Community Association of Poundbury/LovePoundbury
Data Protection and Privacy Policy
1. Introduction
-
The Community Association of Poundbury (CAoP) is committed to protecting the privacy and security of personal information. This policy explains how we collect, use, protect, and manage personal data in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
2. Scope
-
This policy applies to all personal data processed by the CAofP, including that of Directors, members, volunteers, donors, website visitors, and other individuals interacted with, whether online, in hard copy, or in person.
3. Data Protection Principles
-
The CAoP adheres to the following data protection principles:
-
a) Lawfulness, fairness, and transparency
-
b) Purpose limitation
-
c) Data minimisation
-
d) Accuracy
-
e) Storage limitation
-
f) Integrity and confidentiality
-
g) Accountability
4. Types of Data Collected
-
The CAofP may collect and process the following types of personal data:
-
Name and contact details
-
Membership information
-
Volunteer information
-
Donation records
-
Website usage data
-
Correspondence and communication records
-
Photographs from events (with consent)
5. How Data are Collected
-
Personal data are collected through:
-
Membership applications and renewals
-
Volunteer sign-up forms
-
Website interactions and cookies
-
Email and other correspondence
-
Event registrations
-
Surveys and feedback forms
6. Lawful Basis for Processing
-
The CAofP process personal data on the following lawful bases:
-
Consent: Where individuals have given clear consent to process their personal data for a specific purpose
-
Contract: For processing necessary for the performance of a contract with the data subject (see Financial Management policy)
-
Legal obligation: To comply with the law
-
Vital interests: To protect someone's life (see Safeguarding and Health & Safety policies)
-
Public task: To perform a task in the public interest or for official functions (see Volunteer Management policy)
-
Legitimate interests: Necessary for the CAofP’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests
7. Use of Personal Data
-
The CAofP may use personal data for the following purposes:
-
Managing membership
-
Organising and promoting events
-
Communicating with members and volunteers
-
Processing donations
-
Improving services
-
Complying with legal obligations
8. Data Sharing
-
The CAofP does not sell personal data. It may share data with:
-
Service providers (e.g., email marketing platforms)
-
Regulatory authorities (when required by law)
-
Partner organisations (with explicit consent)
-
-
All third parties are required to respect the security of personal data and treat it in accordance with the law.
9. Data Security
-
The CAofP implements appropriate security measures to prevent personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These include:
-
Secure storage systems
-
Access controls and authentication measures
-
Informing Directors and relevant volunteers on this policy on data protection
Directors and volunteers who are remote working are guided by this policy.
10. Data Retention
-
The CAofP only retains personal data for as long as necessary to fulfil the collection purposes. Details of retention periods for different aspects of personal data are noted in the Data Retention Schedule, below.
Data Retention Schedule
The CAofP will retain personal data for no longer than is necessary for the purposes for which it was collected. The retention periods for different types of data are as follows:
1. Membership Records:
-
Active members: For the duration of membership plus 1 year
-
Lapsed members: 2 years from the date of membership expiry
2. Financial Records (including donations):
-
7 years from the end of the financial year in which the transaction was made
3. Event Participation Records:
-
1 year from the date of the event
4. Volunteer Records:
-
Active volunteers: For the duration of volunteer engagement plus 1 year
-
Former volunteers: 2 years from the end of volunteer engagement
5. Newsletter Subscription Data:
-
For as long as the individual remains subscribed, plus 30 days after unsubscription
6. Website User Data:
-
User accounts: For as long as the account is active, plus 1 year after account closure
-
Website logs: 1 year
7. Correspondence and Enquiries:
-
General correspondence: 2 years from the date of last contact
-
Complaints: 3 years from resolution of the complaint
8. Photographs from Events:
-
3 years, unless consent is withdrawn earlier
9. Survey and Feedback Data:
-
Anonymised data: 5 years
-
Identifiable data: 1 year, then anonymised if still required
-
At the end of the retention period, personal data will be securely deleted or anonymised. In some cases, the CAofP may anonymise personal data for research or statistical purposes, in which case may use this information indefinitely without further notice.
-
This schedule is reviewed annually and may be amended based on legal requirements, operational needs, and feedback from data subjects.
11. Members’ Rights
-
Under GDPR, members have the right to:
-
Access their personal data
-
Correct inaccurate or incomplete data
-
Request erasure of their personal data
-
Object to processing of their personal data
-
Request restriction of processing their personal data
-
Request transfer of their personal data
-
Withdraw consent
-
To exercise any of these rights, please contact the Data Protection Officer.
11.1 Opting Out and Cancelling Membership
-
Members of the Community Association of Poundbury have the right to opt out of communications or cancel their membership at any time. The process is simple and straightforward:
-
Members can opt out of specific types of communications (e.g., newsletters, event notifications) through online account settings or by contacting the CAofP directly.
-
To cancel their membership entirely, members will be able to do so through their online account or by contacting the CAofP secretary.
-
Upon cancellation of membership, the CAofP will cease processing the related personal data, except where the association is required to retain certain information for legal or administrative purposes.
-
The CAofP respects decisions regarding personal data and membership status, and will process any opt-out or cancellation requests promptly.
12. Data Breaches
-
The CAofP has procedures in place to deal with any suspected personal data breach. If a breach occurs, the association will notify members and any applicable regulator of a breach where legally required to do so.
13. Changes to This Policy
-
The CAofP reserves the right to update this policy at any time. Any changes made to this policy will be posted on this page.
14. Privacy Policy for Website Users
14.1 Information Collected
-
When visitors access the website, the CAofP may collect:
-
Information provided through forms
-
IP address and browser information
-
Information about website usage through cookies
14.2 Use of Cookies
-
The CAofP’s website uses cookies to distinguish between users. This helps provide users with a good experience and fosters site improvements. By continuing to browse the site, visitors are agreeing to the use of cookies.
14.3 Links to Other Websites
-
The website may contain links to other websites of interest. However, once visitors have used these links to leave the CAofP site, they should note that the association has no control over that other website. Therefore, the CAofP cannot be responsible for the protection and privacy of any information provided whilst visiting such sites.
14.4 Online Data Collection and Management
-
The CAofP is committed to ensuring that visitors’ online information is secure. Members will have the ability to self-manage their data via the website, including options to unsubscribe from newsletters, update their personal information, opt out of specific types of communications, and cancel their membership if they wish. These options will be accessible through the member's online account settings, ensuring control over personal data and association with the CAofP at all times.
15. Contact
-
Questions, comments, and requests regarding this policy are welcomed and should be addressed to the Data Protection Officer: dataprotection@lovepoundbury.org.
-
Approved by the CAofP Directors: 27.03.2025
-
Last updated: 27.03.2025