GDPR Privacy Policy


Ripple Parish Hall Management Committee (RPHMC) is committed to fully comply with the requirements of the General Data Protection Regulations (GDPR) 2018. We will therefore follow procedures which aim to ensure that all volunteers who have access to any of your personal information held by RPHMC are fully aware of and abide by their duties under the GDPR.


We are legally required to tell you about your personal information we hold and how we process this information. The lawful and appropriate treatment of your personal information is very important to the successful service we provide and essential to maintaining confidence with you as a User of the Hall.


What Personal Data Do You Collect?


We may collect some or all of the following personal data (this may vary according to your relationship with us):


* Name

* Address

* Email address

* Telephone number

* Business name

* Job title

* any other personal information that you choose to provide to us with at point of contact


How Do You Use My Personal Data?


Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:


* Providing and managing your booking/account.

* Supplying our services to you. Your personal details are required in order for

   us to enter into a Hall hire contract with you.

* Personalising and tailoring our services for you.

* Communicating with you. This may include responding to emails or calls from you.

* Supplying you with information by email, social media, and /or post that you have opted 

   into (you may unsubscribe or opt-out at any time).

* To maintain our relationship with you whilst you are a "customer";

* To process requests and provide agreed services to you;

* For invoicing, processing payments, account set up and maintenance;

* To communicate with you, including to respond to information requests /enquiries

   submitted and/or to obtain your feedback our services;                                                                                       * For record keeping, statistical analysis and internal reporting and research purposses;

 *To ensure data security and to provide you with access to secure areas of our Facebook


* To notify you about changes to our services;

* To decide on and notify you about price changes;


With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, social media, and/or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.


How Long Will You Keep My Personal Data?


We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. In order to fulfil the requirements of Financial Accounting, your personal data is kept for a period of at least 7 years.


How and Where Do You Store or Transfer My Personal Data?


We will only store or transfer your personal data within/between Committee members. Your information will never be passed to any Third Party, unless required under UK legislation, or the rules of the Charity Commission.


Who sees or has access to your personal information?


RPHMC volunteers are the only individuals who have access to or can see your personal information. Paperwork which details your personal information.


All Volunteers have been made aware of their duties under the GDPR of how they should process your personal information. They are also aware of phishing emails, bogus telephone calls and the posting of information relating to the business activities on social networks.


Do You Share My Personal Data?


On very rare occasions it is possible we may contract approved third parties to supply products and/or services to you on our behalf. These may include payment processing, the provision of equipment, and /or entertainment, etc.  In some cases, those third parties may require access to some or all of your personal data that we hold.


If any of your personal data is required by a third party, as described above, we  will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.


In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority or Charity Commission.


Anyone who processes personal information must comply with eight principles, which make sure that personal information is:


*         Fairly and lawfully processed

*         Processed for limited purposes

*         Adequate, relevant and not excessive

*         Accurate and up to date

*         Not kept for longer than is necessary                                                                                    

*         Processed in line with the users’ rights

*         Secure

*         Not transferred between locations without adequate protection



Your Individual Rights


The GDPR includes your following rights:


                * The right to be informed about the collection and use of your personal information.

                * The right to access your personal information.

                * The right to have your personal information rectified.

                * The right to have your personal information erased, where there is no compelling reason

   for the information to be processed.

* The right to restrict or block the processing of your personal information.

* The right to obtain and use your personal information being processed, based on

    legitimate interests.

* The right not to be subject to automated decision-making including profiling.


You have the right to withdraw your consent to us and processing your personal information. If you wish to do so, please contact The Chairperson of the RPHMC.


Issue 1

July 2018.

Print | Sitemap
© John Bennett