Data Protection Policy
Privacy Notice (How we use data information) – April 2018
Community Southwark will ensure that data is collected within the boundaries defined under the Data Protection Act 1998 and the updates coming into force on 25 May 2018. This applies to data that is collected in person, or through the online website form.
Information will be stored for only as long as it is needed and will be disposed of appropriately.
It is Community Southwark’s responsibility to ensure all data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.
Data Controller: Community Southwark
Contact: firstname.lastname@example.org / 020 7358 7020
Data Protection Lead: Steve Smith
Cookies and Google Analytics
The categories of member data information that we collect, process, hold and share include:
Personal information (such as name, mobile/phone number, email address, work address, Twitter, Facebook, LinkedIn)
Why we collect and use this information
We use data to:
- inform the development of member profiles on our Salesforce CRM database
- enable members to receive our ebulletins through our Mailchimp account
- enable the development of a comprehensive organisation directory on ourorganisation directory on our website
- enable us to fulfil our charitable mission of enabling a Southwark where communities have the ability and opportunity to fulfil their potential.
The lawful basis on which we process this information
Community Southwark collect data under the lawful basis that it is within our legitimate interest.
Our legitimate interest for collecting and processing member data is
that it is within our charitable objects/ objectives. It is our aim that Southwark communities that have the ability and opportunities to fulfil and exceed their potential.
We are determined to achieve this by creating strong foundations that supports all voluntary and community organisations, communities and individuals in Southwark to work together to improve practice, shape futures and change lives.
We would not be able to achieve our charitable objectives without collecting the data of our members.
Collecting this information
Whilst the majority of information members provide to us is mandatory as a part of the membership application process, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, we will inform members whether they are required to provide any other information to us or if you have a choice in this.
Storing this information
Individual members remain a member for life. Organisation membership ends when the organisation ceases to exist. Individual membership can be removed on request and both Individual and organisation members can request to update their details at any time.
We review the details for Individual membership, or individuals data attached to an organisation, on our Salesforce database every 3 years to ensure data is up to date.
Third party data processors
We use a number of 3rd party providers to process your data e.g. for booking on training and sending out our eNews, most of whom will store your data on our behalf in the United States. We carry out reasonable due diligence checks on these providers including checking they have signed up to the EU US Privacy Shield where data is stored outside of the EU, as well as checking their privacy policies and security statements.
- We routinely share this information with:
- our Trustees
- our funder Southwark Council
- the voluntary and community sector (through our website)
We may also share this information with non-profit third party organisations who have an interest in the voluntary sector in Southwark.
Why we share member information
We do not share information about our members with anyone else without consent unless the law and our policies allow us to do so. We never share information with third parties for them to use for marketing purposes.
We are required to share information about our members with our Trustees so that they can ratify each new organisation and confirm them as a new member.
We are obliged to share personal data with Southwark Council on a regular basis. This data sharing underpins monitoring and evaluation, and links to Community Southwark's funding / expenditure.
The voluntary and community sector
We share some personal data with the voluntary and community sector, in the organisations and venues directory section of our website. This is so that charities can see what other groups are doing in the borough and link up with them for potential partnership working.
The general Public
Our website is accessible to the general public. As part of our purpose is to promote the voluntary and community sector in the borough we list member organisation’s details on our website for the benefit of the public. On occasion we may receive requests from members of the public or colleagues in the voluntary sector for contact details of specific organisations and we will direct them to the appropriate page of our website.
Data collection requirements
We collect and process member data relating to members upon the request of Southwark Council. This is in the form of statistical data on a quarterly basis. This data provides the Council with regular monitoring reporting so that they can see the number of voluntary and community sector charities that are being supported by Community Southwark broken down into the different areas of support.
Southwark Council may share information about our members with third parties who promote the work of the members and the voluntary sector as a whole.
For more information about the Southwark Council’s data sharing process, please read: https://www.whatdotheyknow.com/request/242835/response/603621/attach/3/D...
To contact Southwark Council: https://www.southwark.gov.uk/
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/ where you have the right to lodge a complaint.
If you would like to discuss anything in this privacy notice, please contact:
Signed: Paul Rymer
Position: Chief Executive
Date: May 2018
Review Date: May 2019