Bedfordshire Rural Communities Charity (BRCC) is committed to protecting and respecting your privacy. This Privacy Notice, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and the purpose for our collection of it. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose the General Data Protection Regulation or GDPR, Bedfordshire Rural Communities Charity is the data controller of your personal information and is entered in the Information Commissioner’s Office (ICO) Register of Data Controllers.
This policy explains how we may collect and process personal data about:
- clients and prospective clients;
- visitors to our website and subscribers to our online services;
- job and work experience applicants and contractors; and
- any other individual whose personal data we may
Depending on our relationship with you this policy may be supplemented with additional information, policies or guidelines relating to our use of your personal data, for example in our application forms, Terms and Conditions, and other documentation.
What personal information do we collect and why do we collect it?
We may collect and process personal information about you including information:
- that you provide by filling in forms on our website, posting material, requesting further services or reporting a problem with our website;
- that you provide when you use our professional and charitable services as a client;
- received in correspondence that you send to us;
- provided to us as part of a job, volunteering or work experience application you make;
- received during certain calls to and from us and our representatives and
- concerning your visits to our website (including but not limited to traffic data) and the resources that you
We may also collect information about you in other ways, for example:
- if you are a customer of one of our partner organisations, and we are undertaking our services on our partner’s behalf;
- indirectly, through one of our staff or volunteers, a client or a third party;
- if you are a supplier of ours, from that supplier relationship; and
- from publicly available sources, for example the electoral roll or Companies House.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes your name, username or similar identifier, marital status, title, date of birth and
- Contact Data includes addresses, email address and telephone
- Financial Data includes bank account and payment card
- Transaction Data includes details about our services that you have used with us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our
- Usage Data includes information about how you use our website and how you use our
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Special Categories of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those
- Where we need to perform the contract we are about to enter into or have entered into with
- Where you have given BRCC your express consent to process your personal data.
- Where we need to comply with a legal or regulatory
The way we process your personal data we collect as set out above varies depending on our relationship with you. In each case the purposes for which we request the information will be clear from the context in which it is acquired. These include:
- providing our services to you or an entity for which you work;
- verifying your identity;
- keeping a record of the services you have subscribed to and deliver services you may have requested;
- administration, billing and record-keeping purposes;
- communicating with you by telephone, email, fax or post;
- meeting our legal, regulatory and contractual obligations arising from our relationship with you;
- administering our website, enhancing operational capabilities and for internal operations;
- verifying or enforcing compliance with this policy and applicable laws; and
- to inform you of developments that may affect you or to inform you of products, services or
In some circumstances we may ask for sensitive data
Sometimes we will ask you to provide additional personal information, and sometimes sensitive personal information related to your health (e.g. if you become a client of a Village Agent or Local Community Coordinator, Transport Services [Door to Door, Wheels In Motion] or Social Prescribing Services).
When we do this we will provide further information about why we are collecting your information and how we will use it. In these cases we will always obtain your express consent.
We may also ask for and anonymously record ethnicity, religious belief and sexual orientation information to help us with equal opportunities monitoring.
Disclosure of your personal data
We will only disclose your personal information to another person or organisation where we:
- need to share the information to provide a product or service you have requested;
- need to send the information to persons or organisations who engage our services on their behalf, including where you are that third party’s client;
- need to send the information to persons or organisations that work on our behalf to provide a product or service to you. Where such a person or organisation does work on our behalf we will ensure that they are contractually required to take appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing and against accidental loss or destruction of, or damage to, personal information and only use the information in order to provide a product or service on our behalf; and
- are required to disclose the information in order to comply with the law or the requirements of a regulatory
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our legal basis for using your personal data
Our use of your personal data is subject to different legal bases for processing, including where necessary:
- From clients of our services – for the purposes of service delivery
- From supporters – to communicate our activities via e-bulletins
- From employees – in order to be able to employ, manage and pay employees
We will only collect this information, where necessary with your consent, and we will not pass this information on to any third parties unless it is for the purpose of referrals in order to provide our services to you under legitimate interest.
We collect information for the following purposes:
- the purposes of the performance of any contract we enter into with you or to take steps at your request prior to entering into a contract with you;
- consent, where we will ask you to give your consent for us to process sensitive data that you provide to us for the purpose of proving our services to you. We will also ask for your consent to send you information in relation to events, newsletters and other items that may be of interest to you but not directly related to the services already being provided to you and for which we process your information using legitimate interest ;
- our legitimate interests, for example in providing our services to an entity you work for, managing and monitoring our website operation, preventing fraud and for our business compliance purposes; and
- compliance with our legal and regulatory
If you do not agree to provide your personal data to us we may not be able to provide you with our services or process your application for employment or volunteering opportunities. Where our use of your data is not necessary for one of the purposes outlined above we may use it in a particular way with your consent.
Where we ask for your consent you are free to refuse our use of your personal data for those purposes, and you may withdraw your consent at any time by contacting us using the details set out below. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
Retention of your personal data
We will retain your personal information for as long as is reasonably necessary for the purpose for which it was obtained and in accordance with our legal obligations and follow our data destruction policy and processes thereafter (see retention periods, below). Your personal data may be retained by use for more than six years for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we
process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where possible we will anonymise personal data before retention.
|Personal data about clients||As long as the client uses the service (unless there is a statutory reason for further retention)|
|Personnel records (including training, disciplinary, working time, sickness and redundancy)||6 years after employment ceases (recommended)|
|Disclosure information gained through the recruitment procedure||6 months (unless otherwise advised by DBS)|
|Application forms and interview notes (for unsuccessful candidates)||1 year (recommended)|
|Payroll records||6 years (statutory)|
|Statutory Maternity Pay records||3 years (statutory)|
|Pension records||As long as the person is in membership of the BRCC pension scheme|
|Personal data on volunteers||One year after the volunteer has stopped working for BRCC|
|Accident records/reports||3 years from the incident and/or date of the last entry|
Links to other websites
This policy only extends to our website and websites, which are owned and operated by Bedfordshire Rural Communities Charity and does not, therefore, extend to your use of, provision of information to and collection of information on any website not connected to Bedfordshire Rural Communities Charity to which you may link by using the hypertext links within our website.
Your personal information is protected under data protection law and you have a number of rights (see below) which you can seek to exercise. Please contact us in writing or by email using the details shown under ‘Contact’ below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.
Right of access – subject to certain exceptions, you have the right of access to your personal data that we hold (commonly known as a “data subject access request”).
Right to rectify your personal information – if you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
Right to be forgotten – you may ask us to delete information we hold about you in certain circumstances. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
Right to restriction of processing – in some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
Right to object to processing – you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to data portability – you have the right to receive, move, copy or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.
Right to withdraw consent – you have the right to withdraw your consent where we are relying on consent to process your personal data. If you withdraw your consent, it should not preclude you from obtaining our services , however in some circumstances we may not be able to provide certain products or services to you.
We will advise you if this is the case at the time you withdraw your consent.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to collect aggregate information for us to use. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
What are cookies and why do we use them?
Cookies are small text files that are created and stored on your browser or the hard drive of your computer by websites that you visit to enable the website to operate properly to ‘remember’ who you are and to monitor website traffic. Cookies are generally only visible to the website that serves them and not to other websites.
Cookies are used on our website to ‘remember’ information so that it can be passed from page to page and to collect website statistics. This statistical data collected may be used to help improve our website and the services that we offer to you. Some of our cookies will also recognise you as a previous visitor the next time you visit our website to improve your experience.
How to manage cookies
Most internet browsers accept cookies automatically however, you can accept, delete or disable cookies if you wish; the process for which can usually be found in your internet browser’s ‘Help’ menu.
For more information about cookies and instructions on how to adjust your browsers settings to accept, delete or reject cookies, see the IAB website here: http://www.youronlinechoices.com/uk/
Bedfordshire Rural Communities Charity takes great care to ensure the security of our website(s) and your personal information. Only authorised personnel and contractors have access to your information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We will keep your information secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing, accidental loss, destruction and damage.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information we cannot guarantee the security of your personal information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to this Policy
We may change this policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we have made, as they are binding on you. If we make any substantial changes in the way we use your personal information we will notify you by posting a prominent notice on our website.
If you have any questions about how we treat your personal data and protect your privacy, or if you have any comments or wish to seek to exercise any of your rights as outlined above, i.e. to withdraw your consent, to opt-out of receiving marketing communications from us or to complain about our use of your personal data, please write to The Data Officer, Bedfordshire Rural Communities Charity, The Old School, Cardington, Bedford MK44 3SX, by email at firstname.lastname@example.org or telephone 01234 838771
You may also lodge a complaint with the ICO by writing to the Information Commissioner’s Office, Water Lane, Wilmslow, SK9 5AF telephone 0303 123 1113. www.ico.org.uk/.
Last updated: 31 May 2018