Privacy policy

Benington Community Heritage Trust, trading as The Beonna, respects your privacy and is committed to protecting your personal data. This privacy policy lays out how we look after your personal data when you visit our website at thebeonna.co.uk (“our website”) (regardless of where you visit it from). It also tells you about your privacy rights and how the law protects these. This privacy policy also applies to any personal data collected or received through means other than our website, including (but not limited to) email, telephone, post and face-to-face contact.

Important information and who we are

Purpose of this privacy policy

This privacy policy provides information on the way in which Benington Community Heritage Trust, trading as The Beonna, collects and processes your personal data, including any data that you may provide when (if applicable) you sign up to one or more newsletters or mailing lists, make a booking, take part in a meeting or event or otherwise engage with us. 

Many people with whom we interact (and whose personal data we therefore process) are under 16. To the extent (if any) that we rely on consent for a processing of personal data of a person under the age of 16 we will require that consent to be given by a parent or guardian.

Controller

This privacy policy is issued on behalf of Benington Community Heritage Trust. Any reference to “The Beonna”, "we", "us" or "our" in this privacy policy is, therefore, a reference to Benington Community Heritage Trust. 

Should you have any questions or concerns regarding this privacy policy, or our processing of personal data, please contact us at info@thebeonna.co.uk

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We ask, however, that you provide us with the opportunity to deal with your concerns before you approach the ICO and ask that you contact The Beonna in the first instance. 

Changes to the privacy policy and your duty to inform us of changes

This is our first privacy policy. We will record any updates here. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy/notice of every website that you visit if you leave our website by choosing to click on any link, plug-in or application.

The data we collect about you

Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you. These can be summarized as follows:

  • Identity & Contact Data includes first name, pre-martial name, surname, username or similar identifier, marital status, title, date of birth, gender, address, email address and telephone number.
  • Financial Data includes bank account details, payment card details and details of payments to/from you (such as charges for particular events).
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices that you use to access our website. 
  • Marketing and Communications Data includes your preferences in receiving updates from us and your communication preferences.

We do not routinely collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) or any information about criminal convictions and offences. We may collect and otherwise process Special Categories of Personal Data and/or information about criminal convictions and offences about you in the following contexts:

  • Where you voluntarily provide health information to us (for example, in relation to your participation in particular events);
  • Where it is necessary to collect/process health information to protect your vital interests (for example where there is an emergency at an event and either you are not able to consent, or you are under 16 and you do not have a parent present/available to provide consent);
  • During recruitment (you will receive a supplementary privacy notice where this applies to you); and
  • Where it is necessary for us to undertake safeguarding checks in relation to persons interacting with children or vulnerable persons.

How is your personal data collected?

We use different methods to collect data from and about you. These include direct interactions with you and/or your parent/guardian(s) and from parties or publicly available sources. Our website may also collect data from and about you and your device by automated means. Please contact us for further details. 

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform a contract thatwe are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
  • To protect your vital interests.
  • With your consent.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways that we plan (or may in the future plan) to use your personal data, and that the legal bases that we rely on to do so. 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further details about the specific legal basis that underlines our processing of your personal data where more than one ground has been laid out in the table below. 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a user or supporter:

(a) As a new participant/contact

(b) As a meeting, activity or event participant or attendee

(c) As a volunteer or helper 

(a) Identity & Contact

(b) Financial

(c) Marketing & Communications

Necessary for our legitimate interests

To process payments to and from you, including:

(a) Event or activity fees (if applicable)

(b) Venue hire fees

(c) Any other payments from time to time

(a) Identity & Contact

(b) Financial 

(a) Performance of a contract with you 

(b) Necessary for our legitimate interests 

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Keeping you up-to-date with newsletters and similar

(a) Identity & Contact

(b) Marketing and Communications

(a) Necessary for our legitimate interests (to keep our records updated and to keep you informed of club activities)

(b) In certain circumstances, consent

To administer and protect our club and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

(a) Identity & Contact

(b) Technical

Necessary for our legitimate interests (for running our organisation, provision of administration and IT services, network security)

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies some parts of our website may become inaccessible or may not function properly. For more information about the cookies we use please see the cookies policy available on our website.

Change of purpose 

We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require further information as to how the processing for the new purpose is compatible with the original purpose please contact us at info@thebeonna.co.uk.

Should we need to use your personal data for an unrelated purpose we will notify you and will explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your personal data

We may need to share your personal data with the parties set out below for the purposes set out in the table above.

  • External Third Parties as set out in the Glossary.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We do not knowingly transfer your personal data outside of the European Economic Area (EEA). 

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those Beonna personnel and third parties who have a legitimate need to know. They will process your personal data only on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

How long will you use my personal data for?

We will retain your personal data only for as long as is necessary to fulfill the purposes that we collected it for. In order to determine the appropriate retention period for personal data we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of this personal data, the purposes for which we process your personal data, the applicable legal requirements, and our ability to achieve these purposes through other means.   

Details of retention periods for different aspects of your personal data are set out below:

Type of data

Period of retention

Justification

Venue booking/enquiry forms

6 months from enquiry where no booking results; 7 years from last hire where a booking is made

Reasonable period to process potential bookings

Limitation period for legal claims plus one year to resolve claims made at end of period

Accident records

7 years from date of accident

Limitation period for legal claims plus one year to resolve claims made at end of period

Health & Safety Assessments

40 years from date of assessment

HSE guidance on appropriate period of retention

Financial Records

7 years from applicable financial year-end

Limitation period for legal claims plus one year to resolve claims made at end of period

Obligation to retain certain records for tax purposes.

Staff/employee records

7 years from ceasing to be employed by The Beonna

Limitation period for legal claims plus one year to resolve claims made at end of period

Minutes of meetings

7 years from meeting end

Limitation period for legal claims plus one year to resolve claims made at end of period

Your legal rights

Under certain circumstances you have rights in relation to your personal data under data protection laws. 

If you wish to exercise any of those rights (as further detailed in the Glossary), please contact us at info@thebeonna.co.uk 

No fee usually required

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In such circumstances we may, alternatively, refuse to comply with your request.

What we may need from you

We may need to request specific information from you to help us to confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. To speed up our response we may also contact you to ask you for further information.

Time limit to respond

We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests.

Glossary

THIRD PARTIES

External Third Parties

  • Service providers who provide IT, payment and system administration services.
  • Regulators, event organisers and other bodies involved with our activities from an administrative or regulatory perspective.
  • Professional advisers including lawyers, bankers, auditors and insurers as applicable.
  • Medical staff and other appropriate adult supervisors who need to know medical information in an emergency.

YOUR LEGAL RIGHTS

You may have the right to:

Request access to your personal data;

Request correction of the personal data that we hold about you;

Request erasure of your personal data; 

Object to processing of your personal data;

Request restriction of processing of your personal data; 

Request the transfer of your personal data to you or to a third party; 

Withdraw consent at any time where we are relying on consent to process your personal data.

Please consult the ICO website for further details of these rights at www.ico.org.uk