Privacy & Data Retention Policy

Introduction

The Literary Institute Cultural Community Hub (t/a ‘@ the Lit’, currently registering as a Charitable Incorporated Organisation, and to be known as ‘the Lit Trust’ from hereon) has developed this policy based on guidance and advice from the Information Commissioner’s Office, the Local Government Association, the Data Protection Network, and other sector examples.

This policy applies to all staff and volunteers of @ the Lit, including Trustees, contracted freelancers, paid staff, volunteers, sessional workers, students or anyone working on behalf of or under the direction of the Lit Trust (together ‘workers’).

Purpose and Aim

The purpose of this Privacy & Data Retention Policy is to explain how the Lit Trust manages and retains personal data and respects the privacy of our users (in electronic and paper format).  It lays out what information we will gather, where it comes from, how we will use it and how we will keep it secure.  This policy is used to:

  • ensure the Lit Trust comply with data protection legislation the General Data Protection Regulation (GDPR) which applied in the UK from 25 May 2018;
  • ensure we respect the privacy of data held by the Lit Trust and electronically, including our website.

Data Protection Principles

The Lit Trust complies with the seven data protection principles, which are:

  1. Personal data must be processed fairly and lawfully;
  2. Personal data must only be collection for specified and lawful purposes, and not further processed in any manner incompatible with the original purpose(s);
  3. Personal data collected must be adequate, relevant and not excessive in relation to the purpose(s) for which it is collated;
  4. Personal data collected is accurate and, where necessary, kept up to date;
  5. Personal data is retained no longer than is necessary for the purpose for which you obtained it;
  6. Personal data is processed in accordance with the rights of the data subjects;
  7. Organisations take appropriate technical and organisational measures against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Grounds for Processing Data

As a cultural community hub, the Lit Trust has a lawful basis for processing personal data relating to our day-to-day business.  These are:

Consent: (i) We will collect personal data in order to distribute our news updates.  Individual consent will be freely given based on clear and unambiguous information provided clarifying this specific purpose.  This is carried out through a clear tick-box opt-in sign-up process provided on our website here.

(ii) We will collect personal data when taking room bookings to ensure we capture information that ensures a safe, secure and enjoyable hire. This information will be collected via our online booking enquiry form or a paper version. In both cases, it will be made clear that by completing the enquiry form that consent is given for this purpose.

(iii) We will collect personal data in order to gather feedback to evaluate and improve the hub’s performance and in relation to specific projects funded by grant-giving bodies.  Individual consent will be freely given based on clear and unambiguous information that clarifies the use for the given purpose.  This will be carried out either through a clear opt-in process via SurveyMonkey who have their own GDPR policy, or through personal face-to-face written consent on survey forms.

(iv) We have access to limited personal data of individuals who sign up to our various social media accounts, subject to the users’ own privacy settings. These third party providers such as Facebook, Twitter and Instagram, are also ensuring compliance with GDPR.

Contractual: We will collect personal data necessary for the performance and fulfilment of a contract to which the data subject is party.  This includes freelancers, paid staff and volunteers via either a formal signed Contract or as part of the signed Volunteers Agreement and associated emergency contact forms.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.  We will regularly review the personal data we hold, and delete anything we no longer need. Information that does not need to be accessed regularly, but which still needs to be retained, will be safely archived or saved offline.

What we collect

We may collect the following personal information:

  • Name
  • Age group
  • Job title
  • Contact information such as email address and telephone number
  • Demographic information such as postcode
  • Profiling information such as preferences and interests
  • Other information relevant to surveys and/or offers

Why we collect

We require this information to understand our workforce and user needs, and provide a better service.  Reasons for collecting this data include:

  • Maintain good internal record keeping of and for the workforce;
  • For research and evaluation purposes to improve our offer;
  • Send informational and promotional emails;
  • To gather relevant information to ensure our hire policy and health & safety regulations are met.

Data Security

We are committed to ensuring that personal information is secure.  In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect both electronically and in paper format.

Electronic Data

All personal information acquired by the Lit Trust is stored on the Cloud using GoogleDrive who have their own GDPR Policy. This account is password protected and documents containing sensitive data is password protected within this.

Paper Data

Any hard copy paper documents we acquire containing personal information is kept securely locked away and are only accessible by authorised persons under the supervision of the Trustees.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Website Privacy

This section of the policy states how the Lit Trust uses and protects any information that is provided when individuals use our website (www.AtTheLit.org) and any sub-domains.

The Lit Trust is committed to ensuring that individual’s privacy is protected.  Should we ask individuals to provide certain information which is identifiable when using our website, it will only be used in accordance with this privacy statement.

Cookies

A cookie is a small file which asks permission to be placed on a computer’s hard drive.  Once this is agreed, the file is added and the cookie helps analyse web traffic.  Cookies allow web applications to respond to individuals.  The web application can tailor its operations to user needs, likes and dislikes by gathering and remembering information about personal preferences.

We use traffic log cookies to identify which pages are being used.  This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs.  We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide users with a better website by enabling us to monitor which pages are used frequently.  A cookie in no way gives us access to a computer or any information about an individual, other than the data they choose to share with us.

Individuals can choose to accept or decline cookies.  Most web browsers automatically accept cookies, but browser settings can be modified to decline cookies.  This may prevent users from taking full advantage of the website.

Links

Our website may contain links to other websites of interest.  However, once users choose to leave our site, please note that we do not have any control over that other website.  Therefore, we cannot be responsible for the protection and privacy of any information which an individual provides whilst visiting such sites and such sites are not governed by this privacy statement.  Please exercise caution and look at the privacy statement applicable to the website in question.

Individual’s Rights

In line with GDPR, individuals have the following rights:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

Individuals may request details of personal information which we hold free of charge, as long as the request is not manifestly unfounded or excessive.  We will comply with your request within 40 days.

If you would like a copy of the information held on you please write to

@ the Lit, The Literary Institute, 51 High Street, Egham, Surrey, TW20 9EW or email AtTheLit@gmail.com.