Privacy Policy
The John Sayer Almshouses Privacy Policy
Important information and who we are
John Sayer Almshouses is committed to protecting your personal data and ensuring that it is only ever used in accordance with your rights and expectations.
We decide what personal data we hold, how we hold it and how we use it. This makes us responsible for that data as a “data controller” and requires us to provide you with this privacy policy, outlining why we need your personal data, what we do with it and your rights in relation to it.
When we refer to:
- “we”, “us” or “our”, we mean John Sayer Almshouses;
- “personal data”, we mean any information relating to an identified or identifiable living individual;
- “processing”, we mean collecting, recording, organising, storing, sharing, destroying or anonymising personal data.
Please read this privacy policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and is not intended to override them.
How to contact us and how to complain
We have appointed a data privacy lead who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact John Sayer Almshouses at clerk@johnsayeralmshouses.org.uk or write to John Sayer Almshouses at 11 Kingsdale Road, Berkhamsted HP4 3BS
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. This version was last updated on 07/08/2023
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect personal data about you in any of these ways:
- When you apply for a job with us;
- When you are a volunteer;
- When you are engaged by us as a contractor and supply services to us;
- When you are a donor or potential donor;
- When you are a beneficiary;
- When you are trustee;
- When you access our website;
- When you contact us, request information or send us feedback.
We may collect personal data from you in person, over the telephone, through the post or online via email or our website, social media platforms or web surveys.
We may also collect personal data about you from other sources such as:
- Former employers, if you apply to work with us;
- DBS check providers, if you are an employee or volunteer and work with adults at risk;
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Dataincluding your name, data of birth, username or similar identifier, marital status, title and gender;
- Contact Data including your address, email address and telephone numbers;
- Financial Dataincluding your bank account
- Transaction Dataincluding details about payments to and from you and other details of services you have purchased from us;
- Technical Dataincluding your internet protocol (IP) address and your login data;
- Usage Data including information about how you use our website and services;
- Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences;
- Feedback data including notes of any conversations with you, and details of any comments or complaints you make;
- Health-related data including self-certificate forms and doctors’ notes in relation to sickness absence, if you are an employee;
- Information revealed through a DBS check including information about criminal convictions and offences, if you work or volunteer with adults at risk;
- Other sensitive datayou may have disclosed to us such as your racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, sexual orientation or genetic information and biometric data.
Under data protection law, health-related data and the other sensitive data listed above are all considered “special categories” of personal data. This data, as well data concerning criminal convictions and offences, requires higher levels of protection and so is subject to tighter controls.
Depending on the circumstances, we use your personal data so that we may:
- Make a decision about your recruitment or appointment;
- Perform and administer any contract we have entered into with you;
- Pay you or process any donations from you;
- Provide services to you, as a beneficiary;
- Receive services from you, as a contractor, volunteer or trustee;
- Communicate with you when you engage with us;
- Improve, assess and evaluate our operations;
- Investigate any complaints;
- Verify your identity;
- Customise our website and its content to your particular preferences.
How we use your personal data
We only use your personal data when we have a proper reason for doing so. There are various different legal bases upon which we may rely, depending on what personal data we process and why.
The legal bases we rely on most commonly to process your data include:
- contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
- legal obligation: where our use of your personal data is necessary for us to comply with the law;
- legitimate interests:where our use of your personal data is necessary to pursue our legitimate interests in a way which might reasonably be expected (that is, to pursue our aims of promoting the establishment, continuation and efficiency and effectiveness of the almshouses, and to promote the provision, improvement, upkeep and maintenance of the almshouses) and in a way which does not materially impact your rights, freedoms or interests.
In a small number of cases, we may also rely on the following legal bases:
- vital interests:where our use of your personal data is necessary to protect your or someone else’s life, typically in an emergency;
- consent:where you have given us clear consent for us to process your personal data for a specific purpose, where another legal basis cannot be used.
In relation to any “special category” personal data or data concerning criminal convictions and offences, we rely on different reasons to process your personal data. Most commonly these include that the processing is:
- necessary for carrying out our legal obligations relating to employment law;
- necessary in the substantial public interest, and further conditions are met;
- necessary for the establishment, exercise or defence of legal claims;
- carried out with your explicit consent.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you have given your consent for us to process your personal data, you have the right to change your mind at any time and withdraw your consent.
Who we share your personal data with
We do not share your information we third parties.
We will only share your personal data with third parties:
- if we are legally required to do so, for example, by a law enforcement agency or court;
- to enforce or apply any contract we have with you;
- if it is necessary to protect our rights, property or safety or to protect the rights, property or safety of others;
Marketing
We strive to provide you with options around marketing.
Marketing from us
You will receive marketing communications from us that promote our aims and objectives if you have requested information from us and you have not opted out of receiving that marketing.
Opting out
You can ask us to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you or by contacting us at any time at clerk@johnsayeralmshouses.org.uk, John Sayer Almshouses, 11 Kingsdale Road, Berkhamsted HP4 3BS. We will update our records to reflect your wishes.
Cookies
We do not use cookies on this website.
International transfers
We do not transfer your personal data outside the European Economic Area (EEA).
Data security
We take the security of your personal data seriously. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Different retention periods apply for different types of personal data. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
At the end of the relevant retention period, your personal data will either be deleted completely, put beyond use or anonymised. Some data about members will be kept in perpetuity as a record of our history and heritage.
Details of retention periods for different types of personal data are available in our retention policy which you can request from us by contacting us.
Your rights
You have the following rights, which you can exercise free of charge and on request:
- to access the personal data we hold about you;
- to require us to update or correct the personal data we hold about you;
- to require the erasure of your personal data in certain circumstances;
- to receive the personal data we hold about you in a structured, commonly used and machine-readable format, and to transmit it to a third party in certain situations;
- to object at any time to the processing of your personal data for direct marketing purposes;
- to request the restriction of the processing of your personal data;
- to challenge any automated decisions we make about you;
- to withdraw your consent at any time.
If you wish to exercise any of these rights, please contact John Sayer Almshouses at clerk@johnsayeralmshouses.org.uk or write to John Sayer Almshouses, 11 Kingsdale Road, Berkhamsted HP4 3BS and let us have enough information to identify you.
If you request the personal data that we hold about you, we will respond within one month (unless the complexity and number of requests mean that we need more time).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Resources & Further Information