The Hampstead Wells and Campden Trust (address - 62 Rosslyn Hill, Hampstead, London NW3 1ND) is committed to protecting and respecting your privacy. This policy (together with any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (DPA): Personal Data is defined as “any information relating to an identified or identifiable natural person ('data subject'); by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The Data Controller
A Data Controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. The Hampstead Wells and Campden Trust is the Data Controller as defined by relevant data protection laws and regulation.
The website https://hwct.org.uk/ is owned and operated by the Trust.
Information we may collect from you:
We may collect information from you online in the following ways:
- When a beneficiary applies to benefit from our services;
- When you have donated to us via any method;
- You have benefited from the Trust;
- Through our use of Google Analytics and WordPress cookies (please see the cookies section below);
- Through your request for publications and other marketing materials;
- Through your request for information about our services and related topics and events;
- When you apply for a job;
- When you are employed or contracted;
- Through your contacting us with enquiries and comments;
- Through your donation, support or volunteering.
If you take one the steps mentioned above, we may collect and process personal information about you such as:
- Your name, address, email address and other contact information;
- Records of your correspondence with us, if you have contacted us;
- Education achievements;
- Circumstantial information;
- Financial data;
- Details of your visit to the website;
- Information about your educational/professional experiences, and any other information provided to us in your comments.
- We may collect special category data, such as health information, race or religion in certain circumstances. We only collect this information with your expressed consent, and we will inform you of the requirement of this information before you submit it.
Our Lawful Bases for Processing
The lawful bases for processing are set out in Article 6 of the GDPR and Section 8 of the DPA 2018. At least one of these must apply whenever personal data is to be processed:
- Consent: you have given the Trust clear consent for your personal data to be processed for a specific purpose.
- Contract: the processing is necessary for a contract you have with the Trust has asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for the Trust to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for the Trust to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for the Trust’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
Where we store your personal data:
The data that we collect from you will be processed at our servers in the UK. It may also be processed by organisations operating in the EEA that the Trust has instructed.
If Personal Data is transferred outside the UK or EEA to a country without a designated adequacy rating the Trust will request the data subject's consent before processing the data. Consent will not be sought where the Processor's Binding Corporate Rules and/or Standard Clauses stipulate that the data will be processed in accordance with GDPR.
Uses made of the information:
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations, for the following reasons: to provide you with the services you have requested; to comply with applicable laws and regulations; for administrative purposes; to assess enquiries; and to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at firstname.lastname@example.org.
Disclosure of your information:
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property, or safety of HWCT, or others. This includes exchanging information with other organisations for the purposes of safeguarding or other statutory regulations we have to comply with.
Your data subject rights are listed below:
- The right of access.
- The right to rectification.
- The right to erasure or right to be forgotten.
- The right to restriction of processing.
- The right to be informed.
- The right to data portability.
- The right to object.
- The right not to be subject to a decision based solely on automated processing.
If you wish to have a copy of the data we hold about you, please write to us on email@example.com. The Trust makes every endeavour to honour your ‘Right of Access’ and is committed to respond to your request within 30 days of validating your identity.
HWCT may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
Please see our Cookies Policy for more information.
For further information on your rights and how to complain to the ICO, please refer to the ICO website https://ico.org.uk/concerns
Information Commissioner's Office
Tel: 0303 123 1113 (local rate)