The Sibyls – Privacy Notice
1. Introduction
Protecting the security and privacy of your personal data is important to the The Sibyls. This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe. Furthermore, you will find information about your rights, which is based on GDPR (General Data Protection Regulation), effective from 25th May 2018.
2. About The Sibyls
The Sibyls is a Christian Spirituality Group for Gender Variant People and their supporters and friends. We are a voluntary organisation. Membership is free. Absolute confidentiality is a cornerstone of our existence and a commitment to absolute confidentiality (never disclosing any details to anyone, including other members of Sibyls, without express consent to a specific disclosure for a specific purpose to specified recipients).
The Sibyls
Address: Sibyls,10 Ffordd Las, Rhyl LL18 2DY
Email: [email protected]
3. Lawful basis for Processing Data
Under the following legal conditions, GDPR allows us to collect your personal data;
Consent
We can collect and process your data with your consent.
For example, if you wish to receive our newsletter or book on a Sibyls event.
If we collect your data, which is necessary for our business, we will always inform you about it.
Contractual obligations
We are collecting your personal data in certain situations like contractual obligations.
For example, for your booking to be processed we need your telephone number as well as other necessary personal data.
Legal compliance
We collect and process your data in accordance with where the law allows us to do so.
For Example, if the people have been involved in any criminal activity, which will impact our partnership then we must pass your personal data to law enforcement.
Legitimate interest
We process personal data for certain legitimate administrative reasons to allow the organisation to function.
4. When do we collect your personal data?
For example;
- When you complete our membership application form;
- When you book or register for an event with us;
- When you get in touch with us by any request or complaints
5. What kind of personal data do we collect?
We collect the following Personable Identifiable Information (PII):
- Preferred name
- Postal Name
- Postal Address
- Telephone Number – Landline
- Telephone Number – Work
- Telephone Number – Mobile
- Membership category
- Communication Preferences
- Consent Status
- Date of Joining
- Region
- Email address
There is a Sibyls Closed Facebook Group as well as a public group. The security of information on these sites is subject to the data processing policies of Facebook and The Sibyls cannot be held responsible for the policies or practices of Facebook. In particular, members for whom confidentiality is paramount should be aware that interaction with either the Sibyls Public or Closed Facebook pages may result in members being publicly associated with The Sibyls or members of The Sibyls which might result in the unintentional disclosure of the gender variance issues
6. How and why do we use your personal data?
We use your personal data to run the organisation efficiently and to advise members of its activities, meetings, AGM etc. and his is overwhelmingly to the benefit of the members and the organisation.
Our legal grounds for processing your data are in relation to the points above that are for performance of a contract with you and in relation to above, necessary for our legitimate interests to operate and provide events and activities.
We will not share your details with anyone other than officers of The Sibyls for any purpose except with your express consent.
7. To whom we disclose your personal data?
We may have to share your personal data with;
- Service providers who provide accommodation or IT services.
We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
8. International transfers
None apart from communication with our members located outside the UK.
9. How long we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. Membership records are retained for as long as members continue to provide their consent to be members.
10. How we protect your personal data?
Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those Sibyls officers and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
The following management policies have been adopted to secure the confidentiality of your data:
- All e-mail cascades will continue to be sent bcc (blind carbon copy) so that recipients are not identified;
- Members postal addresses will not normally be contacted other than for people without a valid e-mail address;
- Membership data will be held on a single PC protected by up-to-date anti-virus software and firewalls;
- Up-to-date proprietary software will be used and updated promptly for the latest security patches and updates;
- The database will be password-protected;
- The database will be encrypted;
- Data provided to any officers or members to organise activities of the organisation will be kept securely, only used for the specific purpose for which they have been provided and will be deleted as soon as the specified purpose has been achieved
- The Closed Sibyls Facebook Group only admits members in good standing proposed by Officers of the Organisation.
We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so. In certain circumstances you can ask us to delete your data. See the section entitled ‘your rights in respect of your personal data’ below for more information.
We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. Your rights in respect of your personal data
Right of access by the individuals
Under the GDPR “right of access” you have the right to request us free of charge in most cases with following information whether your personal data are being processed:
- the purposes of the processing;
- the categories of personal data concerned;
- To whom the personal data have been or will be disclosed. For example, to third party providers of services such as accommodation;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- Delete the personal data or restriction of processing or to withdraw your consent
- the right to lodge a complaint with a supervisory authority;
Right to erasure (‘right to be forgotten’)
You have the right to request deletion of your personal data. In this case we will delete your personal data without undue delay. This will be done providing there is no legal obligation or legitimate interest to retain the data.
Right to restriction of processing
One of the following circumstances you have the right to request the restriction of processing:
The correction of your personal data when incorrect, out of date or incomplete.
The processing of personal data is unlawful and you request from us to instead of deleting your information the restriction on the use of personal data.
Right to data portability
You have the right to withdraw your consent at any time, which you have given us to processing your personal data.
12. Contacting to supervisor authority
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or please click on the following to link to get communicate to ICO: https://ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.