We are committed to protecting your personal data, whether you are a visitor to our website, a subscriber to our newsletters and other communications, or a member of the association.
This privacy notice explains how we collect and use your personal data, and how we look after it. It also tells you about your rights and how to contact us.
Who are we and how can you contact us?
The Data Controller is Hawkenbury Village Association (also referred to as ‘HVA’). HVA is exempt from registration with the ICO as it is a not-for-profit organisation; any profit is used for its own purposes and not to enrich others. in addition:
- HVA only processes information necessary to establish or maintain membership or support
- HVA only processes information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it
- HVA only holds information about individuals whose data it needs to process for this exempt purpose
- The personal data that HVA processes is restricted to personal information that is necessary for this exempt purpose
However, it understands its responsibilities to comply with the UK GDPR.
Whether you want to ask a question, exercise your data rights, or for any other reason you can contact us in a number of ways:
- Email us at firstname.lastname@example.org
- Call us on 01892 710622 (please email if you can)
What personal data does HVA collect?
We collect the following personal data about you.
- Full name
- Email address
We do not knowingly collect data about anyone under 16 years of age, and if we are made aware of it we will erase it.
How does HVA use my data?
We may use the personal data that you provide in the following ways, to:
- Help us respond to an enquiry about our services
- Administer your membership of the association
- Administer your request to sign up to receive a newsletter
- Process your purchase for products and services
- Process event bookings
- Generally, to record the contact that we have with you
- Manage internal record keeping, such as the management of feedback or complaints
- Analyse and improve the services we offer
You can choose at any time which marketing materials you want to receive from HVA and in which format. If there is something you would prefer not to receive, please contact us in any of the ways mentioned above.
What is the lawful basis for processing my personal data?
We rely on a variety of lawful bases for processing data depending on the purpose of processing.
- We rely on contractual basis for processing data relating to your membership of the association, purchases of goods and services and events you have booked.
- We rely on legitimate interests for a variety of purposes. Legitimate interest is about balancing the interests of HVA against your rights and freedoms and having due regard to your reasonable expectations about the use of your data. These purposes include mailing information and calling you about related resources and events that you might be interested in, given your previous engagement with us, and administering your membership.
- We rely on consent for all email newsletters and related marketing. Every email marketing communication you receive provides a clear opportunity for you to opt out (unsubscribe) from future email communications. If you choose to opt out, you may still receive service mails relating to your membership.
- We rely on legal obligation as the basis for processing any legally required activities, and for any information we are obliged to share with HMRC and other government or similar bodies.
Is my data shared with anyone else?
We never share your personal data with other organisations to use for their own purposes, without your specific consent, unless legally obliged to do so. This would only be in the case of requests by government bodies and law enforcement agencies, or to protect HVA (for example in cases of suspected fraud or defamation).
If we run an event in collaboration with another named organisation, your details may need to be shared with them and those who provide services to help us deliver the event. We will make it clear what will happen to your data when you register.
Our website may contain links to other websites. This privacy notice applies only to our sites, so you should always be aware when you are moving to another site and read the privacy statement of any site which collects personal data. We do not pass on any personal data about you to any other site when you link to another site.
Our ‘Contact Us’ form uses Captcha v3 to block spam and so any details you enter may be passed to Google as part of the verification process – here is their privacy notice.
How long is my data retained?
- As a member, we retain your personal data for 3 years from the termination date of your membership.
- As a purchase of our products or services (including events), we retain your personal data for 3 years from the date of last purchase but may be able to anonymise parts of it upon request.
- As a newsletter subscriber, we retain your personal data for 4 months after the date that you unsubscribe.
How is my data stored and protected?
We maintain a high level of security in relation to the collection, storage and disclosure of your data. This is very important to us and we take steps to ensure that any data we hold about you is safe.
- Information is stored digitally on computer systems with multiple levels of passwords and disk encryption, accessible only to the Data Controller.
- Full information is accessible only to the HVA committee, for the purposes above.
- Information may be collected from you both verbally and in writing. Documents relating to you are scanned, stored securely and then shredded.
- Our computers are maintained, protected and backed up either to encrypted storage medium which is then physical secured, or to cloud backup and storage providers using ‘zero knowledge’ techniques.
Who can access and/or use my personal data, on behalf of the Data Controller?
Use of your data is limited to the Data Processors specified below:
- Microsoft Exchange – Microsoft and Rackspace
- Website hosting and membership – WordPress and Memberpress
- Email – MailChimp
- Card payments – PayPal.
HVA uses a number of other cloud backup and storage providers but they all follow the ‘zero knowledge’ protocol and so no personal data, as defined by UK GDPR, is processed.
What are my personal privacy rights?
The Data Protection Act and the General Data Protection Regulation give you certain rights over your data and how we use it. You have the right to:
- request a copy of the data we hold about you and details of what we do with that data (known as a subject access request)
- update or amend the data we hold about you if it is wrong
- change your communication preferences at any time
- withdraw your consent to use of your personal data where we are relying on consent as the lawful basis for processing it
- ask us to remove your personal data from our records
- ask us to restrict the processing of your personal data
- obtain a portable copy of certain personal data where this is processed automatically
- object to the processing of your data for marketing purposes
- raise a concern or complaint about the way in which your data is being used
- ask us to explain any automated processing we carry out and the impact of this on you
We may ask for reasonable proof of your identity before providing you with data or carrying out any of the above actions.
How can I exercise my rights, complain or comment?
If you wish to exercise your rights, complain or make a comment, please contact us in any of the ways shown above.
If you are not satisfied with our response, or you are unhappy with how we have used your data, you can complain to the Information Commissioner’s Office. Their contact details are:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline number: 0303 123 1113
- ICO website: https://www.ico.org.uk
This privacy notice was last updated: 13th December 2021