Privacy Policy

Purpose

This policy explains the method that Mashamshire Community Office (MCO) follows in regards data protection as regulated by The General Data Protection Regulation Act 2018 (GDPR) in relation to employees, volunteers, funders, customers, clients and other third parties (Data Subjects).
GDPR Compliance and Confidentiality Statement Mashamshire Community Office acknowledges that in the process of providing a service to those that use our services, people need reassurance that the information they provide to us is treated appropriately and not shared with others without good reason and is maintained in a confidential and respectful manner.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email. How long we retain your data If you have created a Listing or Event, your details, the post data and its metadata are retained indefinitely. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have created a Listing or Event, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Principles

MCO regards the lawful and correct treatment of personal information as important to successful working and to maintaining the confidence of those with whom it deals. MCO complies with the principles of good information handling enforced by the Act:

a) Data must be processed fairly and lawfully
b) Data must only be used for specific purposes
c) Data must be adequate, relevant and not excessive
d) Data must be accurate and kept up-to-date
e) Data must not be kept for longer than necessary
f) The rights of Data Subjects must be respected
g) Organisations must take appropriate steps to maintain security

Policy

MCO needs to collect and use certain types of information about the Data Subjects with whom it comes into contact for the purposes of delivering, developing and improving our services. Personal information will be collected and dealt with appropriately – either on paper, electronically or in another form (eg photographs etc). All data is collected and stored to comply with legal requirements. Our lawful bases for collecting or using personal information for the purposes outlined within this policy are consent and legitimate interest.

MCO ensures that:

a) Everyone processing personal information is appropriately trained and supervised
b) Anybody wanting to make enquiries about handling personal information knows what to do
c) Any enquiries about handling personal information are dealt with promptly and courteously
d) The handling of personal information is clearly described
e) The management and use of personal information is regularly reviewed

MCO may collect the following information:
a) Names and contact details (inc email/phone numbers/addresses), marketing preferences, recorded images (such as photos or videos), websites and app user journey information, records of consent (where appropriate) for service updates or marketing purposes
b) Location data, website and app user journey information, records of consent (where appropriate) for research or archiving purposes
c) We collect or use the following information for recruitment purposes

a. Contact details (e.g. name, address, telephone number or personal
email address)
b. Date of Birth
c. National Insurance number
d. Copies of passports or other photo ID
e. Employment history (e.g. job application, employment references or
secondary employment)
f. Education history (e.g. qualifications)
g. Right to work information

d) Names and contact details (inc email/phone numbers/addresses) for bookings from businesses and local community groups that advertise with MCO, book our venue, use our services or sell tickets for events. Contact details (telephone numbers, emails, addresses).
e) Booking forms and invoicing details for Masham Town Hall (MTH). Hard copies of Booking Forms are kept for 12 months. Invoice information is kept on a password-protected 3rd party website and neither used for individual contact nor held on MCO’s own computer or email server.

Retention Schedule

MCO will retain and use your data in the ways set out in this document until 5 years after your last engagement with us. If not opted into communications, the following data collected for service delivery, will be retained for the period shown below:

Ticket Sales

Name & contact number – 1 month (after event)

Marketing

Name & email – 1 year (once unsubscribed)

100 Club

Name, address, phone, email – 5 years

Masham Strollers

Name, address, phone, email – 1 month

HR Files (volunteers)

Name, address, phone, email, dob, emergency contact, referees contact details – 6 months from leaving date

Town Hall Bookings

Name, address, phone, email, signature – 1 month

MCO Room
Bookings Name, address, phone, email, signature – 1 month

HR Files (employees)
Name, address, phone, email, dob, ID, emergency contact, referees contact details – 6 years from leaving date

Payroll Information

Name, NI number, Tax code, Salary details – 6 +current year

Gift Aid Forms

Name, address – N/A

Accidents Books

Name, contact info, DOB and details about accident/injury – 3 years from last entry
(or until child reaches 21

Responsibilities

MCO is the Data Controller under the Act, which means it determines for what purposes personal information will be used. The MCO Manager is the central point of contact at MCO for all data compliance issues. The Chair of Trustees is the Data Protection Lead.

Disclosure

MCO may share information with third parties, for example contractual partners, North Yorkshire Council, Charity Commission, HM Revenue & Customs or funding bodies. The Data Subject will be made aware in most circumstances how and with whom their information will be shared.

There are circumstances where the law allows organisations to disclose data (including sensitive data) without the Data Subject’s consent. These are:

a) Carrying out a legal duty or as authorised by the Secretary of State
b) Protecting vital interests of a Data Subject or other person
c) Where the Data Subject has already made the information public
d) While conducting legal proceedings or obtaining legal advice
e) Monitoring for equal opportunities purposes
f) Where the Data Subject’s consent cannot be obtained or where it is
reasonable to proceed without consent, eg where providing consent would
cause stress to a vulnerable person.

Storage

a) Manual files containing sensitive information will be kept in locked filing cabinets, accessible only to relevant staff/volunteers.
b) Electronic records and files containing sensitive information will be password protected, accessible only to relevant staff/volunteers
c) Data processed by external data processors (e.g. Mailchimp, WordPress, EPOS, Microsoft) are compliant with this policy and all relevant data protection legislation.
d) Information held about employees and volunteers will only be collected and recorded with good reason and will be stored securely and for only as long as required. This information is held for management and administrative use only.
e) Contact information from individuals and organisations/companies who contact MCO will be stored in locked offices and/or electronic records will be password protected and accessible only to relevant staff/volunteers and deleted after six months unless it is part of an ongoing business relationship

Subject Access Requests

A Data Subject may make a subject access request (SAR) at any time to see the information which the Organisation holds about them. A charge may be made but will be communicated to you at the time of request.

User Acceptance

By using MCO’s services, users signify their acceptance of this Data Protection Policy. Continued use of the MCO’s service following the posting of changes to this policy will be deemed acceptance of those changes.

If a Data Subject joins the MCO e-mailing lists, they will receive emails with information about MCO including news, forthcoming events and organisational updates. Detailed unsubscribe instructions are included at the bottom of each email, or users may contact MCO by any means and at any time to opt out.

Changes to this Privacy Policy

MCO will review this policy annually but may update at any time. In such circumstances, MCO will post a notification on our website and include the information in the next email sent

Enquiries and Contact Details

Should you have any queries about personal data we hold, or if you wish to receive a hard copy of this Notice, please contact

The MCO Manager
Mashamshire Community Office
7 Little Market Place
Masham
Ripon
North Yorkshire
HG4 4DY

Email: info@visitmasham.com
Tel: 01765 680200

You can also contact the Information Commissioner’s Office (ICO) at https://ico.org.uk/

Join Our Mailing List

Email address:

Who are you? Local Visitor Business