Privacy policy
1. Introduction
1.1. The Representative Council of North East Jewry (‘Council’) takes the privacy of all our contacts’ personal information very seriously and we take reasonable care to comply with the requirements of the UK Data Protection Act 1998 (‘the Act’) and the 2018 General Data Protection Regulations (GDPR). This relates to the personal information you may supply to the Council in order to send an enquiry or comment.
1.2. This policy also relates to what we save on our database and in regard to what we use on our website and other social network and communication websites.
1.3. The legal basis for processing your personal data is that we have a legitimate interest in doing so. The legitimate interest being pursued is that as a community and membership organisation we need to hold a certain amount of personal data relating to our members so that we can manage membership and communicate with them appropriately about the Council’s activities and services.
1.4. We are aware that religious beliefs are considered sensitive personal data. It follows that all of the data that we may hold on our Jewish members is sensitive as it is an indication of their religious beliefs.
1.5. For the purpose of the Act, the Data Controller is the Secretary. The main Data Processor is the Administrator.
2. Your Personal Data
2.1. The information we gather from you when you contact us will include your name, address, email address, phone and any other personal information you submit to the Council.
2.2. We require this information in order that we can identify who you are, where you live, how we can contact you and other information that is required to respond, assist and/or support you.
2.3. We might also use your personal data for the following purposes:
2.3.1. To meet pastoral and welfare needs of the community, and to invite you to engage in community initiatives.
2.3.2. To inform you of fundraising activities, events or new initiatives that the Council may be organising.
2.4. We will not sell, distribute or disclose your Information without your consent, or unless required or permitted to do so, by law. Required sensitive personal information will be held by the main Data Processors. This information is kept secure by those who are in possession of it.
2.5. In order to help us communicate with you and to store data cost-efficiently, we may use the Mailchimp cloud-based technologies.
2.5.1. If we transfer information outside of the UK, we will make sure that it is protected in the same way as if it was being used in the UK by transferring to countries with privacy laws that give the same protection as the UK.
2.6. We may share your anonymised data with other Jewish organisations for the purposes of demographic and statistical information.
3. Access to personal data
3.1. You have the right to obtain confirmation that your data is being processed and access to your personal data and to information corresponding to that in this privacy notice.
3.2. This information will be provided free of charge except where excessive, repeated or duplicate requests are made. In such a case a fee of £10.00 per hour to cover the costs of administration will be made. Such information will generally be provided electronically or by mail within one month of the request.
4. Internet
4.1. Please remember that methods of Internet communication, such as emails and messages sent via a website, are not secure, unless they are encrypted. We take no responsibility for any unauthorised access or loss of personal information that is beyond our control.
4.2. We may provide links to other websites and/or media, however we do not place personal data including photographs and events on our website unless requested. We do not accept responsibility for the protection of any data included on our website and on social media sites.
4.3. Our website uses cookies. Cookies are very small text files that are stored on your computer when you visit some websites. Cookies can either be persistent or session cookies. Our website uses both types of cookies.
4.3.1. We use cookies to help identify your computer so we can tailor your user experience. You can disable any cookies already stored on your computer, but this will stop our website from functioning properly. We do not store any personal information in raw format in cookies.
5. Complaints about a data breach
5.1. When we receive a complaint from a person we will make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
5.2. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
5.3. Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
6. Registering a data breach
6.1. In case of a personal data breach that is likely to result in a risk to people’s rights and freedoms, the Council will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours.
6.2. High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. You will need to notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.
6.3. A breach notification must contain the nature of the personal data breach including, where possible:
6.3.1. The categories and approximate number of individuals concerned.
6.3.2. The categories and approximate number of personal data records concerned.
6.3.3. The name and contact details of the data protection officer or other contact points where more information can be obtained.
6.3.4. A description of the likely consequences of the personal data breach.
6.3.5. A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
7. Changes to Privacy Policy in relationship to data held by the Council
7.1. Our Privacy Policy may change from time to time. In this case, the amended version will be published on the website (www.northeastjewish.org.uk).
Further information about GDPR can be found on the ICO’s website or through the link:
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/