Privacy policy

This privacy policy tells you what to expect BPRCVS to do with your personal data when you make contact with us or use one of our services/projects.

We’ll tell you:

  • why we are able to process your information
  • what purpose we are processing it for
  • how long we store it for
  • whether there are other recipients of your personal information
  • whether we intend to transfer it to another country, and
  • whether we do automated decision-making or profiling

The first part of the notice is information we need to tell everybody.

 

BPRCVS is the controller for the personal information we process, unless otherwise stated.

 

There are many ways you can contact us, including by phone, email and post.

Our postal address: The CVS Centre, 62-64 Yorkshire Street, Burnley, Lancashire, BB11 3BT

Phone number: 01282 433740

Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Most of the personal data, special category data and children’s data we process is provided to us directly by you for one of the following reasons:

  • You are representing your organisation
  • You are a service user of one or more of our projects and services
  • You wish to attend, or have attended, an event
  • You subscribe to our e-newsletter
  • You have applied for a job or secondment with us
  • You have made an information request to us
  • You have made a complaint or enquiry to us

 

We also receive personal data indirectly, in the following scenarios:

  • An employee/client/volunteer of ours gives your contact details as an emergency contact or a referee

    

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal data. ​

 

Data Subject Rights

Under GDPR you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your Right Of Access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.

Your Right To Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.

Your Right To Erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.

Your Right To Restriction Of Processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.

Your Right To Object To Processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here.

Your Right To Data Portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

 

Below are the current practices undertaken by BPRCVS where your personal data may be collected, processed or affected. For each project, service and data collection channel we have described in detail the purpose for BPRCVS collecting and storing data, the lawful processing basis determined by BPRCVS, what data is stored, who holds the data and who can access it, how we keep your data safe, how long you can expect us to keep your data, and when and how the data is removed and destroyed.

 

 

Website

Purpose For Collecting & Storing Data

We collect and store cookie data from visitors to www.bprcvs.co.uk. This is for the purpose of improving the website by monitoring how you use it.

Basis For Processing Data

Upon visiting the website for the first time you agreed to the cookie policy of BPRCVS. By clicking ‘Ok’ you consented to BPRCVS collecting and storing cookie information.

What Data Do We Store

BPRCVS stores your IP address and details of which version of web browser you used. We also store information on how you use the site, using cookies and page tagging techniques to help us improve the website.

Who Holds The Data

The data is held on secure servers in an off-site location by Apex Hosting, our webhosting company. On occasion whereby the data has been processed for the purposes of performance analysis the data can be held by BPRCVS on our local secure server. Apex Hosting are the data controller.

Who Can Access The Data

BPRCVS and Apex Hosting can access the data stored on secure servers.

Data Security

All personal cookie data is stored safely on secure servers in an off-site location. Read the BPRCVS Cookie Policy to see how BPRCVS processes your cookies in more detail.

How Long Is Data Stored For

BPRCVS stores this data securely for an indefinite period of time.

When & How Is The Data Removed & Destroyed

BPRCVS don’t remove or destroy this information unless specifically requested to do so by the Data Subject.

 

…………………………………………………………………

 

Email Marketing

Purpose For Collecting & Storing Data

We collect and store personal data for the purpose of communicating with our clients, colleagues, members of the community and external organisations via email.

Basis For Processing Data

The lawful basis for processing data for the purpose of email marketing is consent for which you have completed a double opt in procedure.

What Data Do We Store

For the purpose of sending email newsletters and other email communications via MailChimp we store the following personal data:

Email Address*, Name, Organisation Name, and Region.

*This is the only piece of mandatory data required, all other data is optional and provided at the data subjects discretion.

Who Holds The Data

MailChimp is the data controller and BPRCVS is the data processor. You can view MailChimp’s privacy policy here to see how they process your data: https://mailchimp.com/legal/privacy/

Who Can Access The Data

BPRCVS and MailChimp can access the data provided when you subscribed to receive any of the BPRCVS email newsletters.

Data Security

All personal data is stored safely and securely on MailChimp’s servers.

How Long Is Data Stored For

Data is stored for as long you remain an active subscriber to BPRCVS newsletters.

When & How Is The Data Removed & Destroyed

You are in full control of the data stored. You can access your MailChimp account settings to amend your data and preferences at any time. You can also choose to unsubscribe at any time.

When you choose to unsubscribe your data is removed from MailChimp’s servers.

 

…………………………………………………………………

 

Social Media

Purpose For Collecting & Storing Data

For the purpose of communicating via social media platforms personal data is stored.

Basis For Processing Data

The lawful basis for processing data associated with social media is consent given by the individual when signing up to each respective social media platform.

What Data Do We Store

BPRCVS does not store any data in relation to your social media accounts and activity.

Who Holds The Data

Facebook, Twitter and YouTube are the data controllers.

View the Facebook privacy policy here: https://www.facebook.com/about/privacy/update

View the Twitter privacy policy here: https://twitter.com/en/privacy#update

View the YouTube privacy policy here: https://policies.google.com/privacy/update (Google own YouTube)

Who Can Access The Data

BPRCVS cannot access your personal data. See each respective privacy policy to find out who can access your data.

Data Security

Your personal data is stored safely and securely on each respective social media platforms servers.

How Long Is Data Stored For

See the respective privacy policies to find out how long each platform stores your data for.

When & How Is The Data Removed & Destroyed

See the respective privacy policies to find out how and when each platform removes and destroys your data.

 

…………………………………………………………………

 

Training

Purpose For Collecting & Storing Data

BPRCVS collects personal data for the purpose of recording attendees and contacting them in case of cancellations or if there’s a change of which attendees need to be notified.

We also record this data for the purpose of reporting outcomes to our funders.

Basis For Processing Data

The lawful basis for processing your personal data in regards to training events with BPRCVS is contractual agreement.

What Data Do We Store

We store the following personal data: Name, organisation/group name, phone number, email address and attendance status.

BPRCVS also keeps a copy of the attendance sheet used when signing in to the training event.

Evaluation forms completed at the conclusion of training contains no personal data or any means to identify a particular individual and therefore are exempt from GDPR.

Who Holds The Data

Only BPRCVS holds this data as the data controller.

Who Can Access The Data

The BPRCVS training coordinator only, however all BPRCVS staff have access to the CRM.

The information sent to funders when reporting contains no identifying data of individuals whom attended training events with BPRCVS, nor is the data pseudonymised or an alias created from which a data subject could be identified.

Data Security

When you make a booking your personal data is stored in two places; our CRM, and in an Outlook calendar.

The CRM is a safe and secure program located on external servers. Outlook is the email client used by BPRCVS and it’s installed on secure servers located on-site.

After the event has taken place personal data is stored in the form of an Attendance Sheet which is used to update the CRM records. The Attendance Sheet is stored in a secure, locked office.

How Long Is Data Stored For

We receive funding to deliver training to community groups and voluntary organisations in our localities. Data is stored for as long as our funder requires which is 7 years.

When & How Is The Data Removed & Destroyed

After the 7 years storage requirement as set by our funders has expired all records are removed from electronic systems and paper copies are wasted confidentially.

 

…………………………………………………………………

 

Community Connector Project

 

Connector Clients

Purpose For Collecting & Storing Data

BPRCVS use a Referral Form and an Initial Assessment Form to collect personal data and special category data which determines a client’s suitability for the project and enables BPRCVS Connectors to deliver the project to clients.

Basis For Processing Data

The lawful basis for processing this data is consent which was obtained at the referral stage of the project’s process.

What Data Do We Store

We collect and store the following personal data and special category data for Connector project clients:

Referral Form

Name, Address, Telephone Number, Email Address, Gender, Ethnicity, National Insurance Number, GP Name & Practice, NHS Number, Number Of GP Appointments, and Next Of Kin Emergency Contact Details.

Initial Assessment Form

Name, Date Of Birth, Gender, Email Address, Family & Friends Support Information, Living Arrangements, Health Information, and Hobbies & Interests.

Who Holds The Data

Only BPRCVS holds the personal data of clients registered with the Connector project as the data controller.

Who Can Access The Data

BPRCVS Connector staff can access the data. Some data is shared with East Lancashire Clinical Commissioning Group as they fund the project.

If a client was to move from the Burnley, Pendle or Rossendale localities into Hyndburn or Ribble Valley localities the client’ file would be transferred over to Hyndburn & Ribble Valley CVS if the client wished to remain a participant of the project.

All BPRCVS staff have access to staff calendars and therefore basic contact information of Connector clients.

Data Security

Personal data is stored safely and securely on file in a locked filing cabinet within a locked office. Personal data is also stored in a CRM which is safely and securely stored using off-site servers.

Outlook calendars contain basic contact details of clients. These are stored on secure, on-site servers.

As Connectors are outreach workers conducting home visits for example, it is necessary for them to carry either a client’s case file or contact details in order to deliver the Community Connector Project service. Where possible these files will be kept in a secure location and removed and restored upon completion of use.

How Long Is Data Stored For

BPRCVS are required to keep all data from the Community Connector project for a maximum of 7 years in line with East Lancashire Clinical Commissioning Group requirements.

When & How Is The Data Removed & Destroyed

Upon the conclusion of the funder’s storage requirement all client data is removed from all electronic systems and any paper copies are confidentially wasted.

 

 

Connectors Volunteers

Purpose For Collecting & Storing Data

BPRCVS collects and stores personal and special category data for the purpose of matching volunteers to clients, arranging appointments and so that Connectors staff has the means to contact volunteers. Furthermore we also collect next of kin data for the purpose of having a recognised emergency contact.

Basis For Processing Data

As a volunteer Connector you agreed to the processing of personal and special category data by way of consent given when signing a declaration on the Connector Volunteer Application Form.

What Data Do We Store

For volunteer Connectors to become a member of the project BPRCVS collects and stores the following personal data:

Connector Volunteer Application Form

Name, Date Of Birth, Gender, Address, Telephone Numbers, Email Address, Disability/Support Needs, Employment Status, Spent/Unspent Convictions, Driving Licence, References Information, and Next Of Kin Contact Details.

Who Holds The Data

Only BPRCVS holds this data as the data processor.

Who Can Access The Data

Only BPRCVS Connector staff have access to paper copies on file.

All BPRCVS staff with CRM access can access your personal data.

All BPRCVS staff may have access to your contact details if stored in Outlook calendars for the purpose of appointment management.

Data Security

Personal data is stored safely and securely on file in a locked filing cabinet within a locked office. Personal data is also stored in a CRM which is safely and securely stored using off-site servers.

Outlook calendars contain basic contact details of volunteers. These are stored on secure, on-site servers.

How Long Is Data Stored For

For as long as you volunteer with the project and for a maximum of 7 years in line with East Lancashire Clinical Commissioning Group requirements.

When & How Is The Data Removed & Destroyed

Paper files are confidentially wasted and electronic records are deleted after 7 years.

 

…………………………………………………………………

 

DBS

Purpose For Collecting & Storing Data

BPRCVS is a DBS registered body which means we can process DBS applications on behalf of other groups and organisations. Therefore we need to collect and store data in order to process DBS applications.

We use two forms to facilitate this operation: DBS Registration & Confidentiality Form; and DBS Contract.

Furthermore, we need to store this data for the issuing of invoices for payment of using the DBS service.

BPRCVS also stores completed DBS Applications Forms along with the Documentary Evidence Sheet. The purpose for this is in the instance of errors occurring so that such errors can be double checked.

Basis For Processing Data

The lawful basis for processing this data is a contractual agreement within which you agree to the terms and conditions of BPRCVS in regards to processing DBS applications.

What Data Do We Store

For the purpose of delivering this service we use a number of forms which collect personal and special category data:

DBS Registration Form (Inside BPR)

Group/Organisation Name, Telephone Number, Email Address, Nominated DBS Contact Information, Address, and Contact Preferences.

DBS Registration Form (Outside BPR)

Group/Organisation Name, Telephone Number, Email Address, Nominated DBS Contact Information, Address, Registered Charity Number, Company Number, Number Of Staff, Number Of Volunteers, and Contact Preferences.

DBS Contract

The names of authorised signatories only.

DBS Applications

Name, Previous Names, Current Address, Other Addresses, Date Of Birth, Place Of Birth, Gender, National Insurance Number, Driving Licence Number, Passport Number, Telephone Number, and Email Address.

Who Holds The Data

Only BPRCVS holds the data from the DBS Registration & Confidentiality Form and the DBS Contract.

BPRCVS and the DBS hold data from the DBS Application Form. DBS are the data controller and BPRCVS the data processor.

View the DBS privacy policy here: https://www.gov.uk/government/publications/dbs-privacy-policies

Who Can Access The Data

Only three members of BPRCVS staff responsible for processing DBS applications and services can access this data.

Data Security

All data obtained relating to DBS is stored safely and securely on file in a locked office.

How Long Is Data Stored For

All DBS related data is stored for as long as the group or organisation uses the DBS service.

Copies of DBS Application Forms are stored for up to 6 months after submission.

When & How Is The Data Removed & Destroyed

All data is stored for as long as you use the DBS service.

We will conduct an audit on an annual basis to determine whether any organisations no longer wish to use the DBS service at which point all files and records will be deleted and confidentially wasted.

All copies of DBS Application Forms are confidentially wasted at the end of the 6 month storage policy.

 

…………………………………………………………………

 

Volunteer Centre

 

Organisation Registration

Purpose For Collecting & Storing Data

BPRCVS collect and store data from organisations who wish to register with the BPRCVS Volunteer Centre for the purpose of promoting voluntary opportunities and recruiting volunteers.

Basis For Processing Data

Consent was given by completing a form and signing a declaration to allow BPRCVS to collect and store the data provided for the purposes of volunteering brokerage.

What Data Do We Store

For BPRCVS to effectively run the Volunteer Centre services we collect and store the following information:

Volunteer Centre Organisation Registration Form

Organisation/Group Name, Contact Name, Telephone Numbers, Email Address, Address, Website, Mission Statement, Aims Of Organisation, Volunteer Policy, Equal Opportunities Policy, Health & Safety Policy, and Public Liability Insurance.

Volunteer Centre Vacancy Info Sheet

Volunteer Vacancy, Organisation/Group Name, Address, Days & Hours Required, Volunteer Duties, Training Requirements, Preferred Skills, Qualities & Experience, Contact Person Name, Contact Telephone Number, Contact Email Address, Other Useful Information, and Additional Information.

Who Holds The Data

BPRCVS and the Do-it Trust hold this data. Do-it Trust are the data controller and BPRCVS the data processor.

Read the Do-it privacy policy to see how they process your data: https://do-it.org/about/privacypolicy

Who Can Access The Data

BPRCVS Volunteer Centre staff and Do-it have access to the data.

Data Security

The data provided from the Organisation Registration Form and Vacancy Info Sheet is stored in Outlook which is securely installed on on-site servers.

This data is also stored on the Do-it website and in the V Base database. Do-it stores data safely and securely on their own servers and the V Base database is stored safely and securely on BPRCVS on-site servers.

Any paper copies of forms not yet processed are stored securely in a locked filing cabinet in a locked office.

How Long Is Data Stored For

Forms returned via email and stored in Outlook are only kept for as long as the organisation remains active.

Data is stored on Do-it and in the V Base database and is publicly available for as long the opportunities remain active. When opportunities are no longer available they are marked as inactive and therefore are no longer visible publicly. Such data is stored until an audit is undertaken to determine which data needs to be removed. An audit is undertaken annually.

When & How Is The Data Removed & Destroyed

Paper copies are confidentially wasted when the data has been processed.

Emails stored in Outlook are deleted when the audit has been completed providing there are no remaining opportunities listed as active.

Data stored on Do-it and in the V Base database is removed upon completion of the annual audit providing there are no active opportunities.

 

 

Application Form

Purpose For Collecting & Storing Data

BPRCVS collect and store personal data and special category data from individuals who wish to register with the BPRCVS Volunteer Centre for the purpose of volunteering.

Basis For Processing Data

Consent was given by completing a form and signing a declaration to allow BPRCVS to collect and store the data provided for the purposes of volunteer recruitment.

What Data Do We Store

For BPRCVS to effectively arrange suitable voluntary positions for you we need to collect and store the following information:

Name, Address, Telephone Numbers, Email Address, Date Of Birth, National Insurance Number, Hours Of Availability, Employment Status, Ethnicity, and Relevant Skills & Experience.

Who Holds The Data

BPRCVS and V Base Cloud  produced and supported by Veda NFP Consulting Ltd on behalf of Do-it Trust hold this data. Do-it Trust are the data controller and BPRCVS the data processor.

Read the Do-it privacy policy to see how they process your data: https://do-it.org/about/privacypolicy

Who Can Access The Data

BPRCVS Volunteer Centre staff and Do-it have access to the data.

Suitable voluntary groups/organisations will be given your personal data for the express purpose of contacting you in relation to their voluntary positions.

Data Security

Applicaton Forms are stored in a locked filing cabinet within a locked office.

The V Base Cloud is hosted on secure servers off-site.

How Long Is Data Stored For

BPRCVS are required to store this data for 5 years as per our funder’s requirements.

When & How Is The Data Removed & Destroyed

Upon completion of funder’s storage requirements your data is removed from all electronic systems and any paper copies are confidentially wasted.

 

…………………………………………………………………

 

Strengthening Communities – Volunteering In Lancashire (SCVL)

Purpose For Collecting & Storing Data

This project uses a variety of documents to collect and store data necessary for the running of the project. The purpose of these documents is to determine involvement with the project; to enter participants into the project; to monitor and provide support to participants; to record participant progress; and to record participant wellbeing.

Basis For Processing Data

Consent is given by you when joining the project by completing and signing a declaration giving permission to collect and store the required data for the purpose of the SCVL project.

What Data Do We Store

This project uses a number of different forms to collect personal data that we are required by our funder to store for processing.

Participant Entry Form

Full Name, National Insurance Number, Participant Reference Number, Project Start Date, Referral Information, Additional Information, Gender, Date Of Birth, Address, Telephone Numbers, Email Address, Ethnicity, Eligibility, Employment Status, Benefits Information, Qualifications, Housing Information, Parenting Information, Offender Information, and Health Information.

Basic Engagement Form

Full Name, National Insurance Number, Date Of Birth, Address, Telephone Numbers, Email Address, Ethnicity, Support Needed Information, and Circle Of Support Scores.

Circle Of Support Action Plan

Full Name, Circle Of Support Scores, Action Plan, and Additional Case Notes.

Ways To Wellbeing Survey

Full Name, Date Of Birth, VIEWS Reference Number, GP Surgery, Medical Appointment History, and Wellbeing Information.

Participant Exit Form

Full Name, National Insurance Number, Participant Reference Number, Project Leaving Date, Achievements, Education/Training Information, Employment Information, Qualifications, Job Search Information, Employment Status, and Feedback.

Who Holds The Data

BPRCVS and Views hold the data for participants involved in the project. Views are the data controller and BPRCVS are the data processor.

Who Can Access The Data

BPRCVS, Views and Community CVS can access the data through the shared cloud portal.

Data Security

All data contained in paper records are stored safely and securely in lockable BPRCVS file storage within a locked office.

We use Views CRM Database to store electronic records of data. This is a secure cloud based database hosted on secure, off-site servers.

How Long Is Data Stored For

All data collected, stored and processed for the SCVL project is stored for as long as the funder requires it. This is 7 years.

When & How Is The Data Removed & Destroyed

Upon completion of the funder’s storage requirements all electronic records are to be deleted and all paper files are to be confidentially wasted.

 

…………………………………………………………………

 

Group Support

Purpose For Collecting & Storing Data

In order for BPRCVS to support groups and organisations effectively we need to collect and store some personal data from each respective group or organisation.

Basis For Processing Data

Where personal data is stored, consent is sought and given by completing and signing a consent form.

We may also store other groups and organisations in our database if they are publicly listed or having removed all personal data from the record.

What Data Do We Store

We typically collect and store the following data: Group/Organisation Name, Contact Name, Contact Email, Contact Telephone Number, Address, Area Of Operation, Registered Charity Number, Company Number, Number Of Volunteers & Hours, Number Of Staff, and Who The Group/Organisation Works With.

Additionally for the purposes of internal monitoring we record activities on our CRM undertaken with a group or organisation by a given member of staff.

Who Holds The Data

Only BPRCVS holds this data as the data controller.

Who Can Access The Data

All BPRCVS who have CRM access can access an organisation’s or group’s data.

Data Security

We use a safe and secure CRM to store all data. The CRM is installed on a secure, non-forward facing, web domain on secure servers.

How Long Is Data Stored For

The data is stored for up to 7 years in line with our funder’s requirements.

When & How Is The Data Removed & Destroyed

After 7 years has expired all electronic records will be permanently deleted and all paper copies confidentially wasted unless ongoing support is still being provided.

 

…………………………………………………………………

 

Young Carers

Purpose For Collecting & Storing Data

BPRCVS must collect and store personal and special category data about children, parents/guardians and families to register children onto the Young Carers project.

Basis For Processing Data

The lawful basis for processing the majority of this data is the contractual agreement to which was entered when registering for the project.

However upon initial assessment and discussions with parents/guardians consent is sought in the initial instance.

What Data Do We Store

The Young Carers project stores a range of data and collects this data via a number of different forms.

Referral Form

Referrer’s Name, Referrer’s Address, Referrer’s Contact Numbers, Referrer’s Email Address, Young Carer’s Name, Young Carer’s Address, Young Carer’s Phone Number, Young Carer’s Email Address, Young Carer’s Date Of Birth, Care Receiver’s Name, Care Receiver’s Date Of Birth, Care Receiver’s Relationship, Care Receiver’s Care Situation, Ethnicity, School Contact Information, Other Household Member’s Name, Other Household Member’s Relationship, Other Household Member’s Date Of Birth, and Tasks Carried Out By Young Carer.

Initial Assessment Form

Young Carer’s Name, Young Carer’s Phone Number, Young Carer’s Email Address, Name Of Person Cared For, Health Condition Of Cared For Person, Names Of Other Household Members, Age Of Other Household Members, Relationship To Other Household Members, Names Of Other Care Providers, Caring Jobs Completed, Family/Friends Information, School/College Information, Further Referrals Needed,

Parent/Guardian Information Form

Parent/Guardian Name, Parent/Guardian Address, Parent/Guardian Date Of Birth, Parent/Guardian Diagnosis, Names Of Other Family Members, Date Of Birth Of Other Family Members, Relationship To Other Family Members, Contact Details Of Other Professional Agencies, Friends & Family Support Information, Child’s Caring Role, Young Carer’s Health Information, Young Carer’s Education Information, Young Carer’s Interests & Hobbies, Parental/Guardian Consent, Ethnic Origin, and Preferred Language/Means Of Communication.

Parent/Guardian Consent Form

Young Carer’s Name, Young Carer’s Address, Young Carer’s Phone Number, Young Carer’s Date Of Birth, Emergency Contact Number, Young Carer’s Allergy Information, Young Carer’s Dietary Requirements, Young Carer’s Medical Conditions, Young Carer’s Medication, Consent To Emergency Medical Treatment, Name Of Young Carer’s GP, GP Telephone Number, Swimming Information, Young Carer’s Needs & Limitations, Photographic Consent, and Parent/Guardian Name.

Photo Consent

Parental/Guardian Consent, Young Carer’s Name, Young Carer’s Address, Young Carer’s Phone Number, Young Carer’s Date Of Birth, and Name Of Parent/Guardian.

Who Holds The Data

BPRCVS holds this data as the data controller.

Who Can Access The Data

Only BPRCVS Young Carers project staff have access to this data.

Data Security

All paper copies of files, forms and records are stored safely and securely in a locked filing cabinet within a locked office.

All electronic records are stored in an Access database which is saved on a secure on-site server.

How Long Is Data Stored For

All data is stored for as long as a young person is an active project participant and in line with our funder’s requirement which is 5 years.

When & How Is The Data Removed & Destroyed

Upon exiting from the project all electronic records are deleted and paper copies are archived in file storage. After the conclusion of the funder’s storage requirements all paper records are then confidentially wasted.

 

…………………………………………………………………

 

Communicars

 

Communicars Passengers

Purpose For Collecting & Storing Data

BPRCVS collects and stores personal data and special category data for the purpose of registering passengers onto the Communicars service.

Basis For Processing Data

The lawful basis for processing your data is contractual agreement to which you agreed when registering with the service.

What Data Do We Store

We store the following personal data for all passengers:

Name, Address, Telephone Number, Date Of Birth, Disabilities/Health Conditions, Blue Badge Holder, and Emergency Contact.

Who Holds The Data

BPRCVS and Shaunsoft hold this data. BPRCVS are the controller of this data. Shaunsoft are the data processor.

Who Can Access The Data

BPRCVS Communicars staff have access to this data and the Shaunsoft cloud based database staff have access too.

Data Security

Your personal data is stored in a secure cloud based database.

How Long Is Data Stored For

We only keep your personal data for as long as you remain a Communicars passenger.

If you have not used the service in 12 months we will automatically delete your personal data. This does not affect your statutory rights and you are able to register again in the future.

When & How Is The Data Removed & Destroyed

Upon your exit from the service BPRCVS delete all records from the Shaunsoft cloud based database.

 

 

Communicars Drivers

Purpose For Collecting & Storing Data

BPRCVS collects and stores personal data and special category data for the purpose of registering people as volunteer drivers for the Communicars service.

Basis For Processing Data

The lawful basis for processing your data is contractual agreement to which you agreed when registering with the service.

We also have a legal obligation to store some personal data, in particular related to you and your vehicle such as driving licence, insurance and tax documents, and MOT certificates.

What Data Do We Store

From the Volunteer Driver Application Form we store the following data:

Name, Address, Telephone Number, Email Address, Date Of Birth, Car Registration Number, Car Make, and Car Model

We also store the following driver documents:

Driving licence

Insurance documents

Tax documents

MOT certificates

Who Holds The Data

BPRCVS and Shaunsoft cloud based database hold this data. BPRCVS are the controller of this data. Shaunsoft are the data processor.

Who Can Access The Data

BPRCVS Communicars staff have access to the paper copies and Excel workbook of this data and the Shaunsoft cloud based database staff have access to the driver’s data stored on the cloud.

Data Security

BPRCVS store the original paper copies of the Volunteer Driver Application Form and driver documents in a secure, locked drawer within a locked office.

BPRCVS also store driver’s personal data on a cloud based database and an Excel workbook.

How Long Is Data Stored For

BPRCVS Communicars only keep your data stored for as long as you remain a Communicars Volunteer Driver.

When & How Is The Data Removed & Destroyed

Upon your exit from the service all paper copies of your data are confidentially wasted and your data is removed from the cloud based database and Excel workbook.

 

…………………………………………………………………

 

Room Bookings – The CVS Centre & Gannow Community Centre

Purpose For Collecting & Storing Data

BPRCVS collects and stores data for the purpose of processing room bookings at The CVS Centre and Gannow Community Centre. It is also necessary to store this data for the purpose of issuing invoices to cover charges and payments.

Basis For Processing Data

The lawful basis for processing this data is contractual agreement which you agreed to when completing the Room Booking form.

What Data Do We Store

For both centres we store the following personal data:

Name, Organisation Name, Address, Telephone Number, Email Address, and Invoice Name & Address

Who Holds The Data

Only BPRCVS holds the data as the data controller.

Who Can Access The Data

Reception staff at BPRCVS and the finance department has access to this data.

All BPRCVS staff have access to the Outlook calendar which forms part of the room booking system.

Data Security

Room Booking forms are stored on file in a secure, locked filing cabinet.

Contact details are stored in an Outlook calendar which forms part of our room booking system. Outlook is stored on a secure server on-site.

How Long Is Data Stored For

BPRCVS store this data for up to a maximum of 12 months after your booking.

When & How Is The Data Removed & Destroyed

After 12 months from the date of your booking the form is removed from file storage and confidentially wasted.

 

…………………………………………………………………

 

Tenancy

Purpose For Collecting & Storing Data

BPRCVS collects and stores data for the purpose of processing tenancy at The CVS Centre. It is also necessary to store this data for the purpose of issuing invoices to cover charges and payments.

Basis For Processing Data

The lawful basis for processing this data is contractual agreement which you agreed to when completing the Tenancy Agreement.

What Data Do We Store

The Tenancy Agreement only contains a date and signature. We do however need to store additional details for the purpose of invoicing. This includes: Group/Organisation Name, Contact Name, Contact Details, and Address.

Who Holds The Data

Only BPRCVS holds this data as the data controller.

Who Can Access The Data

The centre manager, reception staff and the finance department has access to this data.

Data Security

Tenancy Agreements are stored on file in a secure, locked filing cabinet within a locked office.

Invoices are stored on file in a secure, locked filing cabinet within a locked office.

How Long Is Data Stored For

BPRCVS store this data for up to a maximum of 12 months after your tenancy expires.

Invoices are stored for a maximum of 7 years from the date of issue.

When & How Is The Data Removed & Destroyed

After 12 months from the date your tenancy expires all records are removed from file storage and confidentially wasted.

 

…………………………………………………………………

 

Payroll

Purpose For Collecting & Storing Data

It is necessary to collect and store this data to enable BPRCVS Payroll Service to complete payroll functions on behalf of your organisation.

Basis For Processing Data

The lawful basis for processing this data is contractual agreement which you agreed to when completing the Payroll Service Agreement.

What Data Do We Store

For the purpose of processing payroll on behalf of your organisation it is essential that we store the following personal data:

Employer

Organisation/Group Name, Address, Telephone Number, Fax Number, Email Address, Contact Person Name & Telephone Numbers, Secondary Contact Name, Secondary Contact Telephone Numbers, Tax District & Reference Number, Accounts Office Reference, and Authorised Signatories.

Employee

Organisation/ Group Name, Name, Address, Date Of Birth, Employment Start Date, Tax Code, National Insurance Number, Marital Status, Gender, Salary, Pension Contribution, P11, P45, and P46.

Who Holds The Data

Only BPRCVS holds this data as the data processor. The respective organisations are the data controller.

Who Can Access The Data

The BPRCVS finance department are the only staff who have access to this data.

Data Security

The data is stored and processed using secure payroll software installed on a secure, on-site server.

Completed paper forms are stored in file storage in a locked filing cabinet in a locked office.

Some completed documents are stored on hard drives of finance department computers which are connected to a secure, on-site server and password protected.

How Long Is Data Stored For

Personal data is stored for as long as an organisation uses the BPRCVS Payroll Service.

We also keep copies of accounts from each organisation on-site. We store 12 months’ worth before asking each organisation to come and collect their records.

Account summary reports are stored indefinitely in case queries or issues are raised.

When & How Is The Data Removed & Destroyed

Personal data relating to both employers and employees stored on paper forms will be confidentially wasted upon leaving the Payroll Service.

Personal data stored electronically is deleted upon leaving the Payroll Service.

 

…………………………………………………………………

 

The CVS Centre Volunteer Application Form

Purpose For Collecting & Storing Data

BPRCVS collects and stores personal data obtained from prospective volunteers applying for reception opportunities at The CVS Centre. This enables us to conduct interviews and recruit volunteers.

Basis For Processing Data

The lawful basis for processing this data is contractual agreement.

What Data Do We Store

BPRCVS collects and stores the following data:

Name, Gender, Date Of Birth, Address, Telephone Numbers, Email Address, Availability, Skills, Disabilities Or Significant Illnesses, Personal Reference Details, Employment Status, Ethnicity, and Prosecutions Pending Or Unspent Convictions.

Who Holds The Data

Only BPRCVS holds this data as the data controller.

Who Can Access The Data

Only the BPRCVS reception team can access this information.

Data Security

All applications received are stored safely and securely on file in a locked filing cabinet within a locked office.

How Long Is Data Stored For

The data is only stored for as long as the individual remains a volunteer for BPRCVS.

When & How Is The Data Removed & Destroyed

Upon a volunteer’s exit from the company the paper files are confidentially wasted.

 

…………………………………………………………………

 

BBO Projects

Purpose For Collecting & Storing Data

For individuals to participate in any of the BBO projects it is necessary to collect and store personal, and in some cases, special category data. The data collected enables BPRCVS and other project partners to determine whether a participant is viable for the project based on pre-determined criteria.

Basis For Processing Data

The lawful basis for processing this data is contractual agreement to which you agreed to.

What Data Do We Store

BPRCVS needs to collect and store the following data for each respective project.

BBO1 – Age Of Opportunity

For this BBO project BPRCVS only collects the individuals name, address and contact details for the purpose of referring to Age UK. All other BBO1 project forms are completed by Age UK with the exception of the form below.

Life Circle

The purpose of this form is to determine eligibility for the project. The only personal and identifiable data collected and stored in this form is the Participant Name. The form collects data associated with personal opinions on the following topical areas: Education & Training, Motivation, Self-Care, Money & Budgeting, Support Networks, Wellbeing, Physical Health, Housing, Confidence, and Employment.

BBO3 – Changing Futures

Participant File

We collect and store your Name, National Insurance Number and a Customer Reference Number used to identify you.

Annex H – Participant Entry Form

We collect and store the following data:

Participant Name, National Insurance Number, Customer Reference Number, Start Date, Previous Involvement With Another BBO Project, Gender, Date Of Birth, Address, Telephone Numbers, Email Address, Ethnicity, Eligibility, Employment Status, Education, Qualifications, Household Situation Details, Criminal Convictions, Disabilities & Long Term Health Conditions, Sexual Orientation, and a Declaration.

Annex I – Participant Progress Form

We collect and store the following data:

Participant Name, National Insurance Number, Customer Reference Number, Start Date, Details Of Activities Undertaken, and a Development Action Plan.

Annex J – Participant Exit Form

We collect and store the following data:

Participant Name, National Insurance Number, Customer Reference Number, Leaving Date, Project Exit Results, Education & Training Details, Employment Or Self-Employment Details, Job Search Details, Employment Status On Leaving, and a Declaration.

Annex N – Participant Expenses, Allowances & Incentives Form

We collect and store the following data:

Participant Name, National Insurance Number, Customer Reference Number, Expense Details, Expense Evidence, Allowances & Incentives, and a Declaration.

Confirmation Of Starting Employment (Result) Form

We collect and store the following data:

Employer Name, Employer Address, Employee Name, Started Work Date, Position, and Signatory.

Confirmation Of Starting Education Or Training (Result) Form

We collect and store the following data:

College/Training Provider Name, College/Training Provider Address, Student Name, Started Learning Date, Course Title, and Signatory.

Confirmation Of Employment Status (3rd Party) Form

We collect and store the following data:

Participant Name, Participant Address, Name Of Third Party, Address Of Third Party, Occupation Of Third Party, Organisation Represented, Capacity In Which Applicant Is Known, Length Of Time Applicant Has Been Known, and a Declaration.

Confirmation Of Employment Status (Self-Certification) Form

We collect and store the following data:

Participant Name, Participant Address, Participant Declaration, and the Reasons For Self-Declaration.

Life Circle

The only personal and identifiable data collected and stored in this form is the Participant Name. The form collects data associated with personal opinions on the following topical areas: Education & Training, Motivation, Self-Care, Money & Budgeting, Support Networks, Wellbeing, Physical Health, Housing, Confidence, and Employment.

BBO4 – ReachIT

The only data BPRCVS store is the names of persons identified to partake in Digital Champion training. Contact the organisation you registered as a participant with for how they collect and store your data.

Who Holds The Data

BPRCVS are the processors of this data. Age UK also process BBO1 – Age Of Opportunity Data. The controllers of this data are Selnet (BBO1 – Age Of Opportunity & BBO3 – Changing Futures) and WEA (BBO4 – ReachIT).

Who Can Access The Data

Selnet, Age UK and BPRCVS can access the data collected and stored for the BBO1 – Age Of Opportunity project.

Selnet and BPRCVS can access the data collected and stored for the BBO3 – Changing Future project.

WEA and BPRCVS can access the data collected and stored for the BBO4 – ReachIT project.

Big Lottery Fund and the E.U. may also be privy to some of the data collected as partner organisations are required to report in-depth about the project.

Data Security

All paper copies are filed away safely and securely in a locked filing cabinet within a locked office. All electronic records are stored safely and securely on an off-site server using a CRM program called Views for BBO1 and BBO3. BBO4 files are stored using a different CRM system called I-Web Storage.

How Long Is Data Stored For

The data is stored in line with funder’s requirements for a maximum of 11 years.

When & How Is The Data Removed & Destroyed

Upon conclusion of the 11 year storage period for E.U. funded projects all paper copies stored on file will be confidentially wasted and all electronic records permanently deleted from the Views CRM.

 

…………………………………………………………………

 

ESOL

Purpose For Collecting & Storing Data

BPRCVS are not responsible for the collection of data associated with this project, but we do store basic contact details for each family. BPRCVS make take photos of events and activities undertaken as part of the project. In this instance BPRCVS will seek consent prior to processing photos.

Basis For Processing Data

The basis for processing this data is contractual agreement.

When processing photos of events, etc. the basis for this processing is consent.

What Data Do We Store

BPRCVS only stores names, addresses and contact details for each family on the project. We may also store a photo consent form containing a signature and date.

Who Holds The Data

BPRCVS holds this data along with Calico. BPRCVS are the data processor and Calico are the data controller.

Who Can Access The Data

Calico are the data controller and BPRCVS the data processor for this project. As such Calico have access to all data provided for this project. Only BPRCVS ESOL workers have access to the personal data stored.

Data Security

All personal data is stored safely and securely on file in a locked office.

How Long Is Data Stored For

The data will be stored for the length of the project – until August 2019.

When & How Is The Data Removed & Destroyed

Upon completion of the project BPRCVS will remove all records from our files. All paper copies will be confidentially wasted and any electronic records permanently deleted.

 

…………………………………………………………………

 

Job Applications

Purpose For Collecting & Storing Data

It is essential that BPRCVS collect and store personal and special category data for the purpose of reviewing and assessing candidates, contacting for interviews and recruiting into post.

Basis For Processing Data

The lawful basis for processing job applications is contractual agreement.

What Data Do We Store

For the purpose of processing job applications we store the following data:

Name, Address, Telephone Numbers, Email Address, Present/Most Recent Employer Name Details Including Salary, Education History, Qualifications, Training, Past Employment Details, Driving Licence, References Details, Disabilities Or Significant Illnesses, Criminal Convictions, and Equal Opportunities Information Including Sexual Orientation, Disability & Ethnicity,

Who Holds The Data

Only BPRCVS holds this data as the data controller.

Who Can Access The Data

Only BPRCVS can access this data for processing.

Data Security

All applications are stored safely and securely in a locked filing cabinet within a locked office.

How Long Is Data Stored For

BPRCVS stores all job applications for 5 years.

When & How Is The Data Removed & Destroyed

Upon completion of the 5 year storage period all job applications are confidentially wasted.

If you have selected the option to not to be stored beyond the deadline of the job for which you have applied your application will be confidentially wasted after the recruitment process has been completed.

 

…………………………………………………………………

 

Membership Applications

Purpose For Collecting & Storing Data

BPRCVS are a member-led organisation and as such we are required to store the details of all members of our organisation. In addition to this some of our services are member only and we need to store details as proof of access to such services. Furthermore we require the contact details of all members to invite them to the AGM.

Basis For Processing Data

Consent has been given by completing and signing a declaration on the Membership Application form.

What Data Do We Store

For the purpose of recording BPRCVS members we require to store the following data:

Group/Organisation Name, Membership Contact Person, Membership Contact Details, Group/Organisation Address, Contact Preferences, Area Of Operation, Registered Charity Number, Company Number, Number Of Volunteers & Hours, Number Of Staff, Services Provided, and the Group/Organisation’s Aims.

Who Holds The Data

Only BPRCVS store this data as the data controller.

Who Can Access The Data

BPRCVS administrative staff are processors of this data, however as it is stored on the CRM all staff can access the data.

Data Security

All data is stored safely and securely using the following methods:

Paper copies are stored on file in a secure office that is locked when empty.

Data is extrapolated from the form and stored in a CRM. The CRM is hosted on a secure, off-site server that has no public domain. Regular backups are taken for additional security. These backups are stored securely on BPRCVS servers which are located on-site.

Forms returned via email are stored in Outlook on a secure, on-site server.

How Long Is Data Stored For

BPRCVS stores membership data for a minimum of 2 years; 1 year active and 1 year lapsed.

The maximum amount of time depends on how long you remain a member of BPRCVS.

When & How Is The Data Removed & Destroyed

If membership is not renewed after the lapsed year the paper copy is destroyed in confidential waste and the record is removed from the CRM.

Periodically, dated CRM backups will be deleted from the servers.

Upon completion of processing the form any emails containing Membership Application data will be deleted.

 

 

Membership Renewals

Purpose For Collecting & Storing Data

BPRCVS collects and stores membership renewal data for the purpose of determining whether you are an active or lapsed member.

Moreover the annual renewal process enables BPRCVS to maintain accurate records.

Basis For Processing Data

Consent has been given by completing and signing a declaration on the Membership Renewal form.

What Data Do We Store

For the purpose of recording BPRCVS membership renewals we require to store the following data:

Group/Organisation Name, Membership Contact Person, Membership Contact Details, Group/Organisation Address, Contact Preferences, Area Of Operation, Registered Charity Number, Company Number, Number Of Volunteers & Hours, Number Of Staff, Services Provided, and the Group/Organisation’s Aims.

Who Holds The Data

Only BPRCVS store this data as the data controller.

Who Can Access The Data

BPRCVS administrative staff are processors of this data, however as it is stored on the CRM all staff can access the data.

Data Security

All data is stored safely and securely using the following methods:

Paper copies are stored on file in a secure office that is locked when empty.

Data is extrapolated from the form and stored in a CRM. The CRM is hosted on a secure, off-site server that has no public domain. Regular backups are taken for additional security. These backups are stored securely on BPRCVS servers which are located on-site.

Forms returned via email are stored in Outlook on a secure, on-site server.

How Long Is Data Stored For

BPRCVS stores membership data for a minimum of 2 years; 1 year active and 1 year lapsed.

The maximum amount of time depends on how long you remain a member of BPRCVS.

When & How Is The Data Removed & Destroyed

If membership is not renewed after the lapsed year the paper copy is destroyed in confidential waste and the record is removed from the CRM.

Periodically, dated CRM backups will be deleted from the servers.

Upon completion of processing the form any emails containing Membership Renewal data will be deleted.

 

…………………………………………………………………

 

Organisation Registration

Purpose For Collecting & Storing Data

BPRCVS store organisation and group contact details for the ease of accessing contact details in one central location. This enables BPRCVS to easily contact groups and organisations with whom we may work. Furthermore storing this data enables BPRCVS to signpost potential clients, service users, customers, etc. to your organisation, group, project or service.

Some contact details are publicly listed and therefore no consent has been sought as long as there is no personal data in the record. Where personal data exists BPRCVS seeks consent to store the data. BPRCVS also seek consent to signpost persons to your organisation or group.

Basis For Processing Data

Consent has been given by completing and signing a declaration on the Organisation Registration form.

What Data Do We Store

Group/Organisation Name, Membership Contact Person, Membership Contact Details, Group/Organisation Address, Contact Preferences, Area Of Operation, Registered Charity Number, Company Number, Number Of Volunteers & Hours, Number Of Staff, Services Provided, and the Group/Organisation’s Aims.

Who Holds The Data

Only BPRCVS store this data as the data controller.

Who Can Access The Data

All BPRCVS staff are able to access the data.

Data Security

All data is stored safely and securely using the following methods:

Paper copies are stored on file in a secure office that is locked when empty.

Data is extrapolated from the form and stored in a CRM. The CRM is hosted on a secure, off-site server that has no public domain. Regular backups are taken for additional security. These backups are stored securely on BPRCVS servers which are located on-site.

Forms returned via email are stored in Outlook on a secure, on-site server.

How Long Is Data Stored For

As storing organisation and group details is a crucial aspect of BPRCVS’ business operations we store all records that contain no personal data indefinitely, unless a periodic audit determines that the organisation or group is no longer in operation or suitable for BPRCVS to work with.

Records where personal data exists will be audited annually. The Organisation Registration form will be distributed to all organisations and groups found in the CRM. Upon receipt of this form your record will be amended where necessary.

Forms returned via email and stored in Outlook will be kept in this location until processing occurs.

When & How Is The Data Removed & Destroyed

You, the data subject, can request to have data amended, or removed and destroyed at any time by submitting a data subject access request.

From the annual audit, if we don’t receive the Organisation Registration form back from you by the date given this will lead to your record being permanently removed from the CRM. This also applies to paper copies stored on file. Paper copies are destroyed in confidential waste.

Periodically, dated CRM backups will be deleted from the servers.

Upon completion of processing the form any emails containing Organisation Registration data will be deleted.

 

…………………………………………………………………

 

Funding

Purpose For Collecting & Storing Data

When applying for funding from any BPRCVS administered funding programme it is necessary to collect and store personal data in order to determine the award of funding based on the respective criteria.

Basis For Processing Data

The basis for processing data is a contractual agreement which you entered when applying for funding. This applies to all BPRCVS administered funding programmes.

What Data Do We Store

In order to process applications for funding it is necessary to collect and store personal data:

East Lancashire Clinical Commissioning Group Prescription For Wellbeing Funding Programme

Group/Organisation Name, Group/Organisation Address, Numbers Of Staff, Numbers Of Volunteers, Legal Status, Charity Number, CIC Number, Names Of People In Group/Organisation, Contact Name, Contact Address, Contact Preferences, Bank Details, and Project Related Details.

Gannow Big Local Community Fund

Group/Organisation Name, Group/Organisation Address, Numbers Of Staff, Numbers Of Volunteers, Names Of People In Group/Organisation, Contact Name, Contact Address, Contact Preferences, Bank Details, Project Related Information, and Financial Details.

Gannow Big Local Community Event Fund

Group/Organisation Name, Group/Organisation Address, Numbers Of Staff, Numbers Of Volunteers, Names Of People In Group/Organisation, Contact Name, Contact Address, Contact Preferences, Bank Details, Event Information, and Financial Details.

Eric Wright Charitable Trust Grant

Group/Organisation Name, Group/Organisation Address, Numbers Of Staff, Numbers Of Volunteers, Annual Turnover, Names Of People In Group/Organisation, Contact Name, Contact Address, Contact Preferences, Bank Details, Project Details, and Financial Details.

Cliviger Community Benefit Fund

Group Name, Project/Activity Name, Address, When Group Was Established, How Many People Are Involved In The Group Including Volunteers, Staff, Committee & Members, Details Of Larger Organisation (if part of), Information Regarding Previous Grant From Cliviger Fund, Contact Name, Contact Address, Contact Telephone Numbers, Contact Email, Bank/Building Society Name & Address, Project Details, Financial Details, and Declaration Signatories.

The Distress Fund

Parents Names, Children’s Names, Address, Dates Of Birth, and Personal Circumstances

Who Holds The Data

Only BPRCVS holds the data as the data controller for all funds except the Distress Fund, of which Lancashire County Council is the data controller.

Who Can Access The Data

Only the BPRCVS funding officer has complete access to this data except the Distress Fund, which is accessible by BPRCVS’ finance department. Lancashire County Council and our accountants, Ashworth Moulds, also have access to Distress Fund data.

Where funding applications are awarded via a panel, the members of the panel will have temporary access to the data.

Data Security

All application data on paper, successful or otherwise, are stored safely and securely in a locked filing cabinet within a locked office.

Some personal data may be recorded in electronic systems such as email and databases, both of which are stored on secure servers.

Distress fund applications are received from referral agencies via secure encrypted email. Personal data is stored on a secure Lancashire County Council database. BPRCVS do not store any of this data electronically.

How Long Is Data Stored For

The data is only stored for as long as each funder requires, of which is a maximum of 7 years for all.

When & How Is The Data Removed & Destroyed

All Distress Fund data accessible by BPRCVS via the Lancashire County Council database are automatically deleted periodically.

All paper copies of Distress Fund applications are removed and confidentially wasted after 7 years.

Data from unsuccessful Distress Fund applications is removed and deleted from our email system upon the unsuccessful outcome.

For all other funding applications where the outcome was unsuccessful the paper and electronic records containing personal data are removed, deleted and confidentially wasted at the end of each calendar year.

When the funding application is successful the records are removed, deleted and confidentially wasted in line with our funder’s requirements.

 

…………………………………………………………………

 

Events

Purpose For Collecting & Storing Data

When we organise and/or host events it can be necessary to collect, process and store personal data in relation to the event.

Basis For Processing Data

Depending upon the event in question the lawful basis for processing will either be consent or contractual agreement. Please refer to the original document you completed associated with the respective event for the specific lawful basis; if consent is not being asked for you can automatically assume the lawful basis as contractual agreement, unless otherwise stated.

What Data Do We Store

The data we collect and store for processing will vary depending upon the type and nature of the event.

Typically we would collect the following personal data (not all data will be collected for every event):

Name, Address, Date Of Birth, Phone Number, Email Address, Locality, Group/Organisation Name, Group/Organisation Address, and Group/Organisation Contact Details.

If you have any specific queries relating to data being stored from a BPRCVS event please contact the event organiser via the contact details on the sign-up forms, registration documents, marketing materials or other promotional materials and content.

Who Holds The Data

Only BPRCVS store this data as the data controller.

Who Can Access The Data

The relevant BPRCVS event staff are able to access the data.

Data Security

All data is stored safely and securely using one or more of the following methods:

Paper copies are stored on file in a secure office that is locked when empty.

Data is extrapolated from the form and stored in a CRM. The CRM is hosted on a secure, off-site server that has no public domain. Regular backups are taken for additional security. These backups are stored securely on BPRCVS servers which are located on-site.

Forms returned via email are stored in Outlook on a secure, on-site server.

How Long Is Data Stored For

BPRCVS store personal data associated with events for as long as our funder’s require it. This can vary and will be dependent upon the funder in question. Typically this will range from 5-7 years.

If it is not directly associated with one of our funder’s then BPRCVS store all records pertaining events for a period of 5 years.

When & How Is The Data Removed & Destroyed

Upon conclusion of the either the funder’s or BPRCVS’ storage requirements all records, paper and electronic, will be confidentially wasted and removed from any electronic storage solutions.

 

…………………………………………………………………

 

BPRCVS Privacy Policy – Last Updated 14/08/2018 – Version 1.4