Data Protection Policy

Greystoke Community Land Trust – a Community Benefit Society registered with the FCA under number 9601 – holds data about our members and other individuals for a variety of business purposes in pursuance of our objects.

This policy sets out how we seek to protect personal data and ensure that our members and officers understand the rules governing our use of personal data.

Our Data Protection Officer, Corrine Green, has overall responsibility for the day-to-day implementation of this policy. Any enquiries should be sent to them using the following details:

Business purposes

Members

In addition to data retained for the purposes of membership administration (such as when you joined), we will collect and use the following personal data:

  • Name
  • Address
  • Email address
  • Telephone number

We will collect this personal data by the following means:

  • Membership application forms.

We will use this personal data for the following purposes:

  • Governing the CLT, for example inviting you to Annual General Meetings.
  • Informing you of opportunities to engage with our work, for example feeding into the design for a housing development.
  • Investigating complaints.
  • Improving our service to members.

We will not share this data with any other organisation without your explicit consent. We will share aggregate information on our membership without any identifying individual data, based on this data, with interested parties.

We will retain this data so long as you are a member of the CLT.

Supporters

We collect the following personal data for other individuals who may support or be interested in our work, for our newsletter:

  • Email address

We will collect this personal data by the following means:

  • Website form.
  • Sign-up sheets at meetings and on street stalls.

We will use this personal data for the following purposes:

  • Email updates on the CLT and our work.

We will not share this data with any other organisation.

We will retain this data so long as you subscribe to our newsletter.

Our procedures

Fair and lawful processing

We will process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.

Accuracy

We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained, and that it is not held for longer than is necessary for the business purposes set out above. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the Data Protection Officer.

The Data Protection Officer’s responsibilities

  • Keeping the board updated about data protection responsibilities, risks and issues.
  • Reviewing all data protection procedures and policies on a regular basis.
  • Ensuring data protection statements are attached to all forms used to collect personal data, and to all marketing materials.
  • Addressing any data protection queries from members, supporters and other stakeholders.
  • Ensuring all systems, services, software and equipment meet acceptable security standards.
  • Arranging data protection training and advice for all officers and staff.
  • Checking and approving with third parties that handle the company’s data any contracts or agreement regarding data processing.

The responsibilities of other officers, staff and volunteers (data processors)

  • Only to process personal data for the purposes set out in this policy.
  • To store electronic data in secure systems, and paper records in a secure place.
  • To generally avoid storing personal data on mobile devices such as laptops, phones and memory sticks, and where it is necessary to then use password protection.
  • To report any concerns or breaches to the Data Protection Officer immediately, and to take remedial steps if necessary.

Subject access requests

A data subject may, subject to certain exceptions, to request access to information held about them. Please contact the Data Protection Officer if you would like to correct or request information that we hold about you. There are also restrictions on the information to which you are entitled under applicable law.

Data portability

Upon request, a data subject should have the right to receive a copy of their data in a structured format. These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. This must be done for free. Please contact the Data Protection Officer with any such requests.

Right to be forgotten

A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies. Please contact the Data Protection Officer with any such requests.

International data transfers

We use secure cloud-based services to store data: Google Drive and Mailchimp. This means that certain personal data is stored on servers located outside of the EU. We understand that these companies are GDPR compliant and have subscribed to EU Model Contract Clauses (MCCs, also known as Standard Contractual Clauses or SCCs) which are regulatory implementations designed to guarantee that EU citizens are adequately protected under EU data protection laws as their data passes into and out of the United States and lawful transfer mechanisms for personal data transferred outside of the EU, Switzerland or the UK (as applicable).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

You can read more in our privacy policy.

JOIN US
JOIN US
Scroll to Top
Greystoke Community Land Trust Logo
Powered by  GDPR Cookie Compliance
Cookie Policy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.