1. About this policy
1.1 This policy explains when and why we collect personal information about our members, volunteers, service users and customers, how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Informati
on Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2. Who are we?
2.1 We are Holly Hagg Ltd (trading as Holly Hagg Community Centre). We can be contacted by email at email@example.com or in writing to 67 Barncliffe Crescent, Sheffield, S10 4DB.
3. What information we collect and why
|What information we collect||Purposes|
|Members’ name, email address and telephone number||Managing the member’s membership of Friends of Holly Hagg|
|Volunteers’ name, email address and telephone number||Managing volunteer work on the farm|
|Junior volunteers’ (under 18) as above plus
(a) date of birth
(b) relevant medical conditions
(c) parent/guardian’s name and telephone number
|Managing volunteer work on the farm
Safeguarding the child’s welfare
|Customers’ name, email address and telephone number||Managing alpaca treks and other activities open to the public|
|Alpaca Therapy service users’ relevant details of disabilities and special needs||Ensuring the welfare of vulnerable participants and tailoring events to their needs|
|Photos of members, volunteers, service users, customers and any other visitors||For use on the company’s website, social media, press releases and promotions|
4. How we protect your personal data
4.1 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction
4.2 Please note however where you are transmitting information to us over the internet, either directly or to a third party (5.2) or we are retrieving your information from a third party, this can never be guaranteed to be 100% secure
4.3 We do not take payments directly from you. We may request you to make a payment via a recognised online secure payment system such as PayPal or Go Fund Me but we never have access to your bank or card details. We will receive only your name, email, address and telephone number and any information you give us relevant to your transaction with us.
4.4 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
5. Who else has access to the information you provide us?
5.1 We never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where required to do so by law or as set out in the table above or as described in 5.2 and 5.3 below.
5.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing the tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
5.3 Trusted service providers used to run our core activities include:
5.3.1 Booking Bug (alpaca trek booking system)
5.3.2 PayPal (merchant services for payments)
5.3.3 Outlook 365 (emails)
5.3.4 WooCommerce (online shop integrated into our website for gift vouchers and products)
5.3.5 Mailchimp (bulk mailing)
5.3.6 Trip Advisor (one time mailing requesting review of your recent trek)
5.3.7 Go Fund Me (membership subscriptions)
6. How long do we keep your information?
6.1 We will hold your personal data on our systems for as long as you have an active relationship with us as a member, customer, volunteer or service user and for as long afterwards as it is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form to be able to comply with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
6.2 We securely destroy all financial information once we have used it and no longer need it.
7. Your Rights
7.1 You have rights under the GDPR:
(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to object to or restrict how your personal data is processed
(f) to have your personal data transferred to yourself or to another business in certain circumstances
7.2 You have the right to take any complaints about how we process your personal data to the Information Commissioner:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel. 0303 123 1113
For more details, please address any questions, comments and requests regarding our data processing practices to our Data Protection Manager who is Claire Gregory, email firstname.lastname@example.org.
A1. Privacy policies of our service providers with whom we may share or receive your data
PayPal – used to collect payments for alpaca treks, gift vouchers and other goods and services
BookingBug – used to manage alpaca trek bookings
TripAdvisor – with your permission we may ask TripAdvisor to send you an invitation to review your visit/trek
Mailchimp – used to send news and communicate with members, volunteers, service users, customers
Go Fund Me – we use this to ask for membership fees and donations
Microsoft Outlook – for the email account email@example.com