This statement outlines our commitment to you with regards to what information we collect, steps we take to protect and secure it, how we use and share the information, and how you can contact us with questions or concerns.
We will notify our contacts via this website or email if we need to change how we intend to use your personal information.
Personal access and data erasure
The House of Bread is fully committed to compliance with the requirements of the General Data Protection Regulation and will therefore follow procedures which aim to ensure that all employees and volunteers or others serving The House of Bread who need to have access (see Data sharing below) to any personal data held by or on behalf of The House of Bread are fully aware of and abide by their duties under the General Data Protection Regulation.
We rely on Legitimate Interest as the lawful basis for processing personal data. The data we process is freely provided by the data subject at the point of personal information entry. We request the minimum amount of data to carry out the processes requested by the data subject, and do not share this data outside of our organisation (exceptions outlined under Data sharing below). We also process data for the purpose of direct marketing of events and products that we believe are of interest and benefit to the individual, and always provide a clear and simple option to unsubscribe from such communications.
The House of Bread needs to collect and use information about employees, volunteers and guests in order to operate and carry out its functions. The House of Bread may also be required by law to collect and use information. The House of Bread regards the lawful and appropriate treatment of personal information vital to successful operations and in maintaining confidence between The House of Bread and those with whom it carries out business.
The House of Bread may also collect and store information about your financial transactions with us. This is needed to keep a record of income, for tax purposes and to process payments and Gift Aid. We do not have access to your credit card details if you have paid online and we do not retain your credit card details provided by any other means once your payment has been cleared. All online payments are processed via a GDPR-compliant third party.
The House of Bread will, through management and use of appropriate controls, monitoring and review:
- Use personal data in the most efficient and effective way to deliver its services.
- Strive to collect and process only the data or information which is needed.
- Use personal data for such purposes as are described at the point of collection, or for purposes which are legally permitted.
- Strive to ensure information is accurate.
- Not keep information for longer than is necessary.
- Securely destroy data which is no longer needed.
- Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data).
- Ensure that there is general information made available to the public of their rights to access information.
- Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation. These rights include the right:
• to be informed
• of access to personal information
• to request rectification
• to request erasure
• to restrict processing in certain circumstances
• to data portability
• to object to processing
Personal access and data erasure
The House of Bread must act upon any request to remove personal data without undue delay and at least within one month of receipt. However, the right to remove your personal data is not absolute and only applies in certain circumstances. It does not apply if processing is necessary for one of the following reasons:
- To exercise the right of freedom of expression and information.
- To comply with a legal obligation.
- For the performance of a task carried out in the public interest or in the exercise of official authority.
- For the establishment, exercise or defence of legal claims.
Access to your online data is limited to The House of Bread employees and named employees of our web server and database team for the purpose of system support and management.
We securely store your first name, last name and email address with a GDPR-compliant online communications platform (Mailchimp) to manage and distribute emails. We use tracking to monitor the performance of our emails and their content (e.g. to monitor the open rate of emails or the popularity of specific links). You are given the opportunity to manage your communication preferences or unsubscribe from all emails each time you receive an email from us.
We use physical, electronic and procedural safeguards to protect your personal information.
If The House of Bread learns of a security systems breach, we will post a notice on our website and will attempt to notify you via email so that you can take appropriate protective steps.
If you have any concerns or queries, please don’t hesitate to contact us at firstname.lastname@example.org
Last updated: 24 March 2019