Cornwall Accessible Activities Program (CAAP) is committed to protecting your privacy. We aim to ensure that all information you give to us is held securely and is only used in a manner that you have consented to or would expect. Everything we do is underpinned by our values, one of which is that we strive to be open and transparent in our processes, being reliable and responsible to high professional standards.
This privacy notice applies to Cornwall Accessible Activities Program (CAAP) – the data controller with regards to the personal data you have disclosed to us. A data controller is the person or organisation who determines the purpose for which, and the way, any personal data is processed. The data controller is responsible for establishing practices and policies in line with the Regulations.
This notice explains how we collect, store and use your personal data. The website that we refer to in this notice is www.caapuk.co.uk
The information in this notice is provided in accordance with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and considers the General Data Protection Regulations (GDPR) implemented on 25/5/2018.
What information do we collect?
We collect data from you when you interact with CAAP online, face to face, by post, over the phone or via SMS. Some of this information is personal data which can be used to identify you. Examples of personal data include your name, address, date of birth, telephone number, email address and sometimes bank details if you are making a donation or payment. In the future, to gain access to the new activity booking system, you may be asked to register using your name and a password. We will only collect data which is relevant to the purpose for which you have given it and will only retain that information for the duration of your membership.
How we use your personal data
The purpose of collecting personal data is to ensure you receive access to the service you may have requested. We may also use your personal data to keep you informed about our work if you have requested this or have not opted out of receiving such communications. Examples of such communications are our electronic communications which inform you about things like the 50/50 club or external grant opportunities.
We may also ask you to financially support our work by sending you fundraising appeals. We may also use your data to process any donations you have given and any Gift Aid associated with that donation. All promotional and fundraising communications are classed as Direct Marketing.
How will we contact you?
We may contact you via post, email, telephone or SMS text. However, we will only contact you by the channel you have told us you wish to receive communications by and where we have received your consent to do so.
If you are a new member we will aim to capture your consent for Direct Marketing purposes at the data collection point. You do not have to give consent – it is your decision. If you do consent, we will also aim to capture your contact channel preferences at the data collection point. Should you wish you can specify a time limit for your consent to remain valid for, after which time we will not be able to contact you unless you give further consent. As a default position we will consider consent to remain valid while your child is still registered with us and have not objected to doing so.
You can give or withdraw consent to Direct Marketing, or change your contact channel preferences, at any time by writing to us at the address above, emailing email@example.com. Please let us know if you change your contact details or if you believe any information we hold is incorrect. You may exercise your ‘Right to Erasure’ at any point by contacting CAAP via the email given above and all of the information we hold about you and your family will be removed from our database.
Storing and sharing your data
CAAP stores your data on a secure cloud-based database called OneDrive hosted by Microsoft within the European Economic Area (EEA). If, for operational purposes, we are required to move your data outside of the EEA, we will ensure that adequate levels of data protection are in place.
Your data will not be processed outside of CAAP and will not be disclosed to any parties outside of CAAP, except to trusted partners and affiliates with whom we work, or work for us, to organize our events, e.g. discussing general needs of our membership and disclosing generic group info for fundraising appeals, sending electronic mail, or to process donations and Gift Aid, e.g. our bank and HMRC.
As part of our responsibilities to ensure that data we hold is accurate and up to date, we may occasionally undertake a process of cleansing data and we will delete any info no longer needed in accordance with our aim to be compliant with the principles of GDPR.
We only enter into relationships with third parties who have appropriate data protection policies and procedures in place. All data held by third parties is destroyed when it is no longer needed ie after activity is over.
We will not disclose your data to any other third parties unless we have your explicit consent to do so. At no time, will your data be passed to a third party for marketing purposes.
How long do we hold your personal data?
Your personal data will be held on our database during the period of our active relationship. Once we no longer require your data it will remain on our database indefinitely but will be marked inactive and no further steps will be taken to process it. We will not keep your personal data for any longer than is necessary. Once it is no longer required we will take all reasonable steps to destroy it or erase it from our systems.
In relation to us processing your personal data you have the following rights, which can be exercised at any time:
• To withdraw your consent for us to process your data.
• To be forgotten – to request your data is no longer processed or quarantined.
• Subject access requests – a right to request a copy of the data we hold about you.
• To object to your data being used by us for the purposes of direct marketing.
What else you should know about privacy
Remember to close your browser when you have finished your session. This will help ensure others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place like a library or internet café. You, as an individual, are responsible for the security of, and access to, your own computer.
Please be aware that whenever you voluntarily disclose personal information over the internet that this information can be collected and used by others. In short, if you post personal information in publicly accessible online forums, you may receive unsolicited messages from other parties in return. Ultimately, you are solely responsible for maintaining the secrecy of your usernames and passwords and any account information. Please be careful and responsible whenever you are using the internet.
Contact us via email firstname.lastname@example.org
A copy of CAAP’s Data Protection Policy is available upon request. If you wish to receive further information regarding CAAP’s Data Protection Policy please contact the Information Governance Lead for CAAP, c/o 2 Trethiggey Crescent, Quintrell Downs TR8 4LF or email email@example.com
Any issues, questions or concerns you may have in relation to the way CAAP process your data please do not hesitate to contact us on: firstname.lastname@example.org.
If at any time you have any concerns about the way your data has been processed by CAAP and those concerns cannot be resolved by CAAP directly you have the right to take those concerns externally and raise them with the regulator, the Information Commissioner www.ico.org.uk
Changes to this Privacy Notice
This privacy notice was last updated on 6th June 2018