DATA PRIVACY NOTICE

Root Connections CIC

  1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

  1. Who are we?

Root Connections is the data controller (contact details below).  When reading the words ‘we’, ‘us’, ‘our’, we are referring to the operations and work carried out unde r and by Root Connections CIC.

We decide how your personal data is processed and for what purposes.

  1. How do we process your personal data?

We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect all personal data.

We only use your data on relevant lawful grounds complying with the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.

Personal data will only be used for the purposes outlined at the time of collection in line with your selected communication method preference. If we are asked by the police or other government authority investigating any suspected illegal activities, we may need to provide them your personal data. We will only proceed with these third party requests if we have a legal obligation to do so.

More specifically we use your personal data for the following purposes: -

  1. To administer membership, volunteer and employee records
  2. To keep records and to manage customers of Root Connections
  3. To record data about the individuals that use our services or join our activities
  4. To promote the interests of Root Connections
  5. To maintain our own records
  6. To inform you and others of news, events, activities and services offered by Root Connections, its members, team and associated groups or bodies

Your data may also be available to our website provider to enable us and them to carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services.  This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are deemed to outweigh their legitimate interests in developing new services for us.  In the case of this activity the follow will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in [section 3]- (if using SEQ template, if not please replace by whichever sections in your privacy policy talk about what data the organisation will collect, or you can use a generic ‘The data that may be available to them include any of the data we collect as described in this privacy policy’)
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of [7] years.
  5. This processing does not affect your rights under [sections 10 or 16] of this privacy policy (if using SEQ template, if not please replace by whichever sections in your privacy policy talk about the supporter's rights, or you can use a generic ‘This processing does not affect your rights under the other parts of this privacy policy’)

  1. What is the legal basis for processing your personal data?
  • Explicit consent of the data subject so that we can keep you informed about news, events, activities and services
  • Explicit consent so that we can share your personal data as authorised by you to deliver the services you have requested
  • As a not-for-profit body with a religious aim we are permitted under Regulation 9 (2) (d) to process data relating to members or former members (or those who have regular contact with us in connection with those purposes); and we are not permitted to disclose that information to a third party without consent.
  1. Sharing your personal data

Your personal data will be treated as strictly confidential and only shared with others to enable the purposes of Root Connections or to help us deliver the services you have requested. It will not be disclosed to third parties outside Root Connections without your consent.

  1. How long do we keep your personal data?

We keep data for the length of period that you maintain an interest in the work of Root Connections or three years after you end your connection with us, or longer where Statute requires us to do so.

You may request the deletion of your data at any point.

  1. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which Root Connections holds about you;
  • The right to request that Root Connections corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is legally no longer necessary for Root Connections to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
  • The right to lodge a complaint with the Information Commissioners Office.
  1. Complaints

Complaints under this policy should be made to the CEO  who will decide if it is appropriate for the complaint to be dealt with under the complaints procedure. Complaints which are not dealt with under Root Connections complaint procedure should be forwarded in writing to the Information Commissioner.

Complaints about procedural issues, due process and timeliness will be dealt with by us, complaints that involve consideration of personal data or sensitive personal data may need to be referred to the Information Commissioner under GDPR.

  1. Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact:

 

The Manager, Root Connections CIC. Manor Farm, Stratton on the Fosse, Somerset