The Millennium Memorial Hall Trust
Your personal data – what is it?
Personal data is data that relates to a living individual who can be identified from that data. Identification can be by information alone or in conjunction with any other information in the data controller’s possession or likely to come into their possession. It includes data in all forms – computer-based, hard copy, and spoken word. The processing of personal data is governed by the General Data Protection Regulation (“GDPR”) in force with effect from 25th May 2018.
What is our role?
The Trustees are the Data Controllers. This means they decide how your personal data is processed and for what purposes. They are responsible for ensuring that the management of all personal data held by the Trust is carried out in accordance with the law.
How do we process your personal data?
To comply with the GDPR we shall: keep personal data up-to-date so far as we are able; store and destroy it securely; not collect or retain excessive amounts of personal data; protect it from loss, misuse, unauthorized access and disclosure; and ensure that apt measures are in place to protect it.
What do we use your personal data for?
• All matters relating to the hire, use, management, and maintenance of the Hall and in particular (without limitation) in relation to any personal data of the individual responsible for the hire: (i) Booking (ii) Key-holding (iii) Safety procedures and safeguarding (iv) Licensing in relation to consumption of alcohol and/or entertainment (v) use of wi-fi (vi) insurance (vii) invoicing and deposits and (viii) maintenance of accounts and records.
• With your consent to be in a position to inform you of news, future events, activities, or public functions concerning or taking place at the Hall.
• In the future with your consent to raise funds for the Trust which is a charity.
• Where you are an individual contractor who has quoted for and/or carried out work at the Hall to hold contact details for possible future work.
What is the legal basis for processing your personal data?
We are obliged by law to keep personal data to carry out our obligations to the Charity Commission and HMRC and to comply with legislation relating to employment, health, safety, and other matters relevant to the management of the Hall. We also have a legitimate interest in holding the personal data for those matters referred to above so far as not covered by the legislation.
Who do we share your personal data with?
Your personal data will be treated as strictly confidential. It will only be shared with and/or kept by the Hall Manager or other relevant employees/volunteers and the Trustees for the time being to facilitate the management of the Hall and otherwise only shared with third parties where there is a legal obligation.
How long do we keep your personal data?
We shall keep personal data for as long as we need it for the purposes for which it was collected.
What are your rights regarding your personal data?
You have the following rights:
• to request a copy of your personal data which the Trustees hold
• to request that any personal data be corrected if inaccurate or out of date
• to request that the personal data be erased where no longer needed
• to withdraw your consent (where originally required) to the processing or use of your data
• where there is a dispute in relation to the accuracy or processing of your personal data, request that a restriction is placed on further processing
• to object to the processing of personal data where this is based on legitimate interest
• to lodge a complaint with the Information Commissioner’s Office
To exercise all relevant rights, queries, or complaints please in the first instance contact the Hall Manager or the Chairman of the Trustees.
You can contact the Information Commissioner’s Office on 0303 123 1113 or via e-mail at https://ico.org.uk/global/contact-us/e-mail/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF