Privacy Policy
GENERAL DATA PROTECTION REGULATIONS – PRIVACY NOTICE – GPRA
Under the General Data Protection Regulations (GDPR), The Treasurer of Glenholt Park Residents Association(as Data Controller) is required to inform all customers (the Data Subjects) of our contact details, all types and sources of customer data that we keep, the purpose and legal basis for keeping that data, how long we keep it, who it is shared with and whether it is transferred to another country. The GDPR also gives customers (Data Subjects) certain rights including the right to be informed, have access, rectification, erasure, to restrict processing, data portability, the right to object, along with rights regarding automated profiling
Name and Contact Details of our Organisation and Representative
The Treasurer, Glenholt Park Residents Association [email protected]
The Categories of Personal Data Obtained
CUSTOMER DATA - Name, address, telephone number, email address
The Purpose of Processing
To provide membership services and payment records of members of the GPRA, to provide regular newsletters, to provide confirmation to the Barton Group in order for the GPRA to be recognised as an official residents’ association and to be able to undertake assistance to residents should they have any issues
The Lawful Basis of Processing
Article 6(b) Contract-the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. (To provide membership services and payment records of members of the GPRA, to provide regular newsletters, to provide confirmation to the Barton Group in order for the GPRA to be recognised as an official residents’ association)
Article 6(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose. (To be able to undertake assistance to residents should they have any issues)
The Source of the Personal Data
Data is provided by the data subject
Who the Data is Shared with
Article 6(b) Contract
Name, address, phone number, email address (if given) – shared with the Treasurer and all committee members
Name, address – viewed (but not given to) Barton Group as confirmation that 50% of the residents belong to the GPRA in order to meet our obligation as a Recognised Residents Association
Name, address – Should a resident have an issue they wish the GPRA to help with, correspondence received asking for this help will be shared with members of the Committee in order to discuss.
Address – shared with volunteers who deliver the monthly newsletter so that they can deliver the newsletter
Article 6(a) Consent (In the event that you request the Committee to act on your behalf)
Name, address, other information as provided by you - shared with other third parties as necessary. We will obtain your consent prior to acting on your behalf.
The Details of Transfers of the Personal Data to any Third Countries or International Organisations
Emails and other information may be kept on email servers outside of the EU and UK in accordance with the GDPR
The Retention Periods for the Personal Data
All personal data will be retained for 7 years after termination of membership or 7 years after resolution of any work the GPRA undertakes on behalf of the member - whichever the latest - for protection in case of the establishment, exercise or defence of legal claims
Data Breaches
We will report any data breaches within 72 hours of becoming aware, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform the individuals affected without undue delay. We will record all personal data breaches, regardless of whether we are required to notify.
Right of Access
Individuals (data subjects) have the right to access their personal data and supplementary information. We are required to provide you a copy within one month. To request access your personal data, please do so in writing.
Right of Rectification
Individuals have the right to request that inaccurate personal data is rectified or completed if it is incomplete. An individual can make a request for rectification verbally or in writing.
Right of Erasure
Individuals have the right of erasure. All personal data will be retained for 7 years after the member leaves or 7 years after an issue is resolved - whichever. This is for protection in case of the establishment, exercise or defence of legal claims. However, we may be able to erase minimal data such as phone number and email address. If you would like to request the erasure of your personal data, please do so in writing
Right to Restrict Processing
Individuals have the right to request the restriction or suppression of their personal data except when needed for protection in case of the establishment, exercise or defence of legal claims. If you would like to restrict processing of your personal data, please do so in writing
Right to Data Portability
Individuals have the right to data portability, allowing individuals to obtain and reuse their data for their own purposes across different services. Please request this in writing. This will be provided within one month
The Right to Lodge a Complaint with a Supervisory Authority
If you have a concern about the way we are handling your personal information you may contact the Information Commissioner’s Office and report your concerns. This can be done online at https://ico.org.uk/concerns/handling/ or by telephoning the ICO on 0303 123 1113
Under the General Data Protection Regulations (GDPR), The Treasurer of Glenholt Park Residents Association(as Data Controller) is required to inform all customers (the Data Subjects) of our contact details, all types and sources of customer data that we keep, the purpose and legal basis for keeping that data, how long we keep it, who it is shared with and whether it is transferred to another country. The GDPR also gives customers (Data Subjects) certain rights including the right to be informed, have access, rectification, erasure, to restrict processing, data portability, the right to object, along with rights regarding automated profiling
Name and Contact Details of our Organisation and Representative
The Treasurer, Glenholt Park Residents Association [email protected]
The Categories of Personal Data Obtained
CUSTOMER DATA - Name, address, telephone number, email address
The Purpose of Processing
To provide membership services and payment records of members of the GPRA, to provide regular newsletters, to provide confirmation to the Barton Group in order for the GPRA to be recognised as an official residents’ association and to be able to undertake assistance to residents should they have any issues
The Lawful Basis of Processing
Article 6(b) Contract-the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. (To provide membership services and payment records of members of the GPRA, to provide regular newsletters, to provide confirmation to the Barton Group in order for the GPRA to be recognised as an official residents’ association)
Article 6(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose. (To be able to undertake assistance to residents should they have any issues)
The Source of the Personal Data
Data is provided by the data subject
Who the Data is Shared with
Article 6(b) Contract
Name, address, phone number, email address (if given) – shared with the Treasurer and all committee members
Name, address – viewed (but not given to) Barton Group as confirmation that 50% of the residents belong to the GPRA in order to meet our obligation as a Recognised Residents Association
Name, address – Should a resident have an issue they wish the GPRA to help with, correspondence received asking for this help will be shared with members of the Committee in order to discuss.
Address – shared with volunteers who deliver the monthly newsletter so that they can deliver the newsletter
Article 6(a) Consent (In the event that you request the Committee to act on your behalf)
Name, address, other information as provided by you - shared with other third parties as necessary. We will obtain your consent prior to acting on your behalf.
The Details of Transfers of the Personal Data to any Third Countries or International Organisations
Emails and other information may be kept on email servers outside of the EU and UK in accordance with the GDPR
The Retention Periods for the Personal Data
All personal data will be retained for 7 years after termination of membership or 7 years after resolution of any work the GPRA undertakes on behalf of the member - whichever the latest - for protection in case of the establishment, exercise or defence of legal claims
Data Breaches
We will report any data breaches within 72 hours of becoming aware, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also inform the individuals affected without undue delay. We will record all personal data breaches, regardless of whether we are required to notify.
Right of Access
Individuals (data subjects) have the right to access their personal data and supplementary information. We are required to provide you a copy within one month. To request access your personal data, please do so in writing.
Right of Rectification
Individuals have the right to request that inaccurate personal data is rectified or completed if it is incomplete. An individual can make a request for rectification verbally or in writing.
Right of Erasure
Individuals have the right of erasure. All personal data will be retained for 7 years after the member leaves or 7 years after an issue is resolved - whichever. This is for protection in case of the establishment, exercise or defence of legal claims. However, we may be able to erase minimal data such as phone number and email address. If you would like to request the erasure of your personal data, please do so in writing
Right to Restrict Processing
Individuals have the right to request the restriction or suppression of their personal data except when needed for protection in case of the establishment, exercise or defence of legal claims. If you would like to restrict processing of your personal data, please do so in writing
Right to Data Portability
Individuals have the right to data portability, allowing individuals to obtain and reuse their data for their own purposes across different services. Please request this in writing. This will be provided within one month
The Right to Lodge a Complaint with a Supervisory Authority
If you have a concern about the way we are handling your personal information you may contact the Information Commissioner’s Office and report your concerns. This can be done online at https://ico.org.uk/concerns/handling/ or by telephoning the ICO on 0303 123 1113