24th May 2018

Our Privacy Policy

Here at Williby Roc’s we are committed to ensuring that your privacy is protected.  This privacy notice provides you with the details of how we collect and process your personal data when we gather contact information for our events, workshops and sessions. This also covers the information we collect from our website when you sign up to our newsletter and book for events.

Your privacy matters to us and we encourage you to read this policy carefully and contact us directly if you have any concerns over your privacy and the information we hold about you.

Who we are

We are Williby Roc’s CIC and have just recently changed over from a for profit partnership structure to a Community Interest Company.  Under the new GDPR regulations we are classed as a ‘controller’ of your data.  This means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.  We are also the ‘processor’ of your data which means that we process your personal data on behalf of the ‘controller’ (which is also us).   In short, this means that we determine why and how we use the data and also carry out the process.

In the event that you need to discuss the data that we hold, please contact:

Danielle Pollard

07975501069 – danielle@willibyrocs.co.uk

What information do we collect?

The only information we collect at present, is your name, email address, children’s name, age of your children and telephone number.  We collect this data when you book on to our sessions and also if you sign up to our newsletter via social media or website.  We use your name, your children’s names and ages to personalise our service.

There may be instances where certain funders require additional information but this will change from project to project.  We will always notify you of the data we need to collect, what it will be used for, who it will be shared with and how you can access it or erase it.

We keep this information on file in order to notify you of any changes, keep you up to date with our services and for marketing and promotion of our events, workshops and sessions.

How do we use your personal information?

At present we only use a very basic process for data that we hold.  We hold names, email addresses, children’s name and ages and your telephone number for a number of different business related purposes such as:

  • Delivering marketing and events communication
  • Carry out polls and surveys
  • Internal research and development purposes
  • Meeting requested funding requirements

Please note that this list may change as we develop our business, as will this policy alongside any changes.  If we use your data for anything other than stated in this policy, you will be notified directly of the changes and issued with a new and updated privacy policy.

What legal basis do we have for holding your information?

The relevant processing conditions that are contained within the GDPR have 6 possible legal grounds.  There are:

  • Consent
  • Contract
  • Legitimate Interests
  • Vital Interests
  • Public Task
  • Legal Obligation

We will now go into more detail for the ones that are relevant to the data that we process.

  • Consent – obtaining permission for processing data. Consent must be exclusive, reflective of a data subject’s discretionary action, a positive and freely given response to a well-structured, unambiguous description of the processing activity.  The principle of “opt-in” is obligatory, meaning no processing can take place until consent is assured.  Individuals can withdraw consent at any time by contacting us and we will remove you from our databank.
  • Contract – contracts are the basis for business operations. Data that is transferred both ways when a contract is put in place and also prior to the contact.  We store past booking information in the form of booking confirmations, invoices and contracts made with partners.

When do we share your personal information?

We will treat all personal data in a confidential, respectful and transparent way.  We would only share your data with external funders, however we would let you know prior to the project and gain consent.   We will not share your information with any third parties without your consent.

If anything changes to our privacy policy will notify you, amend the policy and provide you with a copy.

How long do we keep your personal data for?

We will keep your personal data for 3 years from the time of registering with us.  After this period we will contact you and to regain your consent.  If we fail to contact you then we will delete your data from our system.  You are able to withdraw your consent at any time.

Your rights in relation to your personal data.

Under the GDPR, we must respect the rights of data holders to access and control their own personal data. You have certain rights in relation to the data that we hold about you and can exercise these at any time.

  • Access to personal information – you have the right to access any information we hold about you at any time by contacting Danielle Pollard to request to view. We will provide you on the time of collection, details of how we will use your data, how long we will keep it and who we will share it with.
  • Correction and deletion – you have the right to contact us and rectify any inaccurate data we hold. We always strive to hold accurate and up to date information and welcome notice of any changes or corrections.  You can make a request to rectify data verbally or in writing and we will process that within 1 month.  We have procedures in place to inform any recipients if we rectify any data we have shared with them.
  • Withdrawal of consent – you have the right to withdraw your consent at any time. We will remove you from our database and will no longer hold your data.  You have the right to access the information before withdrawing consent.
  • Data portability – the right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
  • Restriction of processing and objection – you have the right to request the restriction or suppression of their personal data. When processing is restricted, we are permitted to store the personal data, but not use it.  You have the right to object to your data being processed, either completely or for certain practices.  You can make a request for restriction or objection either verbally or in writing.  We will respond within 1 month.

How to contact us

If you need to contact us for anything relating to this privacy policy please contact:

Danielle Pollard