Our Privacy Notice

Who are we?

WE are WHOLE AGAIN COMMUNITIES, a company registered in England and Wales under number 08704098 whose registered address is at 22 Penbrea Road, Penzance, TR18 3NY hereinafter referred to as (‘WAC’ ‘We’, ‘Us’ or ‘Our’), have created this privacy statement (‘Statement’) in order to reflect the transparency requirements expected of Us by law and Our own ethics. In this Statement, references to ‘You’, ‘Your’ and ‘Participant’ are references to Participants who uses the Site at http://wholeagaincommunities.co.uk/

Your privacy is extremely important and We are only too happy to comply with the law and provide You with clear and transparent information about how We use Your PD.

We only process it for the purposes outlined and We process as little of it as possible. Our aim is not to be intrusive and We undertake not to ask You irrelevant or unnecessary questions. We will try Our best to keep Your PD accurate and up-to-date but do try to help Us with this too please!

We also have robust measures and procedures in place to minimise the risk of unauthorised access and to keep it secure. Also, We only share it with third parties where We have a right to do so and where we are satisfied that the third party shall treat it with the same or higher levels of respect.

This document outlines how We process Your when You use Our Site or otherwise communicate with us including by email or telephone. We are committed to respecting Your privacy and protecting Your PD. For the purpose of the Data Protection Legislation, We are the Data Controller (ICO registration number: ZA100653)

For all matters relating to privacy and data protection, please contact our Data Protection Lead (DPL) by email to hkestle@wholeagaincommunities.co.uk or by telephone to 01736 369772.  

This Statement incorporates Our Cookie Policy. You can take a look at the definitions at the bottom of this page.

We might make changes to this Statement and you’ll be able to see the date that we updated at bottom of this page.

How do we process your personal data

We need to process some of your PD so that we can provide services to you. We will only collect the PD that we have a legal right to collect. We will collect

  • only what we need

  • use it for the purposes that we state

  • Hold on to it for as short a time as possible

What do we collect if you are Participant?

We will collect from you, your:

  • Name, Address, Phone Number, and Email Address

  • Health Data and Accessibility issues

So that:

  • You can take part in our courses

This is so that we can fulfil our contract to you and in the case of Health Data, this will be with your explicit consent.

  • We will only keep your personal data for 1 year.

What do we collect if you are thinking of becoming a Participant?

We will collect from you, your:

  • Name, Address, Phone Number, and Email Address

So that:

  • You can find out more about our courses

You will have consented for us to provide you with this information.

  • We will only keep your personal data for 1 year.

What do we collect if you want to become a volunteer?

We will collect from you, your:

  • Name, Address, Phone Number, and Email Address

So that:

  • You can get involved and volunteer with us.

You will have consented for us to provide you with this information.

  • We will only keep your personal data for 1 year.

What do we collect if you subscribe to our blog?

We will collect from you, your:

  • Name and Email Address

So that:

  • You can be informed about new blogs on our wesbite

You will have consented for us to provide you with this information.

  • We will only keep your personal data for 1 year.

Technical Data

We currently don’t use cookies or tracking technology to monitor the effectiveness of our site. If and when we do, we will ask for your consent when we use third party cookies or similar technology.

We may use SquareSpace’s own analytics tool be able to see your visits to the site, page views, downloads, navigation and exit; IP address; geographical location; browser type and version; operation system; referral source, length of your visit. This is so that we can improve our website. If you have any further questions, please do get in touch.

More information

If we were ever to want to use your PD for a different purpose, we will ask you first.

Sometimes we have a legal duty to keep hold of information.

When you have consented for us to use your personal data, you have a right to withdraw that consent at any time.

How do we communicate with you?

Non Marketing Communications

We will send you information about courses and confirmation of your booking. We will do this via email or Facebook Messenger.

Marketing Communications

We only send out a notification of our blog via email once you’ve subscribed online. You can unsubscribe at any time. Just let us know or unsubscribe at the bottom of the email.

More information:

If we use Legitimate Interest as a legal basis, we will ensure that we have done an assessment to prove that we have a legal right to do so.

We compile reports to help us run our organisation so that we can improve our service and report to others. These reports do not contain personal data and we are careful to preserve your anonymity.

This site may contain links to other websites or applications. We are not responsible for the privacy policies or content of any other websites, and you should be careful to read and understand the policies of other websites.

Who do we share your PD with?

We sometimes work with other organisations or individuals so that we can improve our organisation and to enable us to do more in the community. Therefore, sometimes we have to share your PD with others. However, we only share what is necessary and we also make sure that we have agreements with other organisations to make sure that they take your privacy as seriously as we do.

Here are some of the organisations and software we may share PD with:

Our Accountant and Bookeeper

Contractors and Consultants who help us run our organisation

Our Webhost - when you contact us via our website or subscribe to our blogs.

Legal Advisors/Authorities - only when this is necessary

Microsoft - We use Microsoft Outlook to communicate and run our organisation

Facebook - We have a Facebook Page which you are free to join. We don’t share your data with Facebook, but because we are ‘Joint Controllers’, we have put our Privacy Notice on the Facebook page.

We ensure that we have the correct legal documentation with these other organisations.

Facebook and Google are currently using Standard Contractual Clauses to safeguard your PD.

What are your rights?

You have a number of rights that You can exercise free of charge and on request in certain circumstances, however, if Your requests are obviously unfounded or excessive, We reserve the right to charge a reasonable fee or to refuse to act.

You have the right:

  • to be informed about the collection and use of Your PD. This is what this Statement fulfils

  • to access Your PD and supplementary information (‘DSAR’);

  • to have inaccurate PD corrected, or completed (if it is incomplete);

  • to have Your PD erased;

  • to restrict Our processing of Your PD;

  • to receive a copy of any PD You have provided to Us, in a machine-readable format, or have this information ported to a  third party;

  • to object AT ANY TIME to processing of Your PD for direct marketing purposes;

  • to object in certain other situations to the continued processing of Your PD.

For more information on your rights, please contact the Information Commissioners Guide.

We have a Data Subject Rights Request Form which you can download and fill in. We will respond to you within ONE month unless the request is complex. If we need more time (up to two further months) we will let you know within the first month.

What if I have a query or a complaint?

QUERY: We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. For all matters relating to privacy and data protection, please contact Our DPL hkestle@wholeagaincommunities.co.uk

COMPLAINT: We try to meet the highest standards when processing Your PD. For this reason, We take any complaints We receive about this very seriously and We encourage You to bring it to Our attention. While We hope to be able to resolve any concerns You have about the way that We are processing Your PD, You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (or with the supervisory authority of the European Member State where You work, normally live or where the alleged infringement of data protection laws occurred) if You believe that Your PD has been processed in a way that does not comply with the Data Protection Legislation or have any wider concerns about Our compliance. You can do so by calling the ICO helpline on 0303 123 1113 or via their website here.

Changes to this statement

We will keep this statement under review.

This statement was last updated in July 2021

Definitions:

Data Controller or DC or JDC or IDC: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of PD (Article 4(7));

Data Processor or DP: means a natural or legal person, public authority, agency or other body which processes PD on behalf of the Data Controller (Article 4(8));

Data Protection Legislation: means, as applicable to either Party:

(a)    the General Data Protection Regulation 27 April 2016;

(b)    the Data Protection Act 2018;

(c)    the Privacy and Electronic Communications (EC Directive) Regulations 2003;

(d)    any other applicable law relating to the processing, privacy and/or use of PD, as applicable;

(e)    any laws which implement any such laws; and,

(f)     any laws that replace, extend, re-enact, consolidate or amend any of the foregoing.

Data Protection Lead (DPL): Helen Kestle

Data Subject Access Request or ‘DSAR’: refers to right of access

EEA: refers to the European Economic Area which consists of all EU member states, plus Norway, Iceland, Liechtenstein.

Electronic Mail: includes but is not limited to email, text, video, voicemail, picture and answerphone messages (including push notifications).

Marketing Communication(s): refers to any communication whether by an Electronic Mail method or otherwise that We send to You (either directly or via a Service Provider) which may include but are not necessarily limited to relevant newsletters and magazines, information about opportunities, products, services and events and relevant information.

Non-Marketing Communication(s): refers to any communication which is functional/ administrative only as distinct from Marketing Communications.

Personal Data or PD: has the meaning set out in the Data Protection Legislation and shall include Special Category Data (as applicable).

Services: refers to Our Services We may provide to You.

Special Category Data: has the meaning set out in the Data Protection Legislation.

Technical Data: refers to that at Clause 1.5 which is capable of being considered PD.

Third Party: refers to a Data Processor or Data Controller with whom We may need to share Your PD. This includes Service Providers.

UK General Data Protection Regulation or UKGDPR: the UKGeneral Data Protection Regulation ((EU) 2016/679). PD is subject to the legal safeguards specified in the Data Protection Legislation including the UKGDPR.

 

Contains public sector information from https://ico.org.uk licensed under the Open Government Licence v3.0 [[http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/]].