Privacy Policy

Download the privacy policy document here (PDF)

FoNP PRIVACY POLICY 26 August 2022

Introduction

“Friends of Naunton Park” (FoNP) is a community-based registered charity which undertakes restoration, maintenance and upkeep works on a voluntary basis at Naunton Park, Cheltenham. The charity works in partnership with Cheltenham Borough Council.

A limited range of members’ personal data is collected and processed as part of the administration of the charity’s activities.  For this reason, FoNP is bound by the requirements of the UK General Data Protection Regulation (GDPR), as tailored by the Data Protection Act 2018.

This Privacy Policy is based on a current understanding of the requirements of the GDPR as they apply to small organisations, and as set out on the web-site of the Information Commissioner’s Office at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/.  The ICO guidance will be kept under review and the Policy revised accordingly. How FoNP will comply with these requirements is listed below.

The Lawful Basis for the Collection and Use of Personal Data by FoNP

The GDPR sets out six bases upon which an organisation is permitted to store and use personal data. Only one is needed by any organisation. The bases are:

  1. Obtaining consent
  2. Necessary for the performance of contract
  3. Necessary for compliance with legal obligation
  4. Having a “legitimate” interest
  5. Having a “vital” (i.e. life and death) interest
  6. Having a “public” interest  (this only applies to public bodies).

In the light of FoNP’s constitution and activities, three qualifying conditions appear to apply:

  • Consent is obtained when application is made for membership.
  • It is necessary for the performance of FoNP’s contract because people who join FoNP would expect their personal data to be used so that they may receive relevant information.
  • FoNP also has a legitimate interest in communicating with members, and applicants for membership, and these individuals would not suffer any negative impact as a direct result of that communication.

Overall Responsibility for Members’ Personal Data

The GDPR requires each organisation to identify a Data Controller i.e. an individual or body which takes responsibility for determining the purpose and means of processing personal data. FoNP’s Executive Committee will act as its Data Controller.

Why Do We Store and Use Personal Data ?

FoNP will store and process personal data so that it has a record of its membership to enable administration of membership subscriptions, to support the management of work parties and events, and to have a means of communicating with members, applicants for membership, and others who wish to be informed of its activities.

Who Will Process the Data ? The Data Processors.

The following roles and officers within the FoNP constitution will have responsibility for the normal processing of members’ data under the supervision of the Executive Committee:

Treasurer, Secretary, Work Party Co-ordinator and Events Manager.

Other individuals may require ad hoc access to the data, and this would be under the strict supervision of the Executive Committee.

How is Personal Data Stored ?

The persons nominated by FoNP as Data Processors will store personal data by one or more of the following methods:

  1. Electronic files on their personal computers
  2. Retaining any necessary paper records.

Data Protection Rights of Members

Individuals have the right to be informed about the collection and use of their personal data.

Individuals have the right to access their personal data and any supplementary information. This allows them to be aware of and to verify the lawfulness of the processing.

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. An individual can make a request for rectification verbally or in writing.

The GDPR introduces a right for individuals to have personal data erased. Individuals can make a request for erasure verbally or in writing.

Consent

As FoNP has at least one of the valid bases for holding and processing personal data, it is not therefore strictly necessary to obtain explicit consent. However, in the interests of openness and to demonstrate good practice, FoNP has determined that, at the time of enrolment, members will be asked to give their consent for FoNP to hold and use their personal data. For these purposes, the following wording will be used:

Friends of Naunton Park may hold your personal data and use it as described below:

  • Details will be processed fairly and lawfully in order to satisfy the agreement entered with you on your enrolment as a member. This will help to ensure that you will receive the latest news and information about FoNP activities and events.
  • Your details will be kept safely and securely and you have the option to opt out of our communications at any time.

 Is Personal Data Shared with Any Other Organisations ?

FoNP has not shared personal data with any other party and would not do so in the future, without the explicit consent of members.

FoNP’s nominated Data Processors may share personal data with other individual members of the Executive Committee for the fulfilment of their duties and with the approval of the Committee.

How Will FoNP Communicate to Members, Applicants and Others How the Requirements of the GDPR Have Been Met ?

  • FoNP will publish a summary statement (“Privacy Notice”) on its Data Protection policy and practice on its web-site. Paper copies will be available on request for members with no internet access.
  • Members will be briefed at the time of their enrolment and renewal, about FoNP’s use of personal data.
  • FoNP will respond promptly and positively to any request for further information or guidance.

How Do Individuals Raise Concerns about FoNP’s Storage and Use of Personal Data ?

  • All concerns about the storage and use of data must be directed in the first instance to the FoNP Secretary.
  • A formal response must be made by FoNP within 30 days.
  • Any individual who is not satisfied with FoNP’s response has the right to raise the concern with the Information Commissioner’s Office (tel. no. 0303 123 1113, or via live chat on-line at ico.org.uk).