privacy

Data Protection & Privacy Policy

'We/Us' = Surrey LGBTQ Pride CIC (trading as Pride in Surrey)
Additionally known to operate: The Pride Hub and ShopWithPride.co.uk
'You/They' = Anyone who's data 'we' may be in receipt of

Introduction
Here at Surrey LGBTQ Pride CIC, we need to gather and use certain information about individuals we engage with. These can include committee members, volunteers, external agencies or partners, and members of the public and other people we may come into contact with. This policy describes how this personal data must be collected, handled and stored to meet our organisational standards and to comply with the law.

Surrey LGBTQ Pride CIC are registered with and regulated by the ICO (Information Commissioners Office) and The Fundraising Regulator. Surrey LGBTQ Pride CIC also have suitable Safeguarding policies in place and training that supports and guides volunteers who may be handling anyones personal/confidential data. 

Policy Statement
Surrey LGBTQ Pride CIC is committed to a policy of protecting the rights and privacy of individuals, including clients, volunteers, staff and others in accordance with The Data Protection Act 1998. The policy applies to all committee members and volunteers at Surrey LGBTQ Pride CIC and any breach of The Data Protection Act 1998 may be considered to be an offence and in that event, disciplinary procedures apply.

As a matter of good practice, other organisations and individuals working with our organisation, and who have access to personal information, will be expected to have read and comply with this policy. It is expected that any staff who deal with external organisations will take responsibility for ensuring that such organisations sign a contract agreeing to abide by this policy if appropriate and necessary.

Legal Requirements
Data is protected by the Data Protection Act 1998, which came into effect on 1 March 2000. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data is not processed without their knowledge, and, wherever possible, is processed without their consent.

The Act requires us to register the fact that we may hold personal data and to acknowledge the right of ‘subject access’ for anyone we hold data on. A ‘subject access’ request must be put in writing either via our postal address or via e-mail: hello@prideinsurrey.org  

Managing Data Protection
We will ensure we continue to comply with all relevant laws and legislations protecting all data that we may be in receipt of. 

Why we may be in receipt of personal data at Surrey LGBTQ Pride CIC
We may be in receipt of data for numerous reasons, these include but are not limited to:
- Maintaining accurate and proper personnel records surrounding Directors and/or Core team members (volunteers). This is likely to include the full results of any safety/background checks including CRB.
- The contact information of third party service providers, guest speakers, event performers and partners such as sponsors, philanthropists, venues and regular donors. 
- To ensure correct and appropriate accounting or HMRC submissions such as VAT information and/or invoicing details. 
- In the event of advertising, agency marketing, social influencing or PR output.
- Enabling the correct signposting / referral to a professional non-profit, charity or public health service.

Data Protection Law

The Data Protection Act 1998 describes how organisations like Surrey LGBTQ Pride CIC must collect, handle and store personal information. These rules apply regardless of whether the data is stored electronically, on paper or on other materials.

To ensure we comply with the law, any personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

There are eight principles which underpin the Data Protection Act and these say that personal information must:

Be processed fairly and lawfully
Be obtained only for specific, lawful purposes
Be adequate, relevant and not excessive
Be accurate and kept up to date
Not be held for any longer than necessary
Processed in accordance with the rights of data subjects
Be protected in appropriate ways
Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection.

Be processed fairly and lawfully

We will always put our logo on all of our paperwork and state our intentions on how we will process the data and also state if and to whom we intend to give the personal data. We will also give an indication of how long we will keep the data.

Be obtained only for specific, lawful purposes

Any request for your data from a third party (other than legally binding) will result in us contacting you by any means or notifying the requesting party to contact you directly. Any concerns surrounding a request will be duly investigated and reported to the Information Commissioners Office (ICO). 

Surrey LGBTQ Pride CIC will continue to monitor the data we hold and ensure we hold neither too much nor too little in respect of the individuals we hold data on. If we hold or obtain too much data, we will immediately delete or destroy the excess.

Be accurate and kept up to date

All amendments will be made immediately and any data we no longer require will be deleted or destroyed. It is the responsibility of individuals to ensure the data held by us is accurate and up-to-date. How much will be taken as an indication that the data contained is accurate and individuals should notify us of any changes, to enable personnel records to be updated accordingly. It is our responsibility to act upon notification of changes to data, amending them where relevant.
If anyone we hold data for asks us to review their data/delete data or request their data and we refuse or do not process their request correctly then they have the right to complain through the relevant authorities. 
Data will not be kept longer than necessary

At Surrey LGBTQ Pride CIC, we discourage the retention of data for longer than is necessary. All personal data will be deleted or destroyed by us after one year in the case of former employees and as soon as appropriate in the case of client’s data.

Data will be processed in accordance with the individual’s rights

Everyone that Surrey LGBTQ Pride CIC holds data on has the right to:
Be informed upon the request of all the information held about them within 40 days.
Prevent the processing of their data for the purposes of direct marketing.
Compensation if they can show they have been caused damage by any contravention of the Act.
Have any inaccurate data held about them removed or corrected.

All data will be held securely

All Surrey LGBTQ Pride CIC computers and/or online services have log in details which form parts of how we deliver our web services.
All personal and financial data relating to employees (volunteers) are either kept in a locked filing cabinet or online service that can only be accessed by authorised staff; Director/s, Chief Operating Officer, Senior administrator/Personal assistant.
When staff are using PC’s/laptops out of the office, care should always be taken to ensure personal data on the screen cannot be seen by others. This also includes smart phones and tablets if our database is being accessed away from the office.
Data will not be transferred to countries outside of the European Economic Area (EEA), unless the country has adequate protection for the individual.

Data must not be transferred to countries outside of the EEA without the explicit consent of the individual. Surrey LGBTQ Pride CIC takes care to be aware of this when publishing this on the internet, which can be accessed anywhere in the world.

Client Information 

The information we are likely to have about a client includes (but not limited to):
Name, Age, Address
Previous Donations / Shopping experiences
Sexual orientation and/or Gender
Sexual / Physical and Emotional health and well-being
We treat electronic information the same as paper format and it too is covered by this policy.

Retention

We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable opportunity. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations. 

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

Grounds for data collection 

Processing of your personal information (i.e. any information which may potentially allow your identification through reasonable means; hereinafter "Personal Information") is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject.

When you use the Site, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.

We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions. 

What information do we collect?

We collect two types of data and information from Users. 

The first type of information is unidentified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Site (“Non-personal Information”). We are not aware of the identity of a User from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site. We may also collect information on your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).

The second type of information Personal Information , which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. Such information includes:
  • Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers (e.g. MAC address and UUID) and other information which relates to your activity through the Site.
  • Personal email address and telephone numbers following a competed contact form or online web enquiry form.  

How do we receive information about you?

We receive your Personal Information from various sources:
  • When you voluntarily provide us with your personal details in order to register on our Site;
  • When you use or access our Site in connection with your use of our services;
  • From third-party providers, services and public registers (for example, traffic analytics vendors).

How is the information used? With whom do we share the information?

We do not rent, sell or share Users’ information with third parties, except as described in this Privacy Policy.

We may use the information for the following:
  • Communicating with you – sending you notices regarding our services, providing you with technical information and responding to any customer service issue you may have. For example enquiries surrounding an order via ShopWithPride.co.uk 
  • Signposting you - to allow us to better recommend you and/or someone you know to the support services, non-profits and charities that may be available.
  • PR and Marketing - if opted in, you may receive our updates. These updates may address you by your chosen name (provided when you opt in) may refer to the borough that you live in and/or may refer to previous events that you have attended or items purchased via ShopWithPride.co.uk
  • Gift Card - Users of our ShopWithPride.co.uk gift-card may have provided name and e-mail address alongside any transaction history. 
In addition to the different uses listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies and subcontractors with your prior permission. In line with our safeguarding policy, if there is any risk to you and/or someone else's health and well-being Surrey LGBTQ Pride CIC may need to contact the emergency services - providing them with your personal information. 

Cookies

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help make sure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

a. 'session cookies' , which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

b. 'persistent cookies', which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

c. 'third-party cookies' , which are set by other online services who run content on the page you are viewing, for example by third-party analytics companies who monitor and analyse our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

We use a tool which is based on the Snowplow Analytics technology to collect information about your use of the Site. The tool collects information such as how often users access the Site, which pages they visit when they do so, etc. The tool does not collect any Personal Information and is only used by our Site hosting and operating service provider to improve the Site and services.

Use of script libraries (Google Web Fonts)

In order to present our contents correctly and make them graphically appealing across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font. 
  • Calling script libraries or font libraries automatically triggers a connection to the library operator. In theory, it is possible – but currently also unclear whether and, if so, for what purposes – that operators of corresponding libraries collect data.

  • The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy.

Third-party collection of information

Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to. 

This Privacy Policy does not apply to the practices of companies that we do not own or control, nor to individuals whom we do not employ or manage, including any of the third parties which we may disclose information to as set out in this Privacy Policy. 

How do we safeguard your information?

We take great care in implementing and maintaining the security of the Site and your information. Our website is SSL secure with a trusted host, we use additional authentication on our social media platforms, our volunteers are trained on the importance of handing data the right way and confidentiality practices and we are registered and regulated by the ICO (Information Commissioners Office). Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorised access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.

Marketing

We may use your Personal Information such as your name, email address, telephone number, etc., ourselves or by using our third-party subcontractors, for the purpose of providing you with promotional materials and updates on our services and/or events which we believe may interest you.  

To respect your right to privacy, within such marketing materials we provide you with the means to opt out of receiving further marketing offers from us. If you unsubscribe, we will remove your email address or telephone number from our marketing distribution lists. 

Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important email communications without offering you the opportunity to opt out of receiving them. These may include customer service messaging surrounding an order you have placed with us at ShopWithPride.co.uk or surrounding your registration to attend a Pride in Surrey fundraiser or annual main Pride event.  

Minors

We understand the importance of protecting a minors privacy and keeping them safe, especially in an online environment, in person at The Pride Hub, at our pop up facilities or at any of the events / outreach opportunities that we attend or are responsible for. We can confirm that we have relevant safeguarding policies in place and are registered with and regulated by the ICO (Information Commissioners Office) and Fundraising Regulator. 

Updates or amendments to this Privacy Policy

We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the "Last modified" section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

How to contact us

If you have any general questions about the Site or the information we collect about you and how we use it, you can e-mail the listed data controller as below.

Surrey LGBTQ Pride CIC (trading as Pride in Surrey)
Pride Hub LGBTQ+ Centre
Unit 6 Centrium, Station Approach, 
Woking, Surrey, 
GU22 7PA

Company Number: 12501715 
(Non-profit / Community Interest Company (CIC))

ICO Registration Number: ZB013574 
Admin address: Pride in Surrey, LGF Export House, Wolsey Walk, Woking, Surrey, GU21 6QX

Data Controller: Stephen Ireland  
E-mail: Stephen @ prideinsurrey.org 

Last Modified: September 2023
Share by: