email providers where this information has been emailed to the Management Committee. If so, it is protected by authentication procedures of username and password. It may also be held in non-electronic format. It is submitted to HMRC when necessary, e.g. as new members of the committee are appointed, old members resign. The information provided to HMRC is available to the public, in accordance with charity regulations.

Phoenix Hall only processes your personal information in the UK.

Phoenix Hall does not use your personal information to make automated decisions.

Your rights under Data Protection Law

You can exercise your rights by sending an e-mail to phoenixhall@live.com. Please state clearly in the subject that your request concerns a Privacy Policy matter, and provide a clear description of your requirements. You must also inform the Booking Clerk or Chair by telephone so that they can begin the necessary action.

Note: We may need to request additional information to verify your identity before we action your request.

Right to Access

You have the right of access to your personal information that we process and details about that processing. You can access that information directly within HallMaster. However, should this not be possible, you can raise a Data Subject Access Request (DSAR) to receive this information in another format.

Right to Rectification

You have the right to request that information is corrected if it is inaccurate. You can usually update your own information using HallMaster. However, should this not be possible, you can contact us to make the changes on your behalf

Right to Erasure (Right to be Forgotten)

You have the right to request that your information is removed; depending on the circumstances, we may or may not be obliged to action this request.

Right to Object

You have the right to object to the processing of your information; depending on the circumstances, we may or may not be obliged to action this request.

Right to Restriction of Processing

You have the right to request that we restrict the extent of our processing activities; depending on the circumstances, we may or may not be obliged to action this request.

Right to Data Portability

You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format suitable for transferring to another controller.

Right to lodge a complaint with a supervisory authority

If you think we have infringed your privacy rights, you can lodge a complaint with us or the Information Commissioner’s Office (ICO). Find out on their website how to report a concern

How long we may keep your personal information

We will only retain information for as long as is necessary to fulfil our contractual and regulatory obligations. We may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.

Changes to our Privacy Notice

This policy will be reviewed regularly and updated versions will be made available to you.

Contact details for our Data Protection Officer

Not necessary for our size of organization. Any queries should be directed towards The Chairman.