Baobab Bach CIC
Baobab Bach CIC are committed to protecting your privacy and security.
Whenever you provide personal information to us, we will treat that information in accordance with this notice and current data protection law.
Baobab Bach CIC is the Data Controller.
We may collect, use, store and transfer different kinds of personal information about you including:
- Information to identify you, such as your name.
- Your telephone contact details.
- Your address and postcode.
- Your email address.
Legal Bases for Using Information
We use the following legal bases to process your information:
Consent – Where an individual has given their consent to us to process their data for a specific purpose.
Legitimate Interest – where the use of your personal information is necessary for Baobab Bach CIC’s legitimate interests, except where the individual’s interests and fundamental rights override those legitimate interests.
Contract – where the use of personal data is necessary in order that we can perform our obligations under our contract with individuals and organisations and for them to perform their obligations too.
Consent, Contract and Legitimate Interest are our primary reasons to process your data in connection with providing Community Pantry and Wellbeing services and associated activities.
Legal Obligation – when we need to process your personal data in order to comply with the law.
Vital Interests – if we need to process data in order to save someone’s life.
How We Use Your Information
- We will take the minimum data that we need in order to provide our service to you.
- We will ask for your written permission to hold your data. This will be in the form of a privacy notice.
- We will hold your data securely;
- written data will be kept under lock and key
- electronic data will be securely held with all appropriate measures taken, for example, remote servers will be located in the EU, anti-virus and malware protection will be installed on all devices and there will be password protection on all devices.
- Your information will not be shared with any other individual or organisation unless we have your explicit consent to do so.
- You may ask us to remove your data from our records at any time. This may take up to one month. You should contact ……………………………. in order to have your data removed.
Your Right to Your Data
- If we hold your personal data, you may request a copy of that data and be told how it is being used.
- If requested, a copy of the data we hold about you will be given to you within one month.
- Information we hold about you can be amended or deleted within one month of request unless we need to keep it for legal reasons.
- If there is a data breach affecting your data, you will not be notified unless it is deemed by the Data Controller to be a significant breach.
- If data is sent in error, the person in receipt of the data will be asked to delete it.
- If there is a data breach affecting your data, which is not likely to have an impact, steps will be taken to avoid the same thing happening again.
- If there is a data breach affecting you data, which is likely to have an impact, you will be informed and it will be reported to the Information Commissioner’s Office (ICO).
- If photographs are to be taken at a venue or at an event, notification will be given and all attendees will be able to opt out if they so wish. A statement will be issued stating how the images will be used.
- Photographs will be deleted once their purpose is done.
- Photographs will not be kept indefinitely.
- Photographs will only be shared with partner organisations on condition they will be held securely and used only for the stated purpose.
- Partner organisations will be required to delete photographs once they have served their purpose.
This policy also applies to the way personal information is used by our website. It should be read in conjunction with our Website Terms and Conditions.
We will use this information to:
- Ensure network and information security, including prevention of unauthorised access to our computer and electronic communications systems and to prevent malicious software distribution.
- To use data analytics to improve our website, products and services, marketing, client relationships and experiences.
This serves our legitimate interest in providing content which is bespoke to you and ensures that our website runs smoothly.
Failure to Provide Personal Information
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you, for example, to provide you with goods or services.
In this instance, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
How Long We May Keep Your Personal Information
We will only keep your personal information for as long as is necessary to fulfil the purposes we collected it for. This may include legal, accounting or reporting requirements.
In deciding how long we should keep your personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those through other means, and the applicable legal requirements.
If your personal data has not been used for one year, it will be deleted from our files. All data files will be evaluated annually and unused data will be deleted.
Your rights in your information are as follows:
If information we hold about you is incorrect, you can ask us to correct it.
You can ask what information we hold about you and be provided with a copy of it. This is known as ‘making a subject access request.’
We will also tell you why we use this information about you, where it came from and what types of people we have sent it to.
You can ask us to delete the information we hold about you in certain circumstances, for example, where we no longer need the information.
You can request the transfer of your information to you or to a third party in a format that can be read by computer. This applies where:
- The information has been provided by you
- The basis that we are relying on to process your information is consent or contract
- The information is being processed by us on computer.
You may object to us using your information where:
- We are using it for direct marketing purposes.
- We are relying on either the legitimate interests or performance of a task carried out in the public interest legal basis to use it.
- We are using it for historical or scientific research purposes or archiving purposes.
Our use of information about you may be restricted in some cases. For example, if you tell us that the information is inaccurate we can only use it for limited purposes whilst we check its accuracy.
To exercise any of your rights, you can submit your request in writing to the following person:
Alison Westwood, email@example.com
If you wish to talk us about any aspect of this notice or make any changes to how we manage your personal information, please contact:
Alison Westwood, firstname.lastname@example.org
If you consider we have not acted properly when using your personal information, you can contact the Information Commissioner’s Office at: https://ico.org.uk/