The Leeds Grand Mosque recognises the rights of all to enjoy the protections on personal data provided for by regulation and law. Our approach to this issue is to treat all such data as an “amanah” or “sacred trust”. The Data Protection Act 2018 (“DPA”) and Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (“GDPR”)) require that we provide you with information about how and why we use personal data.
As such we undertake the following:
- We will not share your data with anyone outside of the LGM unless required to by law.
- We will not enter into any arrangement, commercial or otherwise that may require the sharing of your data.
- When and if such data is shared within the LGM, it is the minimum needed for the purpose of notifying members or those that have expressed an interest in being notified about a specific project or event (consent).
- We will honour all the rights of the individuals with respect to their data in accordance with the data protection regulations.
- For members use your data in order to effectively continue our work. Our activities are listed below.
- For others who have expressed an interest in the LGM and its activities via mailing list, these will be approached for their consent separately.
If you find any issues please do not hesitate to contact us via our office: firstname.lastname@example.org
If in the unlikely event we find any issues, we write to you directly.
You can also write to the UK Information Commissioner (ICO) with any issues. https://ico.org.uk/concerns/ [4FEB2020].
Privacy Notice – Your Data in Our Hands
What is this Privacy Notice?
This Privacy Notice sets out what we do with Personal Data and what you can expect from us as part of our obligations when processing this Personal Data.
What data are we gathering?
We may hold Personal Data (including Sensitive Personal Data) about those who attend LGM, young people (under 18), parents/guardians, supporters and volunteers. We believe it is important to be open and transparent about how we will use your Personal Data. Information we may hold includes the following:
- name and contact details;
- age/date of birth;
- details of any health conditions;
- Ethnicity; gender; religion.
Why do we collect this information?
We use this information to communicate with you and to carry out our obligations within the LGM in the execution of our objects as a charity. We also have a responsibility to keep information about you, both during your membership and afterwards (due to our safeguarding responsibilities and also to help us if you leave or re-join the LGM).
In addition, we may collect data for registration to events, including residentials. In some cases this data will be “Sensitive Personal Data”, which we ask for to allow us to provide appropriate care for attendees whilst under our supervision.
The list of activities we carry out as part of our activities that may require the use of Personal Data include:
- To enable us to provide a voluntary service for the benefit of the public;
- To manage our volunteers
- To update you on events
- To conduct surveys on our performance
- For financial accounting
- To fundraise for the LGM
- To process Gift Aid applications
How do we gather data?
- We gather data through a variety of methods, these include:
- Contact form on our website or by email;
- Event registration forms – online (using ticketing platforms) and paper based registration.
- Course attendance lists
- Registration forms for various children and youth activities
When will we delete this data?
We may keep information for different periods of time for different purposes as required by law or best practice. As far as membership information is concerned, to make sure of continuity (for example someone leaving then rejoining) and to carry out our legal responsibilities (for example relating to safeguarding young people), we keep membership information throughout the membership and after it has ended.
Who has access to this data and who do we share it with?
Only those members who nee information to carry out their role have access to that information. We may share personal data with other departments within the LGM where this activity is required to deliver the LGM obligations (for example, a stand-in volunteer at an event).
Any data moving between parties within the LGM is encrypted and password protected. We take data security seriously. All hard copies of personal data are securely protected in lockable filing cabinets.
We do not store credit card details, nor do we share data with third parties without permission.
Where will the data be stored?
We use MailChimp to collect and hold data, which is use to send emails and newsletters. MailChimp is based in the U.S.A. and subscribes to the EU-US Privacy Shield meaning that MailChimp has adopted work practices that are approved by the EU in relation to data protection practices.
Mailchimp holds relevant data on people attending our events or engaging with us during the course of our work (for example supporters, schools and volunteers).
The MailChimp registration on the Privacy Shield is available to review on the Privacy Shield website www.privacyshield.gov/list
What are your rights to your Personal Data
As a Data Subject you have rights over your own data that you can exercise at any time, these are:
- Data is accurate – we must keep your data accurate
- Data is erased – we must erase data if not needed or requested by you, that is not excessive and is possible
- Data is portable – we must provide a copy of your data back to you
- Data processing is limited – we must cease a processing activity if you object to it
- Consent withdrawal – we must allow you to withdraw consent at any time
- In the event that you wish to contact us to exercise these rights or for any further queries on this Privacy Notice please contact email@example.com