Privacy Statement for Meeting Room Bookings Clients

Introduction

Who are we?

What types of personal information do we collect and how?  

Why we process your personal information

to notify you about changes to our service

Third parties we may share your data with

Data security

How long we keep your personal data

Your rights

Questions and complaints

At St Mary's PCC, we are committed to maintaining the trust and confidence of everyone we work with and for. We will therefore take all necessary steps to look after the personal data we obtain in the course of our work. We want to reassure you that we are not in the business of selling, renting or trading email lists and contact details. We will always use personal data lawfully and in accordance with the intended purpose for which it was collected. This privacy statement is written to give you complete clarity and transparency about why we collect personal data, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.


Our registered legal name is St Mary's PCC Registered  Company  number 6734354, Charity Registration number 1127269. We are a "data controller" for the purposes of the General Data Protection Regulation 2016/679 ("GDPR"​).  We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the GDPR.  Our registration reference with the Information Commissioner's Office is:  Z2951030 .  You can contact our Data Protection Lead by emailing admin@stmaryislington.org


In using our website and online bookings database and receiving our services you consent to the collection, use, disclosure and transfer of your Personal Data as set out in this Privacy Statement.


Fair and lawful Processing

We will only process your Personal Data, where:

(a) you have given your consent to such processing (which you may withdraw at any time, as detailed under section entitled “Your rights”);

(b) the processing is necessary to provide our services in our setting and through our website and third party hosted online databases;  

(c) the processing is necessary for compliance with our legal obligations; and / or

(d) for our legitimate interest or those of any third parties that receive your Personal Data (as detailed under section entitled “Third parties we may share your data with”).  

By "processing"​, we mean the collection, recording, storage, use, disclosure and any other form of operations or dealings with you and your child’s Personal Data.

In the course of our business we may need to gather and use "Personal Data" ​about you, by which we mean any information about you from which you can be identified. We may collect your personal data through one or more of the following means:

  • Over the telephone in response to your direct call / enquiry we take your name and contact details and log details of your enquiry to process it

  • Via e-mail in response to your direct e-mail enquiry we take your name and contact details you give in your message and log details of your enquiry in order to process it in and respond and reply to you

  • Via the BookingsPlus online platform, our third party maintains an online database when you submit  an enquiry through the “Enquire Now” form and give us your contact details and name of the organisation on whose behalf you are enquiring after our services.

If you become our client we will create an account for you on the BookingsPlus online database, store  your name, address, e-mail and phone details to administer your bookings including all related agreements and transactions. In addition to the above information:

  • We may add new users to your account that you asks us to add (such as bill payers), we store their name and email/ phone contact details.  

  • We collect documents that have been uploaded or sent to us by you or your authorised associates with access to your organisation’s account, which may or may not contain personal information.

  • When we add new bookings requested by you, we store financial data related to bookings, prices, invoices/credit notes, payments/refunds made and account balances.

  • When you make a payment via one of the payment providers offered  (Worldpay or Gocardless) in BookingsPlus, we only see the financial transaction for services or products purchased, including payment reference, the name of the person paying, and the status of the payment, which may include reasons as to why the payment failed. Before using our third party payment provider’s service you will be asked to read and accept their terms and privacy policies and choose to pay us through them. You can also read their privacy policies vie the below links:

    • Gocardless (click here for their privacy policy)

    • Worldpay   (click here for their privacy policy)

  • Whenever you use BookingsPlus, log data is collected about your use of the BookingsPlus database.  This log data includes:

    • The number of times you have signed into BookingsPlus

    • The last login date

    • Date you confirmed your bookings

    • Date you accepted our terms and conditions and privacy statement

Video and photographic image collection

  • CCTV recording is in operation inside and around the entrances to the Neighbourhood Centre and Crypt.

  • We use the information we collect to provide a service for you.

  • In order to do that, it’s necessary for us to use your information:

  • If you call us or send us an enquiry or details via email or another method including 'enquiry now'                        

  • for assistance via St Mary's marketing website, we will use your details to respond to your questions or comments

  • to carry out our obligations arising from any contracts entered into between you and St Mary's

  • to issue and record key allocation

  • to identify you when we process your transactions

  • to provide you with information, products or services that you request from us

  • to send you marketing communications, where you have opted in to receive these. Your preferences can be amended at any time, by emailing bookings@stmaryislington.org

  • where you are using BookingsPlus to place a bookings, make payments, we will share your

  • information with our accountancy service contractor, Charity Accounting Services to reconcile payments against invoices and to account for income received for bookings made by you and to resolve any enquiries relating to transactions, disputes or to process refunds.

  • if you opt to use third parties such as GoCardless and Worldpay though BookingsPlus they will use your details to facilitate transactions.

  • where financial data is used for credit control purposes in order to contact you or to collect missed payments.

  • to ask you to complete surveys that we use to improve our services to you or to  collect information about the social impact of your services if you have been given a reduced hire rate

  • details with our consumer debt collection agency “Daniels Silverman” for debt recovery.

  • to carry out safeguarding procedures in line with our Safeguarding Policy if your services are for  minors under the age of eighteen (18) years, or vulnerable adults.

  • As part of the registration process for our e-newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about our work, programmes, services and opportunities; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. Click here to read our detailed CCTV privacy statement.

  • to record and monitor accidents, incidents and ill-health and assist the emergency and medical services in treatment

  • to respond, record and monitor feedback and complaints

  • BookingsPlus, our online bookings processor, we use to administer your booking and any applicable billing and correspondence relating to these.  The information you share on BookingsPlus is controlled by St Mary's but you will also be provided with an online account where you can check and update your details to help us to keep your details accurate and up to date.

  • Charity Accounting Services (our accountancy contractor) using QuickBooks online database

  • Gocardless (payment services provider)

  • Worldpay (payment services provider)

  • Daniels Silverman Limited (debt recovery service provider)

  • Google, our cloud provider for communication, administration and a document handling platform

  • MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our e-news mails.

Written terms and conditions are in place with each of these parties, which ensures your data is not used by them for their purposes, only for ours as set out in the sections above and the data is secured to prevent unauthorised access /use.)

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We will keep your personal data for up to 12 months beyond the end of any contract or business we have with you.  If there is a dispute we will keep your data for 12 months beyond the resolution of the dispute.  We will keep anonymised aggregated data for management purposes indefinitely.

You have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Lead on admin@stmaryislington.org in writing.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

We have appointed a data protection lead (DPL) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPL. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.]

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.