PIXABAY

Privacy Policy

Introduction

This Privacy Policy explains why and when we (Norfolk Clubhouse) collect personal information about you, the person interacting with Norfolk Clubhouse by means of this website “norfolk-clubhouse.org”. The Policy covers how we use this information, the conditions under which we may disclose it to others, and how we keep it secure.
We may change this Policy occasionally so please check this page regularly to ensure that you are happy with such changes. By using this website and corresponding with Norfolk Clubhouse, you are agreeing to be bound by this Policy. Any queries regarding this Policy and how we deal with privacy matters should be sent by email to email@norfolk-clubhouse.org.
On 25 May 2018, a new European Union (EU) measure came into effect called the General Data Protection Regulation (GDPR). In GDPR terminology, the “Data Controller” is the name given to an organisation or person who is responsible for how personal data belonging to a “Data Subject” is “Processed”. ”Processing” essentially means how such data is obtained, collected, recorded, stored, kept or used. In terms of this particular Privacy Policy, the following applies:
Data Controller: June Webb, founder of the charity “Norfolk Clubhouse”
Data Subject: Yourself.
The Data Subject must be a resident of the European Economic Area (EEA) in order for the GDPR regulation to apply.
Please note that since this measure was brought out, the principles it encapsulates have been enshrined within UK Data Protection legislation, and so apply to visitors to the website who live in the UK as well.

Who are we?

Norfolk Clubhouse is a social enterprise and registered charity (Charity No: 1183862, Registered Address: ℅ Aston Shaw, The Union Building, 51-59 Rose Lane, Norwich NR1 1BY), whose aim is to start up the first Clubhouse in Norfolk; this will be fully in keeping with the wider Clubhouse movement. You may glean some idea of the Clubhouse model from the website mosaic-clubhouse.org, and you may contact June Webb by email at june@norfolk-clubhouse.org.
Norfolk Clubhouse is committed to respecting and protecting your privacy.

How do we collect information?

The charity’s website invites you to take part in the development of Norfolk Clubhouse by filling in a contact form and supplying several items of personal information in order to register your interest. Also included on the site is a means of being kept informed of progress in the project by sending us your email address.
Application for membership of the Clubhouse is made through the filling-in by the applicant of a paper copy of an application form; personal information is also collected by way of donations made to the Clubhouse.

What kind of information is collected?

Contact form

The contact form on the Contact Us page prompts you to fill in the following information:
  • Your full name (required)
  • Your email address (required)
  • Your phone number (mobile or landline)
  • Whether you are interested in being a prospective member of the clubhouse, or if you would like to be involved in any other capacity.

Email address collection

The footer area of each page includes an invitation to provide us with your email address, in exchange for which we will keep you informed of our progress in the development of the Clubhouse.
In line with GDPR requirements, a checkbox has been included on the Contact Form which you must check (fill) in order to consent to our collecting, storing and using the information you have supplied on the form, and in order for the form’s data to be sent to us. Without indicating your consent in this way this initial contact cannot be established.

Donations

At various places of our website you are invited to contribute to our development through a DONATE button. This runs a WordPress plugin called “Accept Stripe Payments” which presents you with a donation form. The following personal information is collected and stored on a database within the website area:
  • The amount you would like to donate
  • Your full name
  • Your email address (this is used as a means of identifying the donor)
The following information:
  • the number of the credit card, or debit card, that is to be used
  • the expiry date of the card
  • the 3-digit CVC number of the card
is collected but not stored on the website. It is instead sent directly to the payment gateway for payment processing. The use of all the personal information relating to donations is governed by the Privacy Policy of the third-party payment processors that are used (Stripe in our case.) These payment processors adhere to the standards set by the Payment Card Industry Data Security Standard (PCI-DSS) as managed by the PCI Security Standards Council, which is a joint effort of card providers like Visa, Mastercard, American Express, etc. PCI-DSS requirements help ensure the secure handling of payment information.

Application form

Application for membership of Norfolk Clubhouse is achieved through the filling-in of an application form. The prospective member can display and print the form from this website and must supply the personal details that it requests, including matters relating to their mental health history. The second part of the form must be completed by their GP (or other health or social care professional) who will be referring the prospective member to the Clubhouse.
An administrator of the Clubhouse scans in the completed form, and the resulting digital file is stored in a secure online location (in the “cloud”.) The paper copy of the form is then shredded.

Why do we require this information?

It is our legitimate interest to request this information in order to:
  • register that you are a person who is interested in our Clubhouse enterprise
  • keep you informed of its progress and provide you with details of how you may become more involved with the enterprise
  • Validate your identity against our database if you were to make a Subject Access Request (see below)
  • Accept donations towards the running of the Clubhouse
  • Accept new members into the Clubhouse.

How is your information used?

As the situation develops with respect to the Norfolk Clubhouse, we shall keep you informed by sending the relevant details to you by email using the name and email address you have supplied. Your phone number is required if we wish to contact you by means other than email address.

Who has access to your information?

Apart from the third-party payment processors mentioned above in the case of donations, only we ourselves have access to your personal information. WordPress, the environment within which this website runs, is not set up to share such information. In the same way, we will not share your details to any third party for any purposes unless we are required to do so by law. No user accounts and no advertising are allowed on this website, and no use of the Gravatar service is made.

How you can access and update your information

The Data Protection Act and, more recently, the GDPR, stipulates that you, as our Data Subject, should be able to make a Subject Access Request (SAR) – this can take three forms:
  • enquire from us the contents of any records that we may hold about you
  • ask us to change/correct any of the fields of those records
  • ask us to delete any such records that you specify.
All SARs will be actioned free-of-charge and the Data Controller will respond to the request within one calendar month.
In each case, you will be presented with a form which will prompt you for your full name, email address and phone number; these we will use to identify you on our database. Any reply from us will be sent to you by means of secure (encrypted) email.

MAKE YOUR OWN DATA REQUEST

I WISH TO REVIEW MY PERSONAL DATA

Click/tap the button if you’d like a copy of your personal data
SHOW FORM

I WISH TO CHANGE MY PERSONAL DATA

Click/tap the button if you’d like to correct your personal data
SHOW FORM

I WISH TO DELETE MY PERSONAL DATA

Click/tap the button if you’d like us to delete your personal data
SHOW FORM
PEXELS

Use of cookies

Cookies are small text files that are placed on your computing device by websites that you visit. They are generally used to make websites work, or work more efficiently, as well as provide information to the owners of the site.
Since 25 May 2018, if you are located in the European Economic Area, the law states that a website can store cookies on your device if they are strictly necessary for the operation of the site. For all other types of cookie your permission or consent is required. In practice, this means that while the first page of a website is being displayed, you must be presented with a consent message display that allows you to “switch off” particular types of cookie according to your preference. Disallowing the use of some cookies can mean that the website may not function fully as intended.
Cookies can belong to the following broad categories:
  • Necessary cookies: These are cookies that are required for the operation of the website. They may include, for example, cookies that enable you to use a shopping cart.
  • Preference cookies: These are used to recognise you when you return to the website. They enable the site to personalise content for you and remember your preferences (for example, your choice of language or region). These may also be called Functional cookies.
  • Statistical cookies: These allow the site to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps to improve the way the website works, for example, by ensuring that users are finding what they are looking for easily. These may also called Analytical cookies.
  • Marketing cookies: These cookies record your visit to the website, the pages you have visited and the links you have followed. This information is used to make the website, and the advertising displayed on it, more relevant to your interests. These may also called Targeting or Tracking cookies.
In addition to the consent message display, described above, you can choose to enable, disable or delete cookies from your internet browser. Much fuller information on this may be found at whatarecookies.com.
Currently, our website displays the following cookie information:

Data security

This website is using an SSL Certificate, which carries a number of advantages:
  • SSL gives end-to-end encryption of data transferred between the user (yourself) and the servers hosting the site, thereby ensuring that your personal data - supplied in the contact form, for example - remains private
  • SSL provides authentication to the site, so that you can be confident that you really are on the Norfolk Clubhouse site and nowhere else
  • SSL helps satisfy PCI/DSS requirements which oversee the processing of online payments (donations in our case.)
The closed padlock icon situated at the side of the webpage address, usually at the top of the screen, indicates that SSL protection is active.

Data retention

Norfolk Clubhouse, in common with many charities, has a policy which deals specifically with the whole life-cycle of data records, including their retention and archiving for long-term storage. Please see our Data Record Retention Policy.

Links to other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. Such a website may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such information is not governed by this Privacy Policy. You should exercise caution and look at the privacy statements applicable to the external websites in question.

Finally...

If you are confused or concerned about any aspect of this Privacy Policy you should email administration at admin@norfolk-clubhouse.org who will endeavour to help you. If you are still unhappy you can approach the Information Commissioner’s Office, the independent regulator for the UK, which exists to protect people’s information rights. Ways in which the Office can be reached may be found on the ICO Contact Us page at ico.org.uk/global/contact-us, or you can try their helpline on 0303 123 1113.
arrow-up-circle