PRIVACY POLICY

Introduction

This Privacy Policy explains why and when we (Norfolk Clubhouse) collect personal information about you, the person interacting with Norfolk Clubhouse by means of this website “norfolk-clubhouse.org”. The Policy covers how we use this information, the conditions under which we may disclose it to others, and how we keep it secure.

We may change this Policy occasionally so please check this page regularly to ensure that you are happy with such changes. By using this website and corresponding with Norfolk Clubhouse, you are agreeing to be bound by this Policy. Any queries regarding this Policy and how we deal with privacy matters should be sent by email to email@norfolk-clubhouse.org.

On 25 May 2018, a new European Union (EU) measure came into effect called the General Data Protection Regulation (GDPR). In GDPR terminology, the “Data Controller” is the name given to an organisation or person who is responsible for how personal data belonging to a “Data Subject” is “Processed”. ”Processing” essentially means how such data is obtained, collected, recorded, stored, kept or used. In terms of this particular Privacy Policy, the following applies:

Data Controller: June Webb, currently sole-trading as Norfolk Clubhouse
Data Subject: Yourself.

The Data Subject must be a citizen of the EU in order for the GDPR regulation to apply.

Who are we?

Norfolk Clubhouse is a trading name of June Webb. It is a fledgling social enterprise whose aim is to start up the first Clubhouse in Norfolk; this will be fully in keeping with the wider Clubhouse movement. You may glean some idea of the Clubhouse model from the website mosaic-clubhouse.org, and you may contact June Webb by email at june@innerwholeness.org.uk.

Norfolk Clubhouse is committed to respecting and protecting your privacy.

How do we collect information?

In the early stage of the enterprise the website consists simply of a Landing page which outlines the nature and purpose of the prospective Clubhouse. The landing page invites you to take part in its development by filling in a contact form and clicking/tapping on the action button in order to register your interest.

What kind of information is collected?

The landing page prompts you to fill in the following information:

  • Your full name
  • Your email address
  • Your phone number (mobile or landline)

These are the only items of personal information that we collect from you at this formative stage.

In line with GDPR requirements, a checkbox has been included on the Contact Form which you must check (fill) in order to consent to our collecting, storing and using the information you have supplied on the form, and in order for the form’s data to be sent to us. Without indicating your consent in this way this initial contact cannot be established.

Why do we require this information?

We require this information in order to:

  • register that you are a person who is interested in our Clubhouse enterprise
  • keep you informed of its progress and provide you with details of how you may become more involved with the enterprise
  • Validate your identity against our database if you were to make a Subject Access Request (see below)

How is your information used?

As the situation develops with respect to the Norfolk Clubhouse, we shall keep you informed by sending the relevant details to you by email using the name and email address you have supplied. Your phone number is required if we wish to contact you by means other than email address.

Who has access to your information?

Only we ourselves have access to your personal information. We will not share your details to any third party for any purposes unless we are required to do so by law.

How you can access and update your information

The GDPR stipulates that you, as our Data Subject, should be able to make a Subject Access Request (SAR) – this can take three forms:

  • enquire from us the contents of any records that we may hold about you
  • ask us to change/correct any of the fields of those records
  • ask us to delete any such records that you specify.

All SARs will be actioned free-of-charge and the Data Controller will respond to the request within 30 days.

In each case, you will be presented with a form which will prompt you for your full name, email address and phone number; these we will use to identify you on our database. Any reply from us will be sent to you by means of secure (encrypted) email.

MAKE YOUR OWN DATA REQUEST

Icon of green folder with tick mark

I wish to Review my personal data

Click/tap the button if you’d like a copy of your personal data

Icon of blue folder with pencil

I wish to Change my personal data

Click/tap the button if you’d like to correct  your personal data

Icon of red folder with cross mark

I wish to Delete my personal data

Click/tap the button if you’d like us to delete your personal data

Use of Cookies

Cookies are small text files that are placed on your computing device by websites that you visit. They are generally used to make websites work, or work more efficiently, as well as provide information to the owners of the site.

Since 25 May 2018, if you are located in the European Economic Area, the law states that a website can store cookies on your device if they are strictly necessary for the operation of the site. For all other types of cookie your permission or consent is required. In practice, this means that while the first page of a website is being displayed, you must be presented with a consent message display that allows you to “switch off” particular types of cookie according to your preference. Disallowing the use of some cookies can mean that the website may not function fully as intended.

Cookies can belong to the following broad categories:

  • Necessary cookies: These are cookies that are required for the operation of the website. They may include, for example, cookies that enable you to use a shopping cart.
  • Preference cookies: These are used to recognise you when you return to the website. They enable the site to personalise content for you and remember your preferences (for example, your choice of language or region). These may also be called Functional cookies.
  • Statistical cookies: These allow the site to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps to improve the way the website works, for example, by ensuring that users are finding what they are looking for easily. These may also called Analytical cookies.
  • Marketing cookies: These cookies record your visit to the website, the pages you have visited and the links you have followed. This information is used to make the website, and the advertising displayed on it, more relevant to your interests. These may also called Targeting or Tracking cookies.

In addition to the consent message display, described above, you can choose to enable, disable or delete cookies from your internet browser. Much fuller information on this may be found at whatarecookies.com.

Currently, our website uses the following cookies:

Data Security

The only data currently being collected are your personal details from the contact form on the Landing Page. This collection is secure since the the website is using SSL encryption between your browser and our website hosting facility at Siteground – you can confirm this by noting that our website address begins with “https”, and that there is a small closed padlock icon next to the address. Your details are then emailed to our email hosting facility where it us also encrypted. We access this email via an email client that uses the IMAP prototol, which means that the email message (with your personal data) is not copied to our computers – we simply have a link to the secure email server. The email client communicates via an encrypted connection (SSL.)

Your emailed details are copied by hand to a particular encrypted database on our computer, after which the relevant email on the email server is deleted. This manual data transfer is performed by June Webb, who initially is the only person who has access to your personal data. The locally-stored encrypted folder is periodically backed up to a storage device.

Data Retention

In the initial stages of our enterprise there will be no financial transactions via our website, so the data records we hold will not be subject to tax regulations. This simplifies our data retention procedures, which means that your records will be kept until a time when you either:

   a) inform us of your wish to cease involvement in our social enterprise, or
   b) put in a request, under GDPR regulations, to have your record(s) deleted.

Either way, the relevant data records will be deleted at the earliest opportunity, and certainly within 2 working days.

Links to Other Websites

This website may contain links to enable you to visit other websites of interest easily; examples include audio/video recordings (eg. YouTube) and external articles. However, once you have used these links to leave this site, you should note that we do not have any control over those other websites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such information is not governed by this Privacy Policy. You should exercise caution and look at the privacy statements applicable to the external websites in question.

Finally...

If you are confused or concerned about any aspect of this Privacy Policy you should approach June Webb by email at june@innerwholeness.org.uk who will endeavour to help you. If you are still unhappy you can approach the Information Commissioner’s Office, the independent regulator for the UK, which exists to protect people’s information rights. Ways in which the Office can be reached may be found on the ICO Contact Us page, or you can try their helpline on 0303 123 1113.

Image Credits:
SAR data request icons made by Folders from www.flaticon.com is licensed by CC 3.0 BY