Introduction
The Congregation of Jesus Trust (“the Trust”) and its trading subsidiary Bar Convent Enterprises Ltd (“Enterprises”) collects a limited amount of data from supporters and customers to enable services to be provided and news and events information to be shared.
This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used.
Please be assured that when you provide your personal data, both Trust and Enterprises will keep your information confidential, will only ask for enough information to enable us to provide the service you requested and we will only do exactly what we said we would do with it. At all times, we adhere to the core principles of the Data Protection Act (DPA) 2018 and UK GDPR that the data that we collect is “Adequate, Relevant and Limited” for the purposes that we collect it. If your information is either inaccurate and you would like us to amend it or change how we use it, then please let us know and we will do so immediately.
We never share your data with others or use it outside of the United Kingdom, and at an appropriate time we will confidentially dispose of your data after fulfilling the purpose that we originally collected it for.
We may have to change the privacy policy at intervals; however, we expect to review it every 2 years. If you have queries about this policy or your personal information, then please contact the relevant Data Protection Contact (see section 2 below).
Contacting the Data Protection Contacts
Trust and Enterprises each have a Data Protection Contact for the purposes of the EU General Data Protection Regulation. In simple terms the Trust is responsible for data in conjunction with its charitable activities and Enterprises is responsible for data collected and used for the purposes of business trading.
The Data Protection Contacts are: James Foster and Hannah Thomas.
Either contact can be contacted using the same details, simply provide your query and we will direct it to the appropriate officer for you:
Telephone 01904 643238 or Email reception@bar-convent.org.uk.
Data Protection Principles
Trust and Enterprises fully support ‘the spirit and the letter’ of data protection. In more detail, this is how Trust and Enterprises have adopted Data Protection principles:
Our Legal Basis for Collecting and Processing Personal Data
The type and amount of information we collect depends on why you are providing it. Data Protection sets out a number of different reasons for an organisation to legitimately collect and process data, we use the following methods:
What, How and Where We Collect Personal Data
We collect personal data when you provide it to us to subscribe to information services or book facilities (e.g. accommodation/a meeting room)
This is usually to enable us to maintain contact with you, so is typically in the form of name, address, telephone or email and if you are booking fee-based services this will include your payment information (e.g. credit and debit card details). We also retain this information to fulfil tax and legal requirements.
We collect personal data:
Who Has Access To Your Information
Only trained staff members or volunteers process your personal information if the Centre is contacted and enquiries and bookings are taken directly.
In today’s growing online accommodation industry, many bookings are made via third parties (e.g. booking.com or Agoda) who sell accommodation on a commission or fee basis in partnership with an accommodation provider. In these circumstances, the accommodation seller usually holds the primary relationship with you and the Centre is a secondary processor of personal data. In this circumstance your booking information is securely forwarded by the third party to Enterprises who manage accommodation. These bookings are received securely and processed with exactly the same care as if the booking was taken directly as outlined in this policy. Only room availability data is reciprocally shared with these partners via secure third party software (Siteminder) to enable the accurate allocation of available rooms.
To facilitate the processing of secure donations, third party online payment services are used. The secure web page is provided by Dataware in partnership with Sage, Sage forward funds to Worldpay payment services who make the deposit into our bank account.
How We Keep Your Information Safe
Staff members are trained to be compliant with Data Proctection guidelines by adopting the following procedures:
Keeping Your Information Up To Date
We appreciate it if you let us know if your contact details change. Please contact the department that you originally supplied your personal data to, or if experiencing any difficulty, the Data Protections contacts.
Children’s Information
We are pleased to have supporters of all ages and regularly receive students on educational placements below the age of 16. Where appropriate we ask for consent from a parent or guardian to collect information about any relevant health or dietary issues which may be important for the well-being of a student on placement.
How Long We Keep Your Information
Our approach is to hold your information for as little time as possible, however for contact and taxation reasons this is usually for as long as the relevant activity requires it. For example, for donations we have a statutory obligation to retain information for 6 years for tax purposes, however we only retain personal data for accommodations for a year unless there is a repeat booking during that period.
Making A Complaint
If you are unhappy with the way in which we have processed or dealt with your information then please contact your Data Protection Contact who will seek to rectify your complaint immediately. You can also complain to the Information Commissioners Office on 0303 123 1113.