How your personal information is used by the Phoenix Hall Charity
Your information will be held by Phoenix Hall Charity (“Phoenix Hall”, “we/us”) as the Data Controller, and its Booking System Provider (“HallMaster”) as the Data Processor. Phoenix Hall is the not-for-profit charity which manages the village hall of the same name for the use of the inhabitants of the Parishes of Fittleton and Netheravon, in the County of Wiltshire. The village hall is intended for every section of the community, without distinction of political, religious or other opinions, including use for meetings, lectures and classes, and for other forms of recreation and leisure time occupation, with the object of improving the conditions of life for the said inhabitants. The hall shall also be made available to interested parties not resident in the villages of Netheravon, Fittleton and Haxton, according to the scale of charges laid down for such use, and also at the discretion of the management committee.
This privacy notice covers
- Why we use your personal information
- The legal basis for processing
- What personal information we use
- How we use your personal information
- Your rights under data protection legislation
- How long we may keep your information
- Changes to our privacy notice
- Contact details for our Data Protection Officer
Why we use your personal information
We process your personal data for the following purposes:
- to provide you with the service you requested (e.g. customers booking the village hall)
- for the prevention and detection of crime, fraud and anti-money laundering
- for the ongoing administration of the village hall
- to allow us to improve the services we offer to our customers
- to enable us to comply with our legal and regulatory obligations (e.g. Annual Return for Charity Commission - Trustees’ details)
- to offer new services or opportunities to you which are relevant and appropriate, and only to the extent that would be reasonably expected.
If we plan to introduce further processes for the use of your information, we will provide information about that purpose prior to such processing.
The legal basis for processing
Your privacy is protected by law. This section explains how that works.
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. The law says we must have one or more of these reasons:
- To fulfil a contract, we have with you or
- When it is our legal duty or
- When it is in our legitimate interest or
- When you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on your legitimate interest, we will tell you what that is.
What personal information we use
Here is a list of the ways that we may use your personal information, and which of these reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
|Name, SurnameTelephone numberEmail addressPostal address (optional)Type of event plannedTiming of event planned||Customers||The Booking ClerkThe TreasurerOur Data Processor HallMaster, protected by authentication procedure. Accessed by Administrators of our HallMaster accountNote that event information will be visible to all other users, unless set to Private.||To fulfil a contract, we have with you.It is in our legitimate interests:Complying with regulations that apply to us,Being efficient about how we fulfil our legal and contractual duties.|
|Name, SurnameTelephone NumberEmail AddressPostal addressDate of BirthDate of appointment to committeeDate ceased being member of committee||Committee Members||The Management Committee - normally delegated to either Secretary or TreasurerShared with HMRC, Charity CommissionShared with our Data Processor HallMaster - contact details Booking Clerk only.||To fulfil our legal obligationsIt is in our legitimate interests:Complying with regulations that apply to us,Being efficient about how we fulfil our legal and contractual duties.|
How we process your personal information
We use your personal information, and some of our committee members have access to such information, only in accordance with our lawful basis as stated above.
We have introduced appropriate technical and organisational measures to protect the confidentiality, integrity and availability of your personal information during storage, processing and transit.
The majority of personal information from users is held securely on the HallMaster booking system, protected by authentication procedures of username and password. The data can be accessed by committee members who are appointed as Administrators of the HallMaster booking system. It is not stored electronically outside this system.
The personal information from committee members may be held electronically on servers of email providers where this information has been emailed to the Management Committee. If so, it is protected by authentication procedures of username and password. It may also be held in non-electronic format. It is submitted to HMRC when necessary, e.g. as new members of the committee are appointed, old members resign. The information provided to HMRC is available to the public, in accordance with charity regulations.
Phoenix Hall only processes your personal information in the UK.
Phoenix Hall does not use your personal information to make automated decisions.
Your rights under Data Protection Law
Note: We may need to request additional information to verify your identity before we action your request.
Right to Access
You have the right of access to your personal information that we process and details about that processing. You can access that information directly within HallMaster. However, should this not be possible, you can raise a Data Subject Access Request (DSAR) to receive this information in another format.
Right to Rectification
You have the right to request that information is corrected if it is inaccurate. You can usually update your own information using HallMaster. However, should this not be possible, you can contact us to make the changes on your behalf
Right to Erasure (Right to be Forgotten)
You have the right to request that your information is removed; depending on the circumstances, we may or may not be obliged to action this request.
Right to Object
You have the right to object to the processing of your information; depending on the circumstances, we may or may not be obliged to action this request.
Right to Restriction of Processing
You have the right to request that we restrict the extent of our processing activities; depending on the circumstances, we may or may not be obliged to action this request.
Right to Data Portability
You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format suitable for transferring to another controller.
Right to lodge a complaint with a supervisory authority
If you think we have infringed your privacy rights, you can lodge a complaint with us or the Information Commissioner’s Office (ICO). Find out on their website how to report a concern
How long we may keep your personal information
We will only retain information for as long as is necessary to fulfil our contractual and regulatory obligations. We may need to retain some records to maintain compliance with other applicable legislation – for example finance, taxation, fraud and money laundering law requires certain records to be retained for an extended duration, in some cases for up to seven years.
Changes to our Privacy Notice
This policy will be reviewed regularly and updated versions will be made available to you.
Contact details for our Data Protection Officer
Not necessary for our size of organization. Any queries should be directed towards The Chairman.