As Prisons Week your privacy matters to us. We are committed to acting with integrity to both protect any information which we may have about you, and we will never transfer, sell or otherwise pass on your personal data to any other party.
Please do read this policy carefully and contact us with any questions or concerns about our privacy practices.
This policy is written to comply with the GDPR regulations (2018)
Prisons Week c/o Free Churches Group, 27 Tavistock Square, London, WC1H 9HH
Charity Reg # 1020920
We have appointed a data protection lead (DPL) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPL at email@example.com, by calling 0203 661 8336 or writing to Data Protection Lead, Prisons Week , 27 Tavistock Square, London, United Kingdom WC1H 9HH You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What information do we collect?
- We may maintain the following data about you.
- Name, Email Address, Country of Residence, and where submitted for a specific purpose your status in terms of our groups of concern. This may include sensitive data relating to a specific protected characteristic. These are:
- Serving or Former prisoner / Have Received Community sentence / Family member of a person with a conviction
- Prison officer / Prison Chaplain / other staff working in prison
- Police officer / Court staff / Magistrate / Judge / other staff working in the Criminal Justice Sector
- Victim of crime / Family member of Victim of crime
- Member of a community that affected by crime
- Member of a Faith community
By engaging with Prisons Week it could be possible for third parties to infer an adherence to a particular religious belief.
This data will be collected via direct mailing, appeals or via the Prisons Week website. We do not purchase data from third parties and we do not hold any financial information about you.
How do we use personal information?
- We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- When we need to perform the contract we are about to enter into or have entered into with you.
- When it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
- Generally we do not rely on consent as a legal basis for processing your personal data other than when we collect Special Categories of Data or in relation to sending direct mailing communications to you via email. You have the right to withdraw consent to marketing at any time by clicking on an unsubscribe link in one of our emails to you or by emailing firstname.lastname@example.org.
Purposes for which we will use your personal data
- We have set out below a description of the ways we plan to use your personal data. We collect and process information so that we can:
- manage, administer and promote the charity;
- administer financial transactions and donations;
- ask for financial support and non-financial support such as volunteering or prayer
- manage our fundraising activities and supporter communications;
- administer our events;
- supply you with Prisons Week leaflets where requested;
- respond to Prisons Week enquiries;
- manage our websites and social media accounts;
- manage our HR function;
- Where we need to comply with a legal or regulatory obligation.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please email the DPL if you need details about the specific legal ground we are relying on to process your personal data.
Storing your Data
All data which we store about you is maintained
– On our web-mail inboxes,
– in the Prisons Week GDPR-compatible mailchimp account,
– on the Google Drive folder administered by Prisons Week,
– on the Eventbrite account administered by Prisons Week.
We will treat your personal data confidentially and will only disclose it to third parties as described above.
We are committed to ensure that the data we hold about you is stored in a secure manner, and so we use password-protected encryption to ensure that your data is not accessed without our consent.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
External Third Parties
- Service providers acting as processors based in the UK who provide IT and system administration services.
- Event management systems including Eventbrite
- Electronic mailing and survey services such as Mailchimp*, SurveyMonkey and Mailerlite.
- Professional advisers including lawyers, bankers, auditors, pension advisors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Zoom, who provide an online video conferencing service that we use for meetings, courses, events and training.
External Third Parties Privacy Policies (for online services only):
How long do we keep your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your rights in relation to personal data
We respect your right under the GDPR(2018) to access and control your personal data.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
If you wish to exercise any of the rights set out above, please email the DPL
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.