top of page
The Charity of William Hobbayne
Privacy Policy

This Privacy Policy explains how the Charity of William Hobbayne, Ealing Aid and Sickness, Education Foundation, Hanwell Half Acre Field Association, William Hobbayne Community Gardens Association and Billet Hart Allotment Association (The Charity and its Associations) store, manage, share and protect personal data.

The Aim of the Data Protection Regulations

As of 25 May 2018 the way personal information is processed is governed by the General Data Protection Regulation (”GDPR”).  As part of The Charity and its Associations work we store, process and share personal data and ensure that we do this in accordance with the applicable data protection laws set out in the GDPR.

What the Charity does with your information

The Charity has several areas in which it has a reason for holding personal data.   The data that we store, process and share relate to Tenancies, Hall rentals, Allotments looked after by the Allotment Associations, Grants which we make to individuals and organisations through the Charity of William Hobbayne, Ealing Aid in Sickness and the Education Foundation.  Also, the personal information of our Trustees, Employees and Volunteers.  We only hold information that is relevant to legitimate interest to our processes and do not sell on your information and do not share your information with third parties unless it is relevant to our operations.  We have set out below how the Charity and its Associations stores and processes your information.

Storing Information

The Charity will store all personal information securely to protect your data.  The Charity and its Associations will analyse risk on a regular basis to ensure that they minimise the likelihood of data breaches and ensure that your data is kept secure. The lawful basis for which the charity holds personal data is legitimate interest.  This would include the following:

  • Tenants details including references and documents obtained when securing a tenancy.

  • Allotment holders contact details in relation to contractual agreements within their Allotment licences.

  • Applicants contact details for an Allotment are kept on a waiting list. 

  • Details of Grant applicants in relation to current and past applications for grants.

  • Past and Current employee’s details as required by current legislation.

  • Volunteers contact details.

  • Trustees details as required by the Charity Commission.

  • Hall user’s details in relation to contact details.

  • Children must consent to their data being stored if they are over the age of 14.  Children under the age of 14 must have consent from a person with parental responsibility. 

A log of where personal data is stored is held and managed by the Charity.

Length of time information is stored

Information will be stored for the period that the information is deemed to be a legitimate interest to the Charity and its Associations.

  • Data regarding individual grant applicants will be reviewed on a regular basis and any information that is no longer of legitimate interest to the charity will be securely disposed of.

  • Data regarding allotment holders will be disposed of when the allotment holder no longer has an allotment plot.

  • Data on the Allotment waiting list is kept for the period of time awaiting an offer of an allotment.

  • Tenants data will be disposed off 2 months after the tenant has vacated the premises.

  • Employees details will be kept in accordance with current legislation.

  • Volunteers details will be stored until they are no longer volunteering for the Charity and its Associations.

  • Trustees details will be kept until there is no longer a legitimate interest to the charity.  This will be reviewed on a regular basis.

  • Hall user’s details and information will be stored in accordance with current legislation for accounting purposes.

Sharing data

The Charity and its Associations will share data with a third party for the following reasons. 

  • To enable the processes of protecting deposits for rental properties. Deposits of new tenancies are registered with a third party, currently My Deposits, and renewed on a yearly basis.

  • To enable the Charity to carry out maintenance of the property. The details of tenants will only be shared after gaining prior authority from the tenant.

  • To enable deliveries relating to grants that have been made and to advise third parties of the authority to supply goods relating to those grants.  Authority to share such information will be requested on relevant Grant Application Forms.  If the Grant applicant wishes a third party to liaise on their behalf, they must ensure that they have given their consent before the Charity will communicate with the third party.

  • To enable the processing and update of personal data in relation to the allotments.  This information will be shared with employees or contracted workers of the Charity in relation to invoicing and administrative processes. It will also be shared with the Allotment Association Committees in relation to day to day running of the allotments and to enable them to share relevant information relating to your allotment plot. Consent will be requested in relation to any other sharing of information of allotment plot holder.

  • Employees information will be shared with our accountant in relation to processing payroll.  Information will also be shared with any pension schemes that have been put in place for the employee.  Information relating to employees will also be shared with relevant government bodies.  If the Charity wishes to share employee’s information with any other third party, they must gain authority in writing from the employee.

  • Volunteers details will only be shared after requesting written authority from the individual volunteer.

  • Trustees information will be shared with the Charity Commission and other third parties which are relevant to the running of the charity such as the Charities bank and stock broker.  Permission must be requested from the trustees to share any personal information outside these boundaries.

  • Hall user’s information will only be shared with a third party if the hall user has given consent.

  • Sharing of any personal data of individuals who do not fall into any category above must have prior consent from that individual to share their information specifically and in writing.

Any information which is shared with a third party will be recorded on the Charities Data sharing Log or the relevant Associations sharing log.

Individuals Rights

Individuals have the right to:

  • The right to be informed.

  • The right to access information that is held by the Charity and its Associations. This information will be given within one month to comply to GDPR. In most cases we will not charge to comply with a request however if the request is manifestly unfounded or excessive a charge may be applied.  A request can be refused however they must be informed as to the reason.  They have the right to complain to the Charity Commission and to a judicial remedy.  This must be done within a month.

  • The right to rectification of their information.

  • The right to erase their information (the right to be forgotten).

  • The right to restrict the processing of their information.

  • The right to data portability – applying to personal data an individual has provided to the charity.  Where the processing is based on the individuals consent or for the performance of a contract.

  • The right to object to personal data being processed.

  • The right not to be subject to automated decision-making including profiling.

  • The right to be notified of a security breach that has a high risk to your rights and freedom.

Individuals have the right to complain to the ICO if they think there is a problem with the way we handle your data.

Data Breaches

Processes and procedures within the Charity and its Associations will but audited from time to time to ensure that the processes and procedures that are in place are adequate.  The Charity and its Associations will also check that these processes and procedures are being followed and that there have been no data breaches.

If there is a data breach within the charity this will be investigated immediately, and measures will be put in place to limit the breach. Where the breach is deemed to result in a risk to the rights and freedoms of individuals the Information Commissioner’s Office (ICO) will be informed.  Where the breach is likely to result in a high risk to the rights and freedoms of individual we will notify those concerned directly.

Data Protection Impact Assessment (DPIA)

 

A DPIA will be carried out under the following circumstances

  • When a new technology is being introduced

  • When a new process is being introduced

  • Where an operation of the Charity or it’s Associations is likely to significantly affect individuals

  • Where there is processing on a large scale of the special categories of data

If this assessment indicates that data processing is high risk and the Charity and its Associations are unable to sufficiently address these risks, the Charity will consult with the ICO to seek their opinion as to whether the processing operation complies with the GDPR.

​​                                 

bottom of page