PRIVACY POLICY & COOKIES
St. John's Hall Penhow is dedicated to safeguarding your personal information and ensuring its fair, transparent, and lawful processing. As a "data controller" under the Data Protection Act 1988 and the EU GDPR 2016/679, we are responsible for and oversee the handling of your personal data.
If you need to reach us, you can contact us through our designated contact page.
Our Responsibilities:
We will only collect information that is necessary for specific purposes.
The collection and use of personal information will be done fairly, lawfully, and with respect for privacy.
We will ensure that the information collected is relevant, adequate, and not excessive.
Safeguarding the security of information and maintaining proper records is of utmost importance.
We will keep personal information accurate, up to date, and delete any information that is no longer required.
Personal information will only be shared with authorized recipients and not sent to unauthorized parties.
Individuals have the right to request access to their information, and we will provide it upon request.
Data Controller: Our data controller can be contacted through our designated contact page. They have the legal responsibility for the storage and protection of the information.
Data Collection: We are committed to being open and transparent about the information we collect, process, and store. We will clearly communicate the data being retained and how it will be stored to our business partners and stakeholders. For bookings, there will be an audit trail to demonstrate consent for the use and retention of details. Any controversial decisions will be justified and recorded by the data controller.
Retention and Storage: We will retain personal information related to bookings for as long as necessary and in the minimum amount required. This includes names, addresses, telephone numbers, and email addresses, provided we have received permission to retain them. You can opt out or request data removal at any time by contacting the data controller. We securely store information on computers, servers, phones, and in the cloud, all protected by passwords. Notebooks containing information are locked away securely or kept safe when not in the office. We regularly review and update the information to ensure its relevance and accuracy, and we can demonstrate that this is being done.
Security: We take reasonable measures to ensure the security of personal information and prevent its loss, theft, or misuse. Our computers, phones, laptops, and tablets are password-protected. Physical records, such as notebooks and folders, are securely locked at all times. Any redundant computers are thoroughly wiped of all personal information. Our volunteers are knowledgeable about and compliant with our security policies and procedures.
Cookies: Cookies are used on our website to enhance your browsing experience. These small text files provide aggregated information on how users interact with our site, helping us improve its functionality. We may use cookies to remember your personal settings on our website, but we do not use them to collect personally identifiable information. Most of the cookies we set are automatically deleted when you leave our website. Some third-party services, like web analytics, surveys, and advertising, may also set cookies, and you should review their privacy policies for more information.
Subject Access Requests: Individuals have the right to request information about what we hold about them, including the source of the information and copies of their data trail. We will respond to such requests within 30 days, and in most cases, there will be no charge. The data controller handles these requests, and they should be made in writing via email or post. We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive, and we will provide individuals with an explanation in such cases, along with their right to lodge a complaint with the supervisory authority.