PRIVACY POLICY

The security and privacy of our visitors is very important to us. Here is some information as to why we use your personal data and keeping you up to date so that you can feel safe and secure about handing your information over to us.

We will use your data to help the improvement of our services so that we can share relevant opportunities and information with you. We will also respect your privacy and make sure that we meet strict regulatory requirements. We don't, nor will we ever, sell your personal information to third parties organisations. We will always make sure that you know how we use your data and what options you have. If the "General Data Protection Regulation" (or GDPR) or any related laws do change, we will amend this statement in the future.

We collect any personal information that identifies you, which includes your name, address, phone number, date of birth, age, gender, employment status, demographic information, personal description, CCTV images, opinions, usernames and passwords or email address. We make sure that we only collect personal data that we need and we make sure that you know that we are doing it. 

We will also automatically collect some of your data if you use our digital services such as the website. This may include the pages that you've visited, information about the device or browser you are used while on the website, as well as any errors you encountered, if any, and any data relating to any online transactions such as the order number of donations, if you choose to do so.

Sensitive personal data - We may sometimes collect and use "sensitive" personal data on our employees and volunteers. This is classed as information such as racial or ethnic origin, union membership, sexual life, religious or similar beliefs, criminal allegations, proceedings or convictions, physical or mental health, as well as political opinions. We will use this to research whether we deliver great experiences for everyone, but this is only ever analysed as a whole rather than by individual.

Volunteers - If you decide to volunteer with us, we will collect your information, such as criminal records, emergency contacts, references, and medical conditions. We keep this for legal reasons, and safeguarding reasons.​

CCTV - Our location has Closed Circuit Television and you will be recorded when you visit. CCTV is used solely for the security and protection of our staff. CCTV will be viewed if and when it is necessary. 

We will manage research and analysis on the information that we hold which will then create further personal data. This may help us pinpoint which of our events and activities may be suited towards you. 

We will only use your personal data on relevant lawful grounds as allowed by adhering to the EU General Data Protection Regulation and Privacy of Electronic Communication Regulation.

When you become a tenant of Llanrumney Hall Community Trust, we will use your personal information in regards to our contract with you. This includes sending rental invoices, tenant and landlord correspondence, as well as contacting you with information about issues regarding your lease and/or license. We will not pass your details to third parties except where you have provided clear permission or where we believe we need to do so in order to fulfill our landlord responsibilities.

We will use the location data you provide us by accessing our website. If you let your device share this information with us, we will use it to try and personalise your experience with us. 

We do not, nor will be ever, sell your personal information to a third party organisation.

We may need to share your information with partners that will allow them to perform specific services on our behalf. We have contracts in place with suppliers, which ensure that they comply with the General Data Protection Regulation and The Privacy and Electronic Communications Regulations (or PECR), and to ensure that they have robust systems and processes that protect your information.

We may also provide your email address to digital advertising or social media companies, such as Facebook, Twitter, and Instagram. We do this so that we can reach you and provide you with information about how you can support our cause. This data is always provided in an encrypted format and is deleted immediately after use, we don't hold onto data once we have used it. 

Below are some examples of the types of organisations with which we may share your data:

  • Advertising partners - to make sure that our advertising is relevant.

  • Analytics partners - to track the effectiveness of our website.

  • Social media partners - to communicate with supporters on various social media platforms.

  • Website and app partners - to help us develop websites that give our customers the best possible online experience.

Our website may, from time to time, contain links to and from the websites of our partners networks, advertisers and affiliates. If you follow a link to any of these websites, they will have their own privacy policies and we accept no responsibility or liability for them.

If you agree to receive marketing information from us, you are allowed to change your mind at any time. We will never share your information with outside organisations  who want to use it for their own marketing.

We won't send marketing emails and letters or make marketing calls to anyone under the age of 13. We will not send any marketing communications requesting donations to people under the age of 18, but we will send them information on how to fund raise on our behalf if they specifically request it.

If we have your consent, we might invite you to support our organisation by purchasing a raffle ticket or getting involved in fundraising events.

We might invite supporters to attend events where they can find out more about the ways donations will make a difference. We will also keep a record of which events you are invited to and if you attended or not. 

In regards to donations, we will use any personal information you give us to record the amount of your donation. If you interact or have a conversation with us, we'll make a note of anything relevant and store it securely.

If you tell us you want to fund raise to support our cause, we will use the personal information you provide us with to record your plans and contact you to support your fund raising efforts. 

Charity Commission rules state that we must know where our funding has come from, as well as any conditions attached to them. We research the credibility, reputation and ethical principles of donors who've made a significant donation to Llanrumney Hall Community Trust.

As part of this process, we will carry out research using publicly available information and professional resources.

We will need to use your personal data to manage your volunteering, from the moment you inquire about the position to the time you decide to stop volunteering with us. This could include:

  • contacting you about a role you've applied for or which we think you might be interested in

  • recording hours that you've booked

  • recognising your contribution

  • asking for your opinions on your volunteering experience

  • next of kin details

We will conduct research with our customers, staff and volunteers to understand their views on their experience with us. We will use this feedback to improve the experiences that we offer. 

If you take part in any research that we conduct, we will tell you when you start what data we will collect, why and how we will use it. All the research we conduct is optional and you can choose not to take part. For some of our research, may ask you to provide sensitive personal data. such as ethnicity or religion. You aren't obligated to provide this data and we also provide a 'prefer not to say' option to be used if desired.

There is a chance that we will give some of your personal data to a research agency so that they can carry out research for us.

It's important to us that we use our resources in a responsible and cost-effective way, which is why we use automated profiling and targeting to help us understand our supporters and make sure that:

  • our communications, such as emails, and services, such as the website are relevant, and interesting to you

  • we use our resources responsibly and try to keep our costs down

The information that we collect is looked at as a whole rather than individually. However, we may also collect some personal data to tailor our marketing campaigns to you, such as how you prefer to be contacted.

If you have given us permission to contact you for marketing purposes, we may also gather additional information about you from external sources, such as updates to address and contact information.

Data Aggregation is a process in which information is collected and summarized, for analysis. Another purpose of aggregation is to get more information about particular groups based on factors such as profession, or income.

We will also use your personal data to create a profile which will help us target our marketing to you.

We will sometimes use third party organisations to capture some data on our behalf, but we only allow this when we are confident that the third party organisation will treat your data carefully, in accordance with our terms and in line with the requirements set out in the GDPR.

We will not, nor will we ever, profile anyone under the age of 18.

If you work for us, or apply for a job with us, we will process your personal data, including sensitive personal data, to comply with the appropriate obligations and responsibilities.

This can include information relating to your health, racial or ethnic origin, as well as criminal convictions. In certain circumstances, we may process personal data without explicit consent.

  • Our contractual responsibilities meaning those from an employment contract. This may include data relating to: bank account, postal address, sick pay, leave, maternity pay, as well as emergency contacts.

  • Our statutory responsibilities mean those imposed by law on us as an employer. This includes data relating to: tax, national insurance, statutory sick pay, and statutory maternity pay,  as well as equal opportunities.

  • Our management responsibilities are those necessary for the way the organisation functions. This may include data relating to: recruitment and employment, training and development, absence, disciplinary matters as well as contact details.

We only process data about an employee’s health where and when it is necessary, such as to record absence from work due to sickness, and to make appropriate referrals to the Occupational Health Service. This processing will only happen with the employee’s knowledge and consents.

We will process data about an employee’s or volunteer's racial and ethnic origin, their sexual orientation and their religious beliefs, but only where they have volunteered such data and only for upholding our equal opportunities policies. 

We will hold data regarding an employee’s or volunteer's DBS Check as long as is necessary. 

It's important to us that we keep our customers, volunteers, and employees safe, so the security of your data and our systems is very important to us.

External threats to our data security constantly change, so we have a process for managing and protecting all of our new and existing systems to make sure that they are as up to date and secure as possible. 

Our staff complete information security and data protection training when they start working with us and repeat every year to reinforce their responsibilities and requirements.

 

When trusting us with your data, please be aware that we will keep your information secure to maintain your confidentiality. When your information is stored or transferred with us, we use strong encryption to reduce the risk of unauthorized access.

We store your data within the European Union (EU). Some organisations which may provide services to us might transfer your data outside the European Economic Area but we will only allow this if your data is properly protected.

We do not, nor will we ever, sell or share your personal information for other organisations to use.

If and when we permit third party organisations to act on behalf of the Llanrumney Hall Community Trust to access your personal information, we will always have control of what information they see, the duration they see it for, and what they are permitted to do with it.

We might share the personal data we collect with:

  • Third party research organisations

  • Third party IT providers, for example who host the website or provide IT support

Also, under strictly controlled conditions, we will share personal data with:

  • Contractors

  • Service providers

There is the chance that we will also disclose your personal information to third party organisations to comply with a legal obligation, or to enforce another agreement. It will also be used to protect the rights and safety of Llanrumney Hall Community Trust and our volunteers, employees and visitors.

To regards to carrying out our contractual and management responsibilities, we may sometimes need to share an employee’s personal data with one or more third party.


In order to meet an employment contract, we may need to transfer an employee’s personal data to third parties, such as to HM Revenue & Customs.

In order to fulfill our statutory responsibilities, we are obligated to provide certain aspects of an employee’s personal data to government departments or agencies, such as to provide salary and tax data to HM Revenue & Customs.

We will only use and store your information for as long we need to. The duration it will be stored for depends on the information, what it is being used for and any legal requirements.

You have certain rights over your personal data. We decide how and why personal data is processed.

You have a right of access to any of your personal data that is held by us.

This right may be exercised by emailing us at info@llanrumneyhall.org or writing to us at

Llanrumney Hall

Ball Rd, Llanrumney, Cardiff CF3 4JJ

You may be asked to provide the following details:

  • The personal information you want to access

We will require you to confirm your identity. When we hold personal information about you, we will provide you with a copy of the information along with an explanation of why and how we hold and use it. We will try to respond to any requests for information promptly, within the legally required time limits (30 days). 

Where you have given us consent  to use your personal data, you have the right to withdraw that consent at any time. You also have the right to ask the Llanrumney Hall Community Trust to stop using your personal data for marketing purposes.

When possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections based on your updated information.

Any update or amendment of your personal data will take place within 30 days of your request.

This privacy policy is intended to provide information about what personal data we collect and how it is used. As well as rights of amendment referred to above, you have other rights in relation to the personal data we hold, such as a right to deletion (‘right to be forgotten’), and the right to object to our processing of personal data. There may be other legal reasons why we need to process your personal data.

We may use Legitimate Interest as our legal basis for processing personal data. We will always conduct a Balance Test when doing this, which means weighing the protection of your rights and personal data with our use of your data to continue supporting our interests. These Balance Test are assessed by our Data Protection Office, to ensure that the rights of our supporters are maintained.

We use Legitimate Interest regarding the following areas of our work: volunteering, data analysis, fundraising, as well as marketing.

If you have a complaint, please talk directly to us, so we can resolve any problem or  answer any query.

Ensure that you check the above policies before you submit any personal data on this website. This privacy policy applies solely to the personal data collected by Llanrumney Hall Community Trust.

We’ll amend this privacy policy every now and then to make sure that it remains up to date, shows how and why we use your personal data, and reflects any new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website. 

This privacy policy was last updated on 21st October 2019.