Your Privacy is Important

Your privacy is important to Avonmouth Community Centre Association (ACCA). We may need to collect information from you in order to tell you about our activities, events and services. We may also need to provide you with information relevant to your membership of ACCA. If you are a customer or user of Avonmouth Community Centre, we may need to hold data about you for invoicing purposes, and as part of your hire agreement.

Types of information:

We may collect your contact details (e.g. name, email address) so that we can contact you. We may collect financial details so that we can make or receive payment from you for goods or services. We may collect anonymised information about diversity to help us monitor our accessibility. We may record CCTV images to ensure the safety of the centre and its users. We may collect information on employees and volunteers to ensure that we can meet our legal obligations to them.

Your Consent:

ACCA needs your consent to hold data about you. Any forms or documents that we need you to complete, manually or electronically, will ask for your consent and be clear about what the information will be used for if you choose to provide it. There will be some circumstances where we are only able to provide you with services if you consent to providing necessary information, for example, hire of the community centre.

Your right of access:

You have a right to ask ACCA what information we hold on you, and to ensure that it is accurate and up to date, and to have it rectified if it is not. We will regularly ask you if there have been any changes to your data so that we are able to keep information up to date. If you are concerned about what information we hold on you, or would like to update information that we hold on you, please contact ACCA’s secretary. We will process your request within one month.

Storing your data:

All physical data will be held securely in a locked cabinet in a non-public location, accessible only by trustees and designated employees of ACCA. All electronic data on fixed-base computers will be password protected. All electronic data held on portable devices (for example laptops and USB drives) will be password protected and encrypted. All trustees and staff will be supplied with data storage equipment and encryption software to ensure data security where personal or sensitive data is stored.

Disposal of data:

If we agree to your request to destroy your data, it will be confidentially destroyed in the case of physical data, or permanently erased in the case of electronic data. We will notify you in writing to confirm when and how it has been destroyed or permanently erased. We may not agree to disposal of certain data if we have a legitimate or legal need to retain it. Where there is a legal obligation to, we will keep a record of destruction of data.

Retention of personal data:

ACCA will not hold personal data longer than necessary. There are certain legal requirements or recommendations which mean that we will keep documents for a minimum period of time. External organisations may also keep information we lawfully provide for periods of time determined by them. Some of these documents may contain personal data.

Data Source Retention Period Example
Invoices (may contain customer personal information) Kept for 6 years from the end of the current financial year. Hirer’s invoice.
Receipts (may contain customer / supplier personal information) Kept for 10 years. Customer receipt.
HMRC records (may contain employee personal information) Kept for 6 years from the end of the current financial year. P60 form.
Trustee information (may contain personal trustees’ information) May be kept by the Charity Commission. Annual Return.
Financial donor and GiftAid records (may contain donor’s personal information) Kept for 6 years from the end of the current financial year. GiftAid declaration.

 

ACCA will store archived documents securely, and maintain a register of archived documents along with their planned destruction date. ACCA will review annually these retention periods to ensure that they remain within the law and recommended practice.

Sharing of data:

ACCA will not share your information with third parties, unless we are legally obliged to, or there is a risk of harm to you or another, for example, in a safeguarding situation. We may use a third party to collect or process your information, for example, an electronic mailing list provider. Where we need to share personal data with another organisation, for example an organisation which runs our payroll, we will enter into a data processing agreement.

Promoting a culture of data protection:

ACCA will have data protection as a standing agenda item at its ordinary meetings to ensure that any issues or concerns are addressed by trustees. All new trustees, as part of their induction, will be briefed on ACCA’s data protection arrangements. All staff and relevant volunteers, as part of their induction, will be briefed on ACCA’s data protection arrangements.