1. Introduction
We take the privacy of your personal information very seriously and take reasonable care to comply with the requirements of the UK Data Protection Act 1998 (‘the Act’) relating to the personal information you supply to be a member of New Stoke Newington Shul (NSNS), and on the website and with the General Data Protection Regulation that applies from 25th May 2018.
For the purpose of the Act, the data controller is New Stoke Newington Shul, whose head office is 68 Brighton Road, N16 8EG, United Kingdom
2. Your Personal Data
The types of information we collect for your membership is described below. By becoming a member of NSNS you consent to the collection and use of any personal information in the manner described. When subscriptions are renewed re-consent will be sought to ensure compliance with the General Data Protection Regulation that applies from 25th May 2018.
The information we gather (‘Information’) may include your name, address, email address, and any other personal information you submit to (NSNS) .
This includes information about children under the age of 18 which we need to hold to deliver the objectives of NSNS, e.g. the advancement of Judaism through educational activities.
As NSNS is a constituent member for the Masorti Judaism we share your data with them for the purposes of demographic and statistical information, as well as to ensure that you are aware of their key events and news. You have the right to opt out by informing NSNS at administration@nsnshul.org.uk
NSNS may share the data you have provided to us regarding your Jewish identity with the community’s Rabbi, who may process this information for religious and community development purposes.
If you choose to join the Joint Jewish Burial Society, relevant membership information is shared with them and Kol Nefesh Masorti Synagogue through whom we contract this service to allow them to carry out their duties.
If you choose to make payments to us by direct debit the banking details you supply will be stored by the Charities Aid Foundation and used by them for this purpose only.
If you choose to sign up to our our mailing list we will send you newsletters. We may from time to time offer you the opportunity to to participate in a survey and to receive information by email about third parties’ products and services or any other activities which we provide. You may opt out by notifying us at administration@nsnshul.org.uk.
We will use the Information we collect from you to keep you informed about events and activities which we believe will be of interest to you. Should you not wish to receive this information you can opt out by informing the data controller, NSNS, at administration@nsnshul.org.uk
As part of your membership we use the Information to draw up and circulate lists of names towards fulfilment of the key objects of NSNS to practice and develop Judaism and Jewish life within the community, e.g. list for details for yahrzeit purposes and to promote the safety of NSNS members, e.g. event security rotas. Should you wish for your name not to be disclosed on these lists, please contact the data controller, , at administration@nsnshul.org.uk
We will not sell, distribute or disclose your Information without your consent, or unless required or permitted to do so, by law including sensitive personal information that is held by the NSNS administrative team.
3. Updating your Information and Retention
If any of your information is inaccurate or if it changes, please notify us by email at administration@nsnshul.org.uk
We will retain personal information for the legally required period, e.g. 7 years for Charity Commission requirements and HM Revenue and Customs (HMRC) and otherwise only whilst it serves to support your membership of NSNS.
On termination of membership or a member’s death their Information will be retained for two years for demographic and statistical purposes.
4. Access to personal data
You have the right to obtain:
• confirmation that your data is being processed
• access to your personal data and to information corresponding to that in this privacy notice
This information will be provided free of charge except where excessive, repeated or duplicate requests are made. In such a case a fee to cover the costs of administration will be made.
This information will generally be provided electronically within one month of the request. Should an extension of up to two months be required we will inform you of the reason.
5. Links to Third Parties’ Sites
We may provide links to other websites on our website. Before you supply any personal information to any other website we recommend that you check that website’s Privacy Policy.
We do not accept responsibility for the protection of any data supplied by you to other sites.
6. Cookies
We may use cookies to give you a better experience and to monitor how you are using the website for research purposes and to help us make improvements to our website.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies, but if you do so parts of the website may not work correctly.
For more information and to find out more about cookies and web Analytics read information and advice for members of the public regarding EU Cookie Laws on the UK Government’s Information Commissioner’s Office website.
7. Internet and Data Storage
The NSNS website uses security processes that protects your Information from unauthorised use.
However, as no data transmissions over the internet can be guaranteed to be 100% secure we cannot take responsibility for any unauthorised access or loss of personal information that is beyond our control, e.g. whilst in transit. Any data you send is at your own risk.
We have procedures and security features in place to keep your data secure once we receive it. Your data is held in the UK only and only shared with the third parties mentioned in sections 2 and 3 above.
Please remember that other methods of internet communication, such as emails and messages sent via a website, are not secure unless they are encrypted.
We take no responsibility for any unauthorised access or loss of personal information that is beyond our control.
8. Complaints about a data breach
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains information relating to the identity of the complainant and any other individuals involved in the complaint. The complaint will be allocated to a member of the NSNS Council to investigate.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from the date of the closure of the complaint. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
9. Data breach
In case of a personal data breach that is likely to result in a high risk to people’s rights and freedoms, NSNS will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours. We will also notify the subjects of any data impacted by any data breach. High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage.
We will notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.
A breach notification must contain the nature of the personal data breach including, where possible:
• the categories and approximate number of individuals concerned
• the categories and approximate number of personal data records concerned
• The name and contact details of the data protection officer (if your organisation has one) or other contact point where more information can be obtained
• A description of the likely consequences of the personal data breach
• A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
10. Changes to Privacy Policy
Our Privacy Policy may change from time to time. In this case, the amended version will be published on the NSNS website.
Further information can be found on the ICO’s website or through the link:
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Last Updated: 2nd April 2018