Privacy Policy
‘We’, the Embroiderers’ Guild charity and our trading company, EG Enterprises Ltd, are continually working to deliver our charitable objectives while providing a more personalised member and subscriber experience. We also engage with the general public to introduce and interest them in stitch and textile art. Looking after the personal data that you our members, subscribers and enquirers share with us has, and will, continue to be hugely important to us.
‘We’ recognise the value and importance of the information that we use in order to deliver our services and achieve our aims. We are committed to ensuring that all personally identifiable information we collect and hold is managed appropriately, meeting the requirements laid down in data and privacy law. We will, at all times, work to protect the identities and privacy of the individuals such information identifies.
The information below describes how we manage your personal data in accordance with the law and your rights. Whenever you provide us with personal data we will treat that information in accordance with this policy statement, our terms and conditions and current data protection legislation. It will not cover every situation so please read the notices in printed and digital forms, web pages and other points where you give us information. This policy statement may change, so please check it from time-to-time.
The ‘Data Controller’ referred to in this policy document can be contacted by post at Embroiderers’ Guild at Bucks County Museum, Church Street, Aylesbury HP20 2QP or via [email protected]
Definition of ‘Personal Data’: Personal data is information that can be used to help identify an individual, such as name, postal and email address, phone numbers and images.
Our Policy in Brief: It is important that you read the policy in full, however, this is a summary…
· ‘We’ collect essential personal data (name, address, email, telephone number) and non-personal (such as IP addresses, interests, preferences, purchases).
· ‘We’ collect information about the people with whom we interact.
· ‘We’ collect information essential to us when performing a service or supplying goods.
· ‘We’ only collect information we need.
· ‘We’ invite members and others to tell us more about themselves albeit strictly relevant information.
· ‘We’ do our very best to keep personal data secure using relevant technology wherever we collect information on-line.
· ‘We’ will never sell your data.
· ‘We’ will never share your data with another company or charity for marketing purposes.
· We will only share your data where ‘We’ are required to do so (e.g. when claiming Gift Aid) or with carefully selected partners who, for instance, manage your subscriptions renewals or prepare your magazine or newsletters for distribution by post. All our partners are required by their contract to treat your personal data as carefully as ‘We’ would, only to use it as instructed, and allow us to check that they do this.
· ‘We’ will not seek additional information about you from third parties or use your information for research purposes unless we have your specific permission to do so.
Your Rights: You have the right to...
· Restrict or withdraw your consent to our storing or processing non-contractual information.
· To request a copy of your Guild database profile in circumstances where you are unable to access that information. You will be asked to provide proof of identity.
· Become ‘Forgotten’. This will involve the erasure of all personal data ‘We’ hold.
· Make an enquiry or lodge a complaint without being charged unless the request is ‘manifestly unfounded or excessive’. The ‘Data Controller’ may charge a reasonable administration fee if further copies are requested. If the request is deemed to be ‘manifestly unfounded or excessive’ the ‘Data Controller’ can levy a fee or refuse to respond. The ‘Data Controller’ may refuse to respond in circumstances where doing so would restrict adversely affect the rights and freedoms of others. In such circumstances the ‘Data Controller’ will have to provide evidence explaining this decision.
· Receive a response to your complaint or enquiry within 30 days with the possibility of extending this period to 40 days in the event of the request being particularly complex.
· Receive transparent information that tells you in plain language about the storage, access, use and management of your personal data at all occasions at which we collect it.
To make such requests you will need to contact the Data Controller either by post or email at the addresses given in this policy.
Personal data and other information we will or may collect about you and why: This will include personal and other information we need in order to:
· Complete our contract with you as a member, subscriber or enquirer, for example, your name, postal and email address and a telephone number. ‘We’ may also invite you to give us further information about you (your interests and preferences), in order to provide a personalised service to you, entirely at your discretion.
For example, if you contact the Guild’s Main Office to request information about the Guild or its activities, then the nature of your contact and any personal information you supply will be recorded and kept securely. We record basic contact data about you so that we can:
- Keep you updated on Guild events, projects and other news we think may be of interest.
- Keep you informed about and deliver Guild services.
- Get in touch if there is a specific project or event that we think will interest you.
We will make sure to regularly review our contact list and, when we do get in touch, may sometimes ask if you want us to continue to contact you. If you say no, or do not respond at all, then we will remove your personal information from our records. If you wish us to cease contact at any other time, you can simply ask, and we will remove you from our lists.
These are examples of ‘legitimate interest’. In other instances our policy will be to apply a three-element test to establish a legitimate interest. We will
- identify a legitimate interest;
- show that the processing is necessary to achieve it; and
- balance it against the individual’s interests, rights and freedoms.
· Support or respond to you when you enquire, use any of our services, become a member, take part in our projects, attend our meetings/workshops/courses/AGMs, volunteer your services, become employed by us or contract with us to supply products and services.
· Manage feedback, complaints, and process DBS checks and respond to safeguarding issues.
· Assess your suitability to be a trustee, company director, volunteer or employee. ‘We’ will hold this information for the period you undertake a role.
· Process sales transactions, donations and other payments.
· Identify visitors and contributors.
· Handle orders, communicate with you about orders and deliver products and services.
· Record any contact we have with you.
· Prevent or detect fraud and, to do so, enable third appropriate and specified third parties to carry out technical, logistical and other functions on our behalf.
· Communicate with our supporters and customers.
· If you have agreed to it, provide you with information ‘We’ think may be of interest to you.
· Perform our obligations and manage performance under any contractual relationship with us. ‘We’ will hold this information for the life of the contract and, in the case of financial information in relation to the contract, for 6 years beyond the end of the final financial year of the contract.
‘We’ will also provide the facility for you to copy or download your data so it can be shared with/transferred to another organisation if you wish to do so.
Examples of this Privacy Policy in Action…
When you join the Guild, we will ask for more detailed information about you so that we can manage your membership. The information you provide may be used to:
· Inform you about member focused guild events, such as the Guild AGM, Member’s challenges, and other projects.
· Send you information about other events and activities that you may find of interest.
· Support/administer the National guild projects that you decide to take part in.
· Build a profile of our membership so that we can support our members better.
· Give you the opportunity to engage with the work of the Guild, particularly those related to your interests or areas of expertise.
· Enable the Guild to effectively respond to any concerns or issues that may arise.
· Support Young Embroiderers (where relevant).
· Assist the Guild with keeping members up to date on Guild news, activities, and events.
· Share news of other activities and events on offer from local groups and other organisations which may be of interest to you.
· Invite you to take part in Guild projects.
Further Privacy Protection examples:
· ‘We’ will only disclose personal information to the police or other statutory body where there is a clear and legal duty to disclose it.
· Guild volunteers, when working on a project with members or other contributors, will only have access to the personal information of individuals involved with that project, and only the specific information they may need for the success of that project. They will receive clear guidance on information management as part of their induction as volunteers.
· Information relating to volunteers will be stored as part of their membership record. Project and task leaders may be given access to information relating to volunteers involved in their project/task.
· Additional records may be kept concerning individuals taking part in a time limited project or event. These records will be held securely by the Project leader, and the detailed information will be destroyed within two years of the project ending.
· Information concerning complaints, safeguarding issues, or financial irregularities, will be held securely by a nominated Trustee and designated as CONFIDENTIAL. Addressing these concerns may require some of this information to be presented to the Chair of the Board, or other Trustees, who will ensure that the required confidentiality is recognised and observed.
· Employee records and contractor agreements will be kept by a designated Trustee. No copies will be made, nor will copy files be sent to anyone other than the person concerned. Such agreements may be viewed at the registered office by other trustees and auditors but only in the presence of the Chair or deputy Chair of the Board (as appropriate) and no copies or extracts may be taken away.
· Once you have become a member, you will be able to update some of your personal information using the facilities provided by the Guild. This is secured by being part of the ‘members only’ area of the Guild Website, and through the use of your personal login and password.
· ‘We’ utilise some external on-line services (such as EventBrite and Teachable) to collect and manage personal information on our behalf. Selection of these services includes an assessment of their policies concerning data management to ensure that they reflect this policy and comply with national and international law.
If you cease to be a member your membership record will be retained for a maximum of seven years in line with financial record keeping requirements. If ‘We’ have claimed Gift Aid relief on your behalf your essential personal data will be held on file for 6 years after the membership year in which you ceased to be a member.
If you are a subscriber to our public mailing list, but opt out of receiving further communication from us, we will delete your record immediately, unless you had previously been a member, in which case ‘We’ will retain relevant information concerning your membership for the required time.
After 2 years, or sooner if you request it, your detailed membership record will be removed from the Guild’s central database and archived. ‘We’ may continue to hold some information relating to your participation in events, or your actions as a volunteer.
Children’s Data
Some services ‘We’ offer specifically benefit children (YE or JETS groups in particular). The data we collect is for the safety and security of the children, particularly in relation to ‘Safeguarding Young People’. Before ‘We’ collect data from anyone under 18 ‘We’ will always ask them to obtain the permission of a parent or guardian and/or let a parent or guardian know before they use our websites or social media to obtain information, projects and inspiration. It is our policy not to request subscriptions or accept product orders from young people under 18.
Where we store your data
‘We’ store your information on password-protected, SSL-certificated computers located in the UK and in the Cloud. We only store information on paper files when there is no choice, for example, credit card PDQ machine slips, although these are stored in locked ‘cash boxes’ until they can be processed at which point they are destroyed. Similarly, we do not make paper, USB stick, DVD recorded copies of personal data files or extracts from them.
Security of your data
We have security measures in place to attempt to protect against loss, misuse or alteration of data under our control. For example, only authorised personnel (data processers) can access your data. ‘We’ use secure server software to encrypt financial and personal information.
Unfortunately, transmission of data across the internet is not completely secure but ‘We’ do our best to protect the security of your personal data.
Trustees, volunteers and contractors change their passwords periodically and do not make and store copies of those passwords in ways that create any obvious link between the password and the location of data they hold. Data Processers are responsible for not sharing passwords or storing passwords in places that can easily be accessed by others.
Personal and non-personal data that Guild members provide and edit:
Each Guild member has unrestricted (password protected) access to their core personal information held on the Guild’s database to enable them to add or delete relelvant information whenever they want to. Members who do not have readily available access to the Internet or be suffering a disability (temporary or permanent) can request that ‘We’ make any changes for them.
Who will see your personal data:
· Guild Trustees and volunteers will have access to process information on a strictly ‘need-to-know’ basis.
· The Guild’s ‘Data Controller’ – the Chair/Deputy Chair of the Board.
· Contractors’ staff who need your personal data in order to provide you and/or the Guild with a contracted service or fulfil an order you may have placed.
· In the case of DBS data only a member of staff nominated by the Data Controller sees the reports and records only the reference number.
· Anyone you ask to assist you who may be family, a friend or trusted neighbour.
NOTE: Member access to the Guild database is strictly in relation to the member record concerned. The member or their nominee has no access to any other profile or part of the database.
How long ‘We’ keep your data:
As long as is necessary for the purpose(s) it was collected for i.e. to enable us to complete our contractual obligations to you as a member, subscriber or purchaser or until you ‘unsubscribe’ or instruct us to delete your records. Please refer to our ‘Retentions Policy’ for specific details.
‘We’ are the Embroiderers’ Guild, a Company Limited by Guarantee - Company Registration No. 00294310 (England and Wales), also a Registered Charity Nos. 234239 (England) and SC040142 (Scotland).
‘We’ are also EG Enterprises Ltd – Company Registration No. 01561670
Registered Address – Church Street, AYLESBURY HP20 2QP