Privacy notice for learners with Silver City Surfers
Silver City Surfers takes your privacy seriously. We are a “controller” of the personal information that you provide to us and this privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.
What we need from you
When you register with the Silver City Surfers, we will ask you for the following personal information:
- Contact details – name, email address, phone number.
- Equality information – sex, age range, postcode, disability, ethnic group (kept anonymously).
- Information to improve our service – how you heard about us, your existing digital skills (kept anonymously).
Each time you attend a session with us, we record information relation to the tutorial: equipment, topics discussed (kept anonymously)
Why we need your personal information – legitimate purposes
We process your personal information in pursuit of our legitimate interests to
- Provide you with news and updates about our activities.
- Improve our service to you.
Why we need your personal information – equality monitoring
We use aggregated and anonymised reports of our members’ personal information for equality monitoring purposes, enabling us to report on equality issues to our funders.
Who we share your personal information with
We share personal information only with MailChimp to distribute some of our email communications. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security. Anonymised data is summarised and presented as necessary to our funding bodies.
How we protect your personal information
Electronic information is held on a shared drive in the Cloud (Google Drive). Access is limited to members of the Management Committee, the Coordinator and the Data Controller (if not a member of the MC) through their Google accounts. All those who have such access are instructed to ensure that their Google accounts are protected by passwords with the highest level of security. Google has a base within the EU and stores and processes data under GDPR.
Paper records are held in locked cabinets at the Citadel. All paper waste containing personal information will be disposed of by shredding.
How long we keep your personal information
In general, the above information (electronic and paper) will only be held for as long as it is necessary and useful. It will be reviewed every two years by the Data Controller and information relating to an individual who has clearly ceased to have any interaction with us will be removed. It will also be deleted at your request.
You have a right to:
- Change your communication preferences or restrict the processing of your personal data for specific purposes.
- Request that we correct your personal data if you believe it is inaccurate or incomplete.
- Request that we delete your personal information.
- Access the personal data that we hold about you through a “subject access request”.