(How we use CVA members’ personal information)
The categories of CVA members’ personal information that we collect, hold and share include:
- Information of employees and volunteers of a member organisation (such as name, surname, job title, work email address, work telephone number)
- Information of active citizens/residents (such as name, surname, email address, telephone number)
- Attendance information on individual members (such as one to one sessions attended, name of training and events attended)
Why we collect and use this information:
We use our members’ data:
- To send to our members CVA regular newsletter, training and events information and local updates
- To provide appropriate capacity building support to our members
- To monitor and report to our funders and commissioners
- To assess the quality of our services
- To comply with the law regarding data sharing
The lawful basis on which we use this information
We collect and use members’ information under Legitimate interest of the General Data Protection Regulation (Article 6, Article 9 - 2d - GDPR):
- CVA is a membership organisation, set up to support local voluntary sector groups, social enterprises and active members of the community in Croydon, as clearly stated in our Constitution, and is therefore in our legitimate interest to hold personal information to pursue our charitable objectives.
- CVA collects information on individuals working or volunteering for local community groups/social enterprises and community activists to be able to deliver its services to them. We would not be able to deliver such provision otherwise. CVA also collects personal details of local residents who want to volunteer to be able to search for appropriate volunteering opportunities for them and all the information we ask is necessary to deliver such service.
- We will only contact members for the provision of our services and, as a membership organisation, groups and residents coming to us do so in order to access a specific provision; we believe therefore that, in most cases, we will have a legitimate interest in processing their information and are not intruding unfairly on them or using their data in a way that our members might object to.
Storing members’ data
We hold members’ data for as long as it is required to carry out our services unless we receive a specific request to remove someone’ details from the database.
- Members' data is stored on our password protected VC Connect database http://www.vcconnect.org.uk/contact/ (U.K. based) and only accessible by staff and volunteers with the appropriate level of authorisation, which is reviewed regularly. You can unsubscribe from our database at any time by replying to any e-mail we send you and asking for the details of your organisation or those relating to yourself, to be removed.
- https://www.connectwellcroydon.org.uk/ sits on VC Connect.
- When someone visits our website at www.cvalive.org.uk we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do collect personally identifiable information through our website, this is with your consent and we will make it clear when we collect personal information what we intend to do with it.
- We use Survey Monkey (U.S. based) to carry out a range of mostly anonymous surveys. See how Survey Monkey complies with the GDPR at https://www.surveymonkey.com/curiosity/surveymonkey-committed-to-gdprcompliance/
- We store pictures from events and training days on Flickr, owned by U.S. company SmugMug. Permission to take photos is asked and information on how images are used given at each event by the speaker and through posters.
- We advertise our events and take bookings from members on EventBrite, a U.S. based event management and ticketing website. See how EventBrite complies with GDPR at https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbriteprivacy-policy?lg=en_GB
Who we share members’ information with and why
We can be asked to share members’ information (name, surname, organisation's details, email address, telephone number with:
- Funders and commissioners for relevant monitoring purposes, if the organisation took part into specific funded projects. This data sharing underpins CVA funding and monitoring
- A range of stakeholders (such as Local Authority, Public Heath, other voluntary sector groups) for the benefit of partnership work / sharing best practice
- With the general public when details of your organisation/group/service is on our website
- Please note that there may be legal situations where we would have to share information with statutory bodies – e.g. to a lawyer, the police, Ofsted, HMRC, Home Office, etc.
Requesting access to your personal data
Under data protection legislation, members of the public have the right to request access to information about them that we hold. To make a request for your personal information contact email@example.com.
You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact firstname.lastname@example.org
Updated May 2018