Privacy Policy
1. Introduction
1.1 We are The Bowerman Charitable Trust (referred to as “the Trust”, “we”, “us” and “our” in this Privacy Policy), a charity in England with registered charity number 289446.
1.2 Please read this Privacy Policy in conjunction with our general Terms and Conditions, which cover your access to our website as well as online orders and donations.
1.3 The information set out in this Privacy Policy is provided to individuals whose personal data we process (“you” or “your”), in compliance with our obligations under Articles 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR).
1.4 To make this information clear, we have divided the data we receive into the following groups and corresponding Schedules, each of which refers to: the particular category of information we collect and retain; from where we obtain the information; the purpose and legal basis of processing and to whom we will (if applicable) disclose the information:
Schedule 1 Data about our patrons, donors and all individuals in respect of whom we have acquired personal information in connection with any products or services offered by us or events staged by us
Schedule 2 Data about our suppliers and supplier personnel
Schedule 3 Data about individuals who apply for employment or volunteer roles with us
Schedule 4 Data about trustees and staff of the Trust, and former trustees and staff and other individuals who spend time at the Trust (such as consultants)
1.5 In addition to the above, individuals who interact with us in any of the above capacities should also refer to the following:
Schedule 5 Data collected about visitors to our facilities
2. Data controller details
2.1 We are the data controller in relation to the processing of the personal information that you provide to us. Our contact details are as follows:
2.1.1 Address: Champs Hill, Waltham Park Road, Coldwaltham, Pulborough RH2O 1LY.
2.1.2 Email address: info@thebct.org.uk (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
3. Retention of personal data
Our retention and deletion policy can be found here – please see Schedule 6.
4. Your rights in respect of your personal data
4.1 You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we are processing. From 25 May 2018, if you are based within the UK or the EEA or within another jurisdiction having similar data protection laws:
4.1.1 you will have the following rights:
4.1.1.1 right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); and
4.1.1.2 right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
4.1.2 in certain circumstances, you will also have the following rights:
4.1.2.1 right to erasure/“right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);
4.1.2.2 right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
4.1.2.3 right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and
4.1.2.4 right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
4.2 Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to carry out our contractual obligations to you or provide you with access to all or parts of our services.
4.3 If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: www.ico.org.uk
5. Security
5.1 We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:
5.1.1 where appropriate, data is encrypted when transiting on our system or stored on our databases;
5.1.2 we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and
5.1.3 we frequently carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud.
5.2 However, whilst we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone.
6. Changes to this Privacy Policy
We may amend this Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always update this Privacy Policy on our website, so please try to read it when you visit the website (the “last updated” reference tells you when we last updated our Privacy Policy).