Privacy Policy

Southwark Park Association 1869 Privacy Policy

 

1. Introduction

Southwark Park Association 1869 takes your privacy seriously. We are committed to protecting your personal information. New data protection legislation, known as GDPR (General Data Protection Regulations) came into effect on 25^th May 2018. This Policy sets out how we use the information that you provide us with in order to meet our legal obligations and help further the objects of our constitution.  This policy detail the purposes for which we process your personal data, what rights you have in relation to that data and everything else we think it is important for you to know.

In this policy, references to ‘we’, ‘us’ or ‘our’ means Southwark Park Association 1869. As the Regulations come into effect and the Information Commissioners Office (ICO) update their rules and best practice, we will update this policy. Members and supporters will be advised of changes by email, letter or through a notice on our website.

2. Who We Are

Southwark Park Association 1869 (hereafter referred to as the Association) is an unincorporated voluntary group with charitable objects. We are a not-for-profit organisation. Our organisation is strictly non–party political, and is seeking formal recognition by the London Borough of Southwark.

We are a membership organisation. Under our constitution a Committee is set up to manage the affairs of the Association on behalf of members. Our Committee members are elected at the Annual General Meeting.

We are the “controller” of all personal data collected and used for the Association and for any other purposes set out in this policy. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely. Our Committee has ultimate responsibility within the Association for making sure your data is treated in accordance with this policy and the law.

For day-to-day queries our lead data protection contact is the Secretary, who can be contacted at:

Southwark Park Association 1869,
c/o St. Peter and The Guardian Angels Club,
72, Paradise Street,
London, SE16 4QD
United Kingdom

Email: info@spa1869.org.uk

3. Handling Information: Our Principles

We begin by setting out our general principles of data use and privacy:

• We will not unduly prioritise the Association’s interests as a group over your interests as an individual – we will always balance our interests with your rights
• We will only use personal information in a way, and for a purpose, that you would reasonably expect in accordance with this policy
• We will always act with fairness, transparency, equity and in good faith
• We will always recognise the trust you have put in us by sharing any of your personal data – and that even accidental misuse or mishandling of your data could have serious effects on individuals.

4. General Data Protection Regulations

The Law on Data Protection is derived from various pieces of legislation. These include the Data Protection Act and the General Data Protection Regulation (the ‘GDPR’) which became enforceable from May 25^th 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the GDPR’s definition of processing. The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply. The six legal grounds relevant to the Association’s use of your personal information are: Consent; Vital Interests; Public Task; Legitimate Interest; Contract and Legal Obligation.

5. How the law applies to the Association’s use of personal information

We will only process (use) your personal information when we have:

• asked you and have a record of your express and recent consent for us to do so;
• a legitimate interest to do so in order to support our aims as laid down in our constitution, or to provide you with help or support you have requested
• a contract with you that we can only fulfil by using your personal information
• a legal obligation to use or disclose information about you, e.g. we are required by law to disclose information relating to safeguarding incidents
• there is a vital interest in doing so – your life or someone else’s is in danger. This could also apply in the case of safeguarding issues
• on occasion, to undertake a public task.

6. Your Information – what we collect and how we use it

The Association collects information from people in a number of different ways. The most common uses are:

6.1   Membership and Supporters Application Forms – Sharing,   storing and keeping this information

When you apply to become a member or supporter of the Association, we collect some data directly from you which you have given voluntarily on the application form. This data may include the following: your full name; your email address;

your postcode and address; confirmation that you are 18 years of age or older (To be a member or supporter of the Association you must be a minimum of 18 years of age.); your consent to transferring, storing or processing the information on the application form; your signature and date of signing

The data that we collect from you is used to consider your application.

We may use your information for a number of purposes including the following: compliance with legal, regulatory and corporate governance obligations and good practice; to maintain our membership list; to identify those permitted to attend and vote at our meetings; to provide you with information about our work or our activities that you have agreed to receive; to ensure we know how you prefer to be contacted.

Your personal data will never be shared with any third party, unless required to do so by law. The data will be transferred to and stored at the Association’s official address on paper in a locked filing cabinet or on a secure computer. By submitting your personal data, you agree to this transfer, storing or processing. The application form you submit will be kept for as long as you are a member or supporter.

6.2      Attendance at Meetings – Sharing, storing and keeping this information

The Association holds various meetings for members, supporters and, sometimes the public. We ask all those attending our meetings to provide their first name and surname by writing on our attendance sheet in block capitals and also a signature. In order to comply with health and safety and fire regulations it is a requirement of anyone attending our meetings to complete the attendance sheet in this way.

Notes or minutes of all of our meetings are taken. Your attendance at meetings will be registered in order not only to ensure those meetings are quorate as required by our constitution, but also that as full and accurate a record as possible of the proceedings are recorded. Contributions you may make to the discussions may be attributed to you in the notes or minutes, unless you ask for them not to be.

Attendance sheets are initially on display to those attending our meetings and you consent to sharing your information in this way when you complete the attendance sheet. As our meetings are open to members, supporters and sometimes the public, any personal information you consent to give on an attendance sheet may be seen by anyone attending the meeting.

The attendance sheets are hard copies which are kept secure, in locked filing cabinets when they are not in use. They will be kept for 3 years.

Notes or minutes of meetings are taken by the Secretary are hand-written hard copies which are later typed up. They are later shared with members and supporters at subsequent meetings, either by paper copies or online.  The hand-written and typed up notes will be kept secure in a locked filing cabinet for 3 years.

6.3 Attendance at Activities and Events – Sharing, storing and keeping this information

The Association organises events and activities for the public at which we may collect limited information to understand who uses our activities, to prove that people are using our services to funders, and to keep in touch with you about similar events and activities which may happen in the future. As a voluntary group with public benefit aims we have a legitimate interest in making sure people are aware of our activities, where they have shown interest or attended previously. Therefore, we may use your data to keep you up to date with activities that are organised by the Association where we think there is a reasonable expectation that you may be interested in participating in other of our activities. If you attend our activities or events, we may ask you for your name, gender, age range, and postcode so that we can accurately count and report to our funders and regulators on the number of, and what kind of, people use our services.

When we share this information, it will always be provided as an aggregate (X people from Y postcode, Z people between 20 and 50 years of age, and so on). Individual information on who has attended will not be shared. We will never give anyone information on the individuals who attended an activity or event without the individual’s express consent (unless required to do so by law).

The attendance sheets are hard copies which are kept secure in locked filing cabinets when they are not in use. They will be kept for 3 years.

6.4   Volunteers – Sharing, storing and keeping this information

The Association may offer volunteering opportunities for those wishing to give their time to Southwark Park and King’s Stairs Gardens. If you do this we will ask you to complete a volunteer application form, which we then process.

For some volunteering activities we may need to undertake an enhanced DBS (Disclosure and Barring Service) check. We ask you to manage this process yourself online. We do not keep copies of your personal documents which need to be provided for proof of identity. When your DBS certificate returns, we don’t keep a copy, and only record whether there was any issue.

We use your data to check whether you are suitable for a volunteering role; find you the right volunteering opportunity; know what skills we have available to us in our volunteer pool and record your volunteering activity.

We keep your volunteering application form and record of volunteering activity in our locked filing cabinets. Only the Chairperson, Vice-Chairperson and Secretary will have access to these details. We will store your volunteer application form and information for as long as you continue to volunteer with us, plus 3 years, unless you tell us otherwise.

6.5   Still and Moving Images – Sharing, storing and keeping this information

We will take photographs and video at events and activities and wherever you are featured prominently we will ask for your permission before we record your image.

You may withdraw your consent for us to use your image in the future. We will ask about specific types of use for your images. We will pay particular attention to any images which feature children.

In the case of large group shots or edited films, and images which have been shared widely, it may not be practically possible to remove your individual image. For example, we would be unlikely to be able to remove a brief shot of you from a substantial edited video with many participants, in the event that you later choose to withdraw permission.

In such a case, we may have a legitimate interest to continue using that image or film. We would always balance this legitimate public benefit interest with the impact on the needs and rights of any individual concerned. GDPR takes into account the level of investment, and legitimate interests of an organization when considering the approach which must be taken to images.

It is not always practical to seek written permission for use of photographs of large groups at public events – for example an outdoor show with 300 attendees. In such cases, we will make all attendees aware that group photographs are being taken, and offer them the option to be excluded from images, or not to attend.

We will use images for publicizing our work, reporting to funders, and for historical archiving. We may use the images on our website and social media, or for print media. We will ask separately whether you consent for us to use your image for specific purposes.

We will store videos and images in digital format on hard media such as DVDs and Blu-Rays.

We will keep images of individuals for 3 years; for material featuring multiple subjects and edited films, 5 years.

6.6   Fundraising and donor information – Sharing, storing and keeping this information

The Association raises funds from organisations and individuals. If you make an individual donation directly to us, unless you make it anonymously, we will ask for information that enables us to administer your donation. This will normally include information such as your name, contact details, and your payment details. We do not take payment information beyond the immediate use.

We will never share your information with any other parties, unless it is in order to process the donation or payment; in order to comply with a legal requirement or in any other case, with your express consent

We will store this information in our paper financial records in a locked filing cabinet. We will keep this information for 7 years, to comply with HMRC regulations.

6.7   Historical Archives – Sharing, storing and keeping this information

The Association may develop an archive which could have a significance, in particular to the history of Southwark Park and King’s Stairs Gardens. There are many potential purposes that historical information can be put to such as creating historical materials and museum exhibits, or to post on the website. We will share any archive historical materials with caution, especially where it may have any foreseeable impact on people who are still living, while keeping it safely for future or present study.

Most of the original archive material is likely to be stored in paper copy in a secure filing cabinet, though some material will be digitized and kept secure on hard media such as DVDs and Blue Rays.

Our materials may be deposited with Southwark Local History Library or another appropriate archive. As such it may be subject to certain exemptions under GDPR for libraries and historical archives containing personal information.

7. Online and digital privacy

We know that online and digital privacy is something that people take increasingly seriously, and we welcome people taking more care with how their data is shared online. The Association is committed to keeping your personal data safe and secure, and handling it in accordance with the law.

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will take reasonable technical and organisational precautions to store, process and transport all personal information you provide in a secure manner.

The Association is not responsible for the privacy policies or practices of any third party or resources owned or controlled by a third party, including resources take from us without our permission.

7.1      Website and Other Social Media

The Association operates the following social media:

• http://www.spa1869.org.uk (the “Website”);
• Facebook group and page (https://www.facebook.com/spa1869/)
• Instagram account (https://www.instagram.com/southwarkparkassociation1869/)
• Twitter account (https://twitter.com/spa1869)

Our Facebook page and Instagram account is hosted by Facebook. You can find information on their GDPR policy here. https://www.facebook.com/about/privacy

Our Twitter page is hosted by Twitter. You can find information on their GDPR policy here. https://www.twitter.com/GDPR_Privacy

7.2      Collection of your Personal Information from our website and other social media resources

Each time you visit our Website or our other online resources, we may automatically collect certain technical information such as Internet Protocol (IP) addresses used to connect your computer to the internet, your login information, browser type and version, browser plug-in types and versions, operating system and platform and information relating to what pages you have viewed.

We collect information about how you use the Association’s resources using cookies and similar technology. This includes your viewing history, IP addresses, device identifiers and information about how long you have stayed on certain pages or what pages you have clicked on.

We also collect information from social networking sites such as Facebook and Twitter, for example likes, shares, tweets and posts about the Association. This information is used for internal analysis purposes.

Our website and other social media resources may contain links to other third party websites which are provided for your convenience. We are only responsible for our privacy practices and security of our website. We recommend that you check the privacy and security policies and procedures of each and every other website that you visit or organisation you engage with.

7.3   Cookies

Cookies are little bits of information stored in your browser (Chrome, Firefox, etc.) to make browsing between pages in a site work better, or to make sure a site remembers you when you come back. Most websites use them – without cookies, pages tend to be quite limited in what they can do. Because cookies are such an integral part of the internet, we assume you consent to cookies by using our website. However, you can always choose to remove or refuse them.

We use two specific types of cookies on our website:

• Session cookies, which are temporary cookies that remain the cookie file of your computer until you close your browser (at which point they are deleted); and
• Persistent or stored cookies that remain permanently on the cookie file of your computer.

We will use the session cookies to keep the continuity of your session while you navigate the website (e.g. so that if you click an action on one page, the next page knows what action has been taken). We will use the persistent cookies to enable our website to recognise you when you return to the site.

Third Party Cookies are set on your machine by external websites whose services may be used on our website and denoted by sharing buttons which allow visitors to share content onto social networks such as Twitter and Facebook. We include these links because most other sites do, and it makes it easier for you to share our content with your friends online, if you wish to. You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

7.4   Keeping in touch via email

We send out emails such as meeting agendas and notes, newsletters or other announcements. We use an industry standard email tool, MailChimp, to send bulk emails. Mailchimp’s servers are in the US, so you need to be aware that in principle, when you sign up to a newsletter, your information is being stored in the US. Again, this is in common with many other websites across the world.

Mailchimp have rigorous privacy and data protection policies, have readied themselves for GDPR, and are signed up to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. You can see their data protection policy here: Mailchimp Privacy Policy

7.5   Online Donations and Payments

We do not operate any online donations or fundraising; any online financial transactions or online bookings system for events and activities.

We will never, ever, contact you by email or telephone asking you for payments, passwords or credit card details. If anyone ever does so claiming to be from the Association, please end the call and contact us as soon as possible.

7.6   Database

In addition to hard paper copies our members and supporters database is stored on our own computers. Any application form you submit will be kept for as long as you are a member or supporter.

7.7     Children and Young People

We realise and understand that children and young people under the age of 18 (“minors”) may voluntarily visit our website, or otherwise interact with us. There are various control tools available for online services that we advise parents to utilise in order to create a child-friendly online environment for their children. Any minor using the website is confirming that they have received the consent of their parent or a guardian to do so.

We encourage all minors to speak with their parents or legal guardian before submitting any personal information to us, our partners or other third parties. Users of the website may be asked to provide a valid email address for their parent or guardian so that we may verify parental consent, where required.

8. Your Rights and Making Changes

You have the right to have any inaccuracies in your data corrected; request that we delete your personal data; object to profiling; request that we do not process your personal data for marketing purposes; request a copy of the personal information we hold about youin respect of which we will always comply wherever we can, where the request is proportionate, realistic, and reasonable; request erasure from our records. We can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

Before we make any requested changes for security reasons we require you to prove your identity with two pieces of approved identification. Please address requests to the Secretary at:

Southwark Park Association 1869,
c/o St. Peter and The Guardian Angels Club,
72, Paradise Street,
London, SE16 4QD
United Kingdom

and we will respond within one month, of receipt of your written request and confirmed ID. Please provide as much information as possible about the nature of your contact with us to help us locate your records. This request is free of charge unless the request is manifestly unfounded or excessive.

9. Legal requirements

We comply with requests for the disclosure of personal information where this is required or permitted by law, e.g. from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.

10. Contacting us

If you have any questions or concerns about this Privacy Policy and/or our processing of your personal data, you can get in touch with us by writing to:

Southwark Park Association 1869,
c/o St. Peter and The Guardian Angels Club,
72, Paradise Street,
London, SE16 4QD
United Kingdom

11. Complaints

And finally, if you believe your privacy rights have been violated, you may file a complaint with us or with the Information Commissioner’s office at https://ico.org.uk/. We would always prefer you talk to us first, however, as usually it is very easy to fix any errors or problems.

This policy was agreed and adopted by Southwark Park Association 1869 on 5^th September 2018.