Outwood Social – Privacy Policy
- Policy Creation Date: February 2023
- Policy Review Date: February 2024
This Privacy Policy is provided to inform those members of the public who use our website, ‘MeetUp’ Event platform, contact us, and attend our events and activities.
ABOUT US
Outwood Social offers a calendar of outdoor events that brings likeminded people together. Aimed at people in their 20s, 30s and 40s, activities range from outdoor adventure, to wellbeing, learning new skills and plenty of socialising in-between, there is always plenty to choose from. The majority of our attendees come along solo, so there is always plenty of people to get to know.
Events can include Hiking, Yoga, Paddle Boarding, Trail Running, Camping, Activity Taster Sessions, Volunteering and plenty of food and drink, plus much more.
Our aim is to build an amazing collective of active, likeminded and fun-loving people. If you have an idea for a group event or any questions, then please drop Leanne a direct message on [email protected]
Privacy, confidentiality, and data protection
Our members’ privacy matters to us and we are committed to the highest data privacy standards, confidentiality and meeting the obligations placed on us by the Data Protection Act 2018 and other relevant UK laws.
We shall protect personal data and adopt the six core principles of data protection law which are:
- Lawfulness, fairness and transparency: we process personal data lawfully, fairly and in a transparent manner in relation to the member, the data subject.
- Purpose limitation: we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
- Data minimisation: we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
- Accuracy: we take every reasonable step to update or remove data that is inaccurate or incomplete. Members have the right to request that we erase or rectify erroneous data that relates to them, and we will complete this task as soon as possible but guarantee to do so within a week of being notified.
- Storage limitation: we delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.
- Integrity and confidentiality: we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
How we collect members’ data
We collect members’ personal information via disclosure directly from the member. This might be via our website, ‘Meetup’ platform, email, telephone, post or face to face engagement. When we collect this information, we will explain our reasons for its collection and use.
WHAT DATA DO WE COLLECT?
We will collect information relevant to the services that we provide and the events/activities that members have chosen to sign up for. The amount of information collected by us, will be kept to the minimum needed for this and to meet any contractual or legal requirements we have. The following main types of information may be collected and dependent on our engagement with you:
- Basic contact and personal details: name / address / contact number / email address
- Next of Kin details: in case of a need to make contact in an emergency.
- Banking details: in order for us to be able to process your payments for the events/activities that you attend.
- Medical, health and wellbeing information: shared at your discretion, but this maybe important for us to know so that we can safeguard you completely whilst you are attending events/activities with us
- Equality and diversity information: shared at your discretion (i.e., not required unless you voluntarily offer this information)
- Photographs
Our legal basis for processing members’ personal data
We are required to identify one of six possible legal grounds for processing. These are:
- Consent
- Contract
- Legitimate interests
- Vital interests
- Public task
- Legal obligation
We will seek agreement from members to process their personal data and will ensure they are informed of our intentions for its use.
As stated above, when we ask for equality and diversity information, this is optional and will not affect the provision of our services or a member’s participation in any of our events/activities. Such information will only be obtained on a consensual basis.
We may also seek consent to take and use photographs to help promote the Outwood Social Group and to share/celebrate events on our website / promotional literature. We will always ensure we have members’ consent before posting images or for any form of marketing or promotional information.
We also process data based on legitimate interests, in cases where the processing is required to enable us to efficiently provide our services and support or maintain the records we are required to keep.
Processing will also be conducted on the basis of meeting our legal obligations, such as any personal data collected for purposes of financial record keeping, event attendance planning, evaluation and analysis etc.
How we use members’ data
In order to help, support and/or keep in contact with our membership we need to store personal information and use it for the specific purposes for which the member provided it to us. Some of this information, such as details about personal health or medical conditions, is deemed sensitive under current data protection law and will be handled accordingly.
For some of the events/activities that we host, we may need to share some information with the event venue and/or other partners with whom we are delivering the event. We will inform members when we intend to share their personal data, except in exceptional circumstances where personal welfare is at stake, or there is a legal requirement for us to do so. We will ensure that external organisations are contractually required to implement the same levels of confidentiality and protection as we employ ourselves.
We rely on the invaluable support of our many volunteers to lead and host some of our events/activities and members’ information may be shared with them on a need-to-know basis, relevant to the event/activity they are leading/hosting.
It is important that we keep the information we hold about members as accurate and up to date as possible. If members have a change to their circumstances or wish to change any information, they must let us know immediately.
How we store and protect members’ data
Leanne Danby, Outwood Social Founder, is responsible for the security and protection of members’ data. In support, Leanne has administration colleagues to ensure adequate levels of technical and organisational measures are in place to maintain the integrity and confidentiality of all personal data.
All our volunteers/event hosts/leads receive policy training in data protection, security, and confidentiality. They are also given awareness training on data protection legal requirements and required to sign confidentiality agreements.
Personal data in electronic format will be securely stored on encrypted databases, which are password protected and only allow authorised access. We employ both software and hardware protection against viruses, malware and hacking exploits.
Personal data will not be accessed except to manage our services, update members on event/activity offerings or to contact you, for example, if an event that you have signed up to attend changes or doesn’t go ahead.
When we share personal data with other parties, we will do so with members’ consent and ensure that they apply adequate technical and organisational measures to maintain the protection of members’ data.
In the unlikely event that we lose any data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform members immediately. If the loss or unauthorised access of data has potential to cause member harm, we will also report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK: https://ico.org.uk/
How long do we keep members’ data?
We are required by law to keep some personal data, even after we have finished providing services and/or a member has left the group. Records will also be maintained for a period to enable us to respond to any subsequent enquiries or complaints.
Our current policy is to retain the majority of members’ records for a period of six years following our last engagement with. After this, we will only keep a very limited, anonymised amount of data. This is to assist us in planning and developing future services, events and activities.
Where personal data is identified as not essential for the records we have to maintain, we will not keep them longer than they are needed during our engagement with you.
All personal data no longer needed to be retained is cleansed from our systems and/or securely destroyed.
Members’ rights in relation to personal data
Under the Data Protection Law, members have rights to access and control their personal data. These rights include:
- Access to personal information
- Correction and deletion
- Withdrawal of consent (if processing data on condition of consent)
- Data portability
- Restriction of processing and objection
- Lodging a complaint with the Information Commissioner’s Office
If members are unhappy with anything we have done with their data, they have the right to complain to the Information Commissioners Office. To make a complaint to the Information Commissioners Office use this link: https://ico.org.uk/make-a-complaint/ or call their hotline on 0303 123 1113.
How to contact us for general information
For all data protection matters or questions relating to how we manage personal data, please contact Leanne Danby ([email protected]).