Williamson Hall is owned by the Williamson Trust, and operated by a voluntary Hall Management Committee (Williamson Hall Management Committee – WHMC). It is a registered charity, number SC003200.
- Introduction
WHMC is committed to protecting and respecting the privacy of personal data. Being transparent and providing accessible information to individuals about how we use personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR).
The purpose of this privacy notice is to help you understand what we do with any data you provide and how we process and protect it.
Under the GDPR we do not have a statutory requirement to have a named Data Protection Officer. For WHMC, the Data Controller is the voluntary management committee of the Village Hall. If you have any questions regarding your personal data please contact williamsonhallabernethy@gmail.com
- The Data We Collect and How We Use It
The data we process falls into 4 main categories:
(a) Bookings Data.This is name, address, telephone number and / or email address as supplied by the prospective hirer via the booking request. The data is collected via the Bookings Form and used to ensure effective communication throughout the booking process, from initial request through to invoicing and banking of payment. The lawful basis for processing this data is that we are entering into a Contract with you for the hire of the facilities you wish to book.
(b) “100 Club” Data.This is name, address, telephone number and email address as supplied by the individual applying for a share in the club. The data is collected via the 100 Club Application Form and used to ensure effective running of the monthly draws and communication to prize winners. The lawful basis for processing this data is that we are entering into a Contract with you for including you in the monthly prize draw.
(c) Hall Management Committee Data. This is name, address, telephone number, email address and date of birth. We are required by law to notify the Scottish Charity Regulator of these details of the volunteers / trustees. It is also necessary for there to be effective communication between us. The lawful basis for processing this data is therefore twofold. Firstly, there is the Legal Obligation of keeping details up to date with the regulator. Secondly, there is Legitimate Need for effective communication between committee members.
(d) Supplier Data. This is name, address, telephone number and email address as provided by the supplier or as obtained from publicly available sources (e.g. internet, telephone book, etc.). The information is used to help communicate with appropriate suppliers for the purchase of good or services. The lawful basis for processing this data is that we are preparing to enter into a Contract for the purchase of those goods and services.
(e) Website data capture. The current website(s) do not capture any user data and we do not use our own cookies. However, we do use Google Analytics, which uses cookies to track visitor usage. Use of Google Analytics is conducted in Accordance with Google’s privacy policy: http://www.google.com/privacy.html.
- How We Store Your Personal Data
Paper based data (e.g. 100 Club Application Forms, signed Booking Agreement Forms, etc.) is held in files by the Hall Management Committee member responsible for the processing of that particular data. The ongoing retention of this data is in locked premises.
Electronic based data is subject to appropriate security and will not be shared with unauthorised people.
We will not sell distribute or lease your personal information to any third party unless we are required by law to do so.
The village hall has a Google account used primarily for Gmail. The village hall committee makes extensive use of email to communicate with each other, with suppliers, with volunteers, with hirers, etc. Email requires the use of 3rd party email services and, as part of this, there is at least transient use of this 3rd party ‘cloud’ storage.
- How Long We Retain Your Personal Data For
Bookings and 100 Club data provides support to financial transaction so will be retained for 7 years in order to comply with financial audit requirements. After that point, it will be destroyed/deleted.
Hall Management Committee data is a legitimate historical record of the Charity so will be retained indefinitely.
Supplier data will be retained until the committee considers the supplier to no longer be considered for future provision of goods or services.
- Who We Share Your Personal Data With
We do not and will not sell any personal data.
We will only disclose information to third parties or individuals when obliged to by law, for purposes of national security, taxation and criminal investigations.
- Your Rights
You have a number of very important rights. These include
- the right to be informed about what data is collected and how it is used, stored, etc. – this Privacy Notice is itself a key part in that;
- the right to ask us to remove your personal data from our records (unless it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to request a copy of the information we hold about you.
There is more information about your rights at the Information Commission Office at this link:
If you have any questions regarding your personal data please contact williamsonhallabernethy@gmail.com .
February 2023