Privacy policy
Benington Community Heritage Trust, trading as The Beonna, respects your privacy and is committed to protecting your personal data. This privacy policy lays out how we look after your personal data when you visit our website at thebeonna.co.uk (“our website”) (regardless of where you visit it from). It also tells you about your privacy rights and how the law protects these. This privacy policy also applies to any personal data collected or received through means other than our website, including (but not limited to) email, telephone, post and face-to-face contact.
Important information and who we are
Purpose of this privacy policy
This privacy policy provides information on the way in which Benington Community Heritage Trust, trading as The Beonna, collects and processes your personal data, including any data that you may provide when (if applicable) you sign up to one or more newsletters or mailing lists, make a booking, take part in a meeting or event or otherwise engage with us.
Many people with whom we interact (and whose personal data we therefore process) are under 16. To the extent (if any) that we rely on consent for a processing of personal data of a person under the age of 16 we will require that consent to be given by a parent or guardian.
Controller
This privacy policy is issued on behalf of Benington Community Heritage Trust. Any reference to “The Beonna”, "we", "us" or "our" in this privacy policy is, therefore, a reference to Benington Community Heritage Trust.
Should you have any questions or concerns regarding this privacy policy, or our processing of personal data, please contact us at info@thebeonna.co.uk
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We ask, however, that you provide us with the opportunity to deal with your concerns before you approach the ICO and ask that you contact The Beonna in the first instance.
Changes to the privacy policy and your duty to inform us of changes
This is our first privacy policy. We will record any updates here.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy/notice of every website that you visit if you leave our website by choosing to click on any link, plug-in or application.
The data we collect about you
Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you. These can be summarized as follows:
- Identity & Contact Data includes first name, pre-martial name, surname, username or similar identifier, marital status, title, date of birth, gender, address, email address and telephone number.
- Financial Data includes bank account details, payment card details and details of payments to/from you (such as charges for particular events).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices that you use to access our website.
- Marketing and Communications Data includes your preferences in receiving updates from us and your communication preferences.
We do not routinely collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) or any information about criminal convictions and offences. We may collect and otherwise process Special Categories of Personal Data and/or information about criminal convictions and offences about you in the following contexts:
- Where you voluntarily provide health information to us (for example, in relation to your participation in particular events);
- Where it is necessary to collect/process health information to protect your vital interests (for example where there is an emergency at an event and either you are not able to consent, or you are under 16 and you do not have a parent present/available to provide consent);
- During recruitment (you will receive a supplementary privacy notice where this applies to you); and
- Where it is necessary for us to undertake safeguarding checks in relation to persons interacting with children or vulnerable persons.
How is your personal data collected?
We use different methods to collect data from and about you. These include direct interactions with you and/or your parent/guardian(s) and from parties or publicly available sources. Our website may also collect data from and about you and your device by automated means. Please contact us for further details.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform a contract thatwe are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- To protect your vital interests.
- With your consent.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways that we plan (or may in the future plan) to use your personal data, and that the legal bases that we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further details about the specific legal basis that underlines our processing of your personal data where more than one ground has been laid out in the table below.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
To register you as a user or supporter: (a) As a new participant/contact (b) As a meeting, activity or event participant or attendee (c) As a volunteer or helper |
(a) Identity & Contact (b) Financial (c) Marketing & Communications |
Necessary for our legitimate interests |
To process payments to and from you, including: (a) Event or activity fees (if applicable) (b) Venue hire fees (c) Any other payments from time to time |
(a) Identity & Contact (b) Financial |
(a) Performance of a contract with you (b) Necessary for our legitimate interests |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Keeping you up-to-date with newsletters and similar |
(a) Identity & Contact (b) Marketing and Communications |
(a) Necessary for our legitimate interests (to keep our records updated and to keep you informed of club activities) (b) In certain circumstances, consent |
To administer and protect our club and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity & Contact (b) Technical |
Necessary for our legitimate interests (for running our organisation, provision of administration and IT services, network security) |
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies some parts of our website may become inaccessible or may not function properly. For more information about the cookies we use please see the cookies policy available on our website.
Change of purpose
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require further information as to how the processing for the new purpose is compatible with the original purpose please contact us at info@thebeonna.co.uk.
Should we need to use your personal data for an unrelated purpose we will notify you and will explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We may need to share your personal data with the parties set out below for the purposes set out in the table above.
- External Third Parties as set out in the Glossary.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers
We do not knowingly transfer your personal data outside of the European Economic Area (EEA).
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those Beonna personnel and third parties who have a legitimate need to know. They will process your personal data only on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
How long will you use my personal data for?
We will retain your personal data only for as long as is necessary to fulfill the purposes that we collected it for. In order to determine the appropriate retention period for personal data we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of this personal data, the purposes for which we process your personal data, the applicable legal requirements, and our ability to achieve these purposes through other means.
Details of retention periods for different aspects of your personal data are set out below:
Type of data |
Period of retention |
Justification |
Venue booking/enquiry forms |
6 months from enquiry where no booking results; 7 years from last hire where a booking is made |
Reasonable period to process potential bookings Limitation period for legal claims plus one year to resolve claims made at end of period |
Accident records |
7 years from date of accident |
Limitation period for legal claims plus one year to resolve claims made at end of period |
Health & Safety Assessments |
40 years from date of assessment |
HSE guidance on appropriate period of retention |
Financial Records |
7 years from applicable financial year-end |
Limitation period for legal claims plus one year to resolve claims made at end of period Obligation to retain certain records for tax purposes. |
Staff/employee records |
7 years from ceasing to be employed by The Beonna |
Limitation period for legal claims plus one year to resolve claims made at end of period |
Minutes of meetings |
7 years from meeting end |
Limitation period for legal claims plus one year to resolve claims made at end of period |
Your legal rights
Under certain circumstances you have rights in relation to your personal data under data protection laws.
If you wish to exercise any of those rights (as further detailed in the Glossary), please contact us at info@thebeonna.co.uk
No fee usually required
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In such circumstances we may, alternatively, refuse to comply with your request.
What we may need from you
We may need to request specific information from you to help us to confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. To speed up our response we may also contact you to ask you for further information.
Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests.
Glossary
THIRD PARTIES
External Third Parties
- Service providers who provide IT, payment and system administration services.
- Regulators, event organisers and other bodies involved with our activities from an administrative or regulatory perspective.
- Professional advisers including lawyers, bankers, auditors and insurers as applicable.
- Medical staff and other appropriate adult supervisors who need to know medical information in an emergency.
YOUR LEGAL RIGHTS
You may have the right to:
Request access to your personal data;
Request correction of the personal data that we hold about you;
Request erasure of your personal data;
Object to processing of your personal data;
Request restriction of processing of your personal data;
Request the transfer of your personal data to you or to a third party;
Withdraw consent at any time where we are relying on consent to process your personal data.
Please consult the ICO website for further details of these rights at www.ico.org.uk