Trustees
Volunteers
The Hall Manager
Contractors acting on behalf of the Hall
Anyone processing personal information on behalf of the Hall
All individuals covered by this policy are responsible for handling personal information appropriately and securely.
3. Personal Information We Collect
The Hall only collects personal information necessary to operate and manage its activities.
This may include:
Names
Postal addresses
Email addresses
Telephone numbers
Hall booking information
Event booking information shared with the Hall
Payment and invoicing records
Correspondence
Volunteer and Trustee contact details
Supplier and contractor information
CCTV images (where CCTV is in operation)
Where possible, personal information will be collected directly from the individual concerned.
4. How We Use Personal Information
Personal information may be used for purposes including:
Managing hall bookings
Administering events
Responding to enquiries
Communicating with hirers
Managing Trustees and volunteers
Maintaining financial and accounting records
Processing invoices and payments
Meeting legal and regulatory obligations
Maintaining the safety and security of the Hall
Protecting the Hall's legitimate interests
The Hall will never sell personal information to third parties.
5. Lawful Basis for Processing
The Hall processes personal information using one or more lawful bases under UK GDPR, including:
Performance of a contract
Legitimate interests
Compliance with legal obligations
Consent, where consent is required
The lawful basis used will depend upon the purpose for which the information is being processed.
6. Data Protection Principles
The Hall is committed to ensuring personal information is:
Processed lawfully, fairly and transparently.
Collected only for specified, legitimate purposes.
Limited to information that is adequate, relevant and necessary.
Accurate and kept up to date where appropriate.
Retained only for as long as necessary.
Protected against unauthorised access, loss or misuse.
Processed in accordance with individuals' legal rights
7. Data Security
The Hall takes appropriate technical and organisational measures to safeguard personal information.
These include:
Password-protected computers and devices
Secure email accounts
Restricted access to personal information
Secure storage of paper records
Secure destruction of confidential documents
Appropriate software and security updates where applicable
Everyone handling personal information is expected to maintain appropriate confidentiality.
8. Sharing Personal Information
Personal information will only be shared where appropriate and necessary, including with:
Professional advisers
Payment service providers
Insurers
Regulatory or law enforcement authorities where legally required
Organisations providing services on behalf of the Hall
Where third parties process information on behalf of the Hall, the Hall will seek to ensure appropriate contractual and organisational
safeguards are in place.
Some organisations may collect and process personal information directly as independent data controllers when providing their own
services. Where this applies, their own privacy information and policies will govern how they process personal information.
9. Data Retention
Personal information will only be retained for as long as necessary to fulfil the purpose for which it was collected or to meet legal and
regulatory requirements.
Typical retention periods include:
Booking records – up to 6 years
Financial records – 6 years plus the current financial year
Trustee records – during service and for an appropriate period afterwards
Accident records – in accordance with legal requirements
CCTV footage (where applicable) – normally no longer than 30 days unless required for investigation or legal proceedings
Records will be securely deleted or destroyed when no longer required.
10. Individual Rights
Individuals have rights under UK data protection legislation, including the right to:
Request access to their personal information
Request correction of inaccurate information
Request erasure where applicable
Request restriction of processing
Object to processing
Request data portability where applicable
Withdraw consent where consent is the lawful basis
Requests should be made in writing to the Hall.
The Hall will respond within the timescales required by law.
11. Data Breaches
Any suspected or actual personal data breach must be reported immediately to the Chair of Trustees or the Hall Manager.
Where appropriate, the Hall will:
Investigate the incident
Take action to minimise any risk
Notify the Information Commissioner's Office where legally required
Notify affected individuals where required by law
12. Complaints
Anyone with concerns about how the Hall has handled personal information should contact the Hall in the first instance.
Complaints should be submitted in writing and include sufficient detail to allow the matter to be investigated.
The Hall will:
Acknowledge the complaint as soon as reasonably practicable
Investigate the circumstances
Respond in writing, normally within one calendar month
Take appropriate corrective action where necessary
If an individual remains dissatisfied, they have the right to complain to the Information Commissioner's Office (ICO).
13. Responsibilities
The Trustees are collectively responsible for ensuring compliance with data protection legislation.
Everyone handling personal information on behalf of the Hall must:
Keep information confidential
Access information only where necessary
Keep passwords and devices secure
Report suspected data breaches promptly
Dispose of personal information securely
Comply with this policy and any associated procedures
14. Website, Cookies and Third-Party Services
The Hall website may collect personal information submitted through enquiries or other communications. Information received
through the website will only be used to respond to enquiries, administer Hall activities and manage bookings where applicable.
The Hall website does not currently use cookies that require user consent. However, website functionality may change over time,
and additional services or features may introduce cookies or similar technologies.
The website includes an embedded TryBooking events page to enable users to view and book events. TryBooking may place
cookies or use similar technologies as part of operating its booking platform. Where applicable, TryBooking provides its own cookie
consent mechanism for users accessing those services.
When a booking is made through TryBooking, personal information is collected and processed by TryBooking in accordance with its
own Privacy Policy and Cookie Policy. Users should review those policies when making a booking through the embedded service.
Where booking information is subsequently shared with the Hall for the administration of events or bookings, the Hall will process
that information in accordance with this Data Protection Policy.
The Trustees will review the website privacy information whenever significant changes are made to the website or the services it
provides.
15. Policy Review
This policy will be reviewed annually, or sooner if:
legislation changes;
guidance from the Information Commissioner's Office changes; or
the Hall significantly changes how it collects or processes personal information.
Contact
King George Memorial Hall
2655 Stratford Road
Hockley Heath
Solihull
B94 5NH
Email: office@kinggeorgememorialhall.co.uk
If you are dissatisfied with how your personal information has been handled, you may also contact the Information Commissioner's
Office at www.ico.org.uk.
Trustees
Volunteers
The Hall Manager
Contractors acting on behalf of the Hall
Anyone processing personal information on behalf of
the Hall
All individuals covered by this policy are responsible for
handling personal information appropriately and securely.
3. Personal Information We Collect
The Hall only collects personal information necessary to
operate and manage its activities.
This may include:
Names
Postal addresses
Email addresses
Telephone numbers
Hall booking information
Event booking information shared with the Hall
Payment and invoicing records
Correspondence
Volunteer and Trustee contact details
Supplier and contractor information
CCTV images (where CCTV is in operation)
Where possible, personal information will be collected directly
from the individual concerned.
4. How We Use Personal Information
Personal information may be used for purposes including:
Managing hall bookings
Administering events
Responding to enquiries
Communicating with hirers
Managing Trustees and volunteers
Maintaining financial and accounting records
Processing invoices and payments
Meeting legal and regulatory obligations
Maintaining the safety and security of the Hall
Protecting the Hall's legitimate interests
The Hall will never sell personal information to third parties.
5. Lawful Basis for Processing
The Hall processes personal information using one or more
lawful bases under UK GDPR, including:
Performance of a contract
Legitimate interests
Compliance with legal obligations
Consent, where consent is required
The lawful basis used will depend upon the purpose for which
the information is being processed.
6. Data Protection Principles
The Hall is committed to ensuring personal information is:
Processed lawfully, fairly and transparently.
Collected only for specified, legitimate purposes.
Limited to information that is adequate, relevant and
necessary.
Accurate and kept up to date where appropriate.
Retained only for as long as necessary.
Protected against unauthorised access, loss or misuse.
Processed in accordance with individuals' legal rights
7. Data Security
The Hall takes appropriate technical and organisational
measures to safeguard personal information.
These include:
Password-protected computers and devices
Secure email accounts
Restricted access to personal information
Secure storage of paper records
Secure destruction of confidential documents
Appropriate software and security updates where
applicable
Everyone handling personal information is expected to
maintain appropriate confidentiality.
8. Sharing Personal Information
Personal information will only be shared where appropriate
and necessary, including with:
Professional advisers
Payment service providers
Insurers
Regulatory or law enforcement authorities where legally
required
Organisations providing services on behalf of the Hall
Where third parties process information on behalf of the Hall,
the Hall will seek to ensure appropriate contractual and
organisational safeguards are in place.
Some organisations may collect and process personal
information directly as independent data controllers when
providing their own services. Where this applies, their own
privacy information and policies will govern how they process
personal information.
9. Data Retention
Personal information will only be retained for as long as
necessary to fulfil the purpose for which it was collected or to
meet legal and regulatory requirements.
Typical retention periods include:
Booking records – up to 6 years
Financial records – 6 years plus the current financial
year
Trustee records – during service and for an appropriate
period afterwards
Accident records – in accordance with legal
requirements
CCTV footage (where applicable) – normally no longer
than 30 days unless required for investigation or legal
proceedings
Records will be securely deleted or destroyed when no longer
required.
10. Individual Rights
Individuals have rights under UK data protection legislation,
including the right to:
Request access to their personal information
Request correction of inaccurate information
Request erasure where applicable
Request restriction of processing
Object to processing
Request data portability where applicable
Withdraw consent where consent is the lawful basis
Requests should be made in writing to the Hall.
The Hall will respond within the timescales required by law.
11. Data Breaches
Any suspected or actual personal data breach must be
reported immediately to the Chair of Trustees or the Hall
Manager.
Where appropriate, the Hall will:
Investigate the incident
Take action to minimise any risk
Notify the Information Commissioner's Office where
legally required
Notify affected individuals where required by law
12. Complaints
Anyone with concerns about how the Hall has handled
personal information should contact the Hall in the first
instance.
Complaints should be submitted in writing and include
sufficient detail to allow the matter to be investigated.
The Hall will:
Acknowledge the complaint as soon as reasonably
practicable
Investigate the circumstances
Respond in writing, normally within one calendar month
Take appropriate corrective action where necessary
If an individual remains dissatisfied, they have the right to
complain to the Information Commissioner's Office (ICO).
13. Responsibilities
The Trustees are collectively responsible for ensuring
compliance with data protection legislation.
Everyone handling personal information on behalf of the Hall
must:
Keep information confidential
Access information only where necessary
Keep passwords and devices secure
Report suspected data breaches promptly
Dispose of personal information securely
Comply with this policy and any associated procedures
14. Website, Cookies and Third-Party
Services
The Hall website may collect personal information submitted
through enquiries or other communications. Information
received through the website will only be used to respond to
enquiries, administer Hall activities and manage bookings
where applicable.
The Hall website does not currently use cookies that require
user consent. However, website functionality may change over
time, and additional services or features may introduce
cookies or similar technologies.
The website includes an embedded TryBooking events page
to enable users to view and book events. TryBooking may
place cookies or use similar technologies as part of operating
its booking platform. Where applicable, TryBooking provides
its own cookie consent mechanism for users accessing those
services.
When a booking is made through TryBooking, personal
information is collected and processed by TryBooking in
accordance with its own Privacy Policy and Cookie Policy.
Users should review those policies when making a booking
through the embedded service.
Where booking information is subsequently shared with the
Hall for the administration of events or bookings, the Hall will
process that information in accordance with this Data
Protection Policy.
The Trustees will review the website privacy information
whenever significant changes are made to the website or the
services it provides.
15. Policy Review
This policy will be reviewed annually, or sooner if:
legislation changes;
guidance from the Information Commissioner's Office
changes; or
the Hall significantly changes how it collects or
processes personal information.
Contact
King George Memorial Hall
2655 Stratford Road
Hockley Heath
Solihull
B94 5NH
Email: office@kinggeorgememorialhall.co.uk
If you are dissatisfied with how your personal information has
been handled, you may also contact the Information
Commissioner's Office at www.ico.org.uk.