Privacy Notice
1. Introduction
1.1. We take the privacy of our Synagogue member’s personal information very seriously and we take reasonable care to comply with the requirements of the UK Data Protection Act 1998 (‘the Act’) and the 2018 General Data Protection Regulations. This relates to the personal information you (our members) supply to the Synagogue in order to be a member of DHC.
1.2. This policy also relates to what we save on our database and in regard to what we use on our website, Facebook page and other social network and communication websites.
1.3. The legal basis for processing your personal data is that we have a legitimate interest in doing so. The legitimate interest being pursued is that as a community and membership organisation we need to hold a certain amount of personal data relating to our members so that we can manage membership and communicate with them appropriately about the Synagogue.
1.4. We are aware that religious beliefs are considered sensitive personal data. It follows that all of the data that we hold on our Jewish members is sensitive as it is an indication of their religious beliefs.
1.5. For the purpose of the Act, the Data Controller is the Membership Secretary. The current main Data Processors are the Administrators of DHC. The address of the Synagogue is Bloomfield Rd, Darlington DL3 6RZ
2. Your Personal Data
2.1. The information we gather from you will include your name, address, email address, phone numbers, dates of birth, subscription rates, arrears and any other personal information you submit to DHC on joining and over time.
2.2. We require this information in order that we can identify who you are, where you live, how we can contact you and other information that is required for membership i.e. proof of Jewishness or conversion.
2.3. We also include information about your children under the age of 18 years old which we need to hold in order to deliver the objectives of DHC e.g. the advancement of Judaism through educational activities and future potential membership of the Synagogue.
2.4. As part of your membership you will be on our mailing list and we will send you weekly and monthly newsletters, calendars and announcements by email or post from time to time. From September, if you do not wish to receive such emails please update your subscription preferences on MailChimp, the Synagogues database.
2.5. We might also use your personal data for the following purposes:
2.5.1. To ask you to take part in community activities for which you have volunteered (such as Kiddush, High Holy Days planning, security rotas etc) or to invite you to volunteer.
2.5.2. To meet pastoral and welfare needs, and to invite you to engage in community initiatives.
2.5.3. To inform you of fundraising activities or new initiatives that the Synagogue is organising.
2.6. Some data is shared with our lay leaders in order for them to perform tasks related to the running of the Synagogue. On leaving their post they are required to delete and destroy any contact information and data on members from their mobile phones, computers and tablets etc.
2.6.1. We will use the Information we hold to draw up and circulate lists of names towards the fulfilment of the key objectives of DHC to practice and develop Judaism. Should you wish for your name not to be disclosed on these lists, please email us at info@dhcreform.com
2.7. We will not sell, distribute or disclose your Information without your consent, or unless required or permitted to do so, by law. Required sensitive personal information will be held by the Administrator, the Rabbi and other Officers as required. This information is kept secure by those who are in possession of it.
2.8. We keep backups of member’s data on two hard drives. One on the Membership Secretaries computer the other on our MailChimp account.
2.9. In order to help us communicate with you and to store data cost-efficiently, we use the Mailchimp cloud-based technologies. That means that personal data may be stored outside of the European Economic Area (EEA).
2.9.1. If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA by transferring to countries with privacy laws that give the same protection as the EEA.
2.9.2. We share your anonymised data with Reform Judaism for the purposes of demographic and statistical information. You have the option to share your personal and contact details with Reform Judaism so that they can communicate with you about their youth programmes and other major events. You have the right to opt in to this sharing of information (with Reform Judaism) at any time. From September you will be able to update your subscription preferences on Mailchimp, the Synagogues database. Before September please notify info@dhcreform.com.
3. Updating your Information and Retention
3.1. We regularly ask members via our newsletters to revise the information we hold on them in order that the information we hold is accurate. Should members not keep us informed of changes to addresses, phone numbers, new births, divorce or separation etc. we cannot be held responsible for acting on old data.
3.2. If you feel that any of your information is inaccurate or if it changes, from September, please update it on MailChimp (the Synagogues database) or notify us by email at info@dhcreform.com. This includes addresses, phone numbers, email addresses, divorce, and separation, new births etc.
3.3. We will retain personal information for the legally required period, e.g. 7 years for Charity Commission requirements and HM Revenue and Customs (HMRC).
3.4. The Synagogues policy is to file and hold secure all membership papers and documents for members on the Server indefinitely unless requested otherwise. Details will also be kept on the Database.
3.4.1. A member that has terminated their membership can request to have these documents destroyed and to be removed from the database by contacting us at info@dhcreform.com. Should this be requested it might present problems should you wish to consider re-joining the Synagogue or another Reform Synagogue sometime in the future.
3.4.2. Any information held by the Synagogue regarding arrears will be retained and passed on to another Synagogue if they request it with your membership documentation.
4. Access to personal data
4.1. You have the right to obtain confirmation that your data is being processed and access to your personal data and to information corresponding to that in this privacy notice.
4.2. This information will be provided free of charge except where excessive, repeated or duplicate requests are made. In such a case a fee of £10.00 per hour to cover the costs of administration will be made. Such information will generally be provided electronically or by mail within one month of the request.
5. Internet
5.1. Please remember that methods of Internet communication, such as emails and messages sent via a website, are not secure, unless they are encrypted. We take no responsibility for any unauthorised access or loss of personal information that is beyond our control.
5.2. We may provide links to other websites however we do not place personal data on our website other than names of new members and announcements of weddings, births and deaths. We do also include photographs and information regarding family events etc. We do not accept responsibility for the protection of any data included on our website and on social media sites.
5.3. Our website uses cookies. Cookies are very small text files that are stored on your computer when you visit some websites. Cookies can either be persistent or session cookies. Our website uses both types of cookies.
5.3.1. We use cookies to help identify your computer so we can tailor your user experience. You can disable any cookies already stored on your computer, but this will stop our website from functioning properly. We do not store any personal information in raw format in cookies.
5.3.2. Our website also uses 3rd party cookies. These cookies are used to serve interest-based advertisements and/or tracking tailored to your browsing behaviour on our website.
6. Complaints about a data breach
6.1. When we receive a complaint from a person we will make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
6.2. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
6.3. We will keep personal information contained in complaint files in line with our Grievance Policy. Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
7. Registering a data breach
7.1. In case of a personal data breach that is likely to result in a risk to people’s rights and freedoms, DHC will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours.
7.2. High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. You will need to notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.
7.3. A breach notification must contain the nature of the personal data breach including, where possible:
7.3.1. The categories and approximate number of individuals concerned.
7.3.2. The categories and approximate number of personal data records concerned.
7.3.3. The name and contact details of the data protection officer or other contact points where more information can be obtained.
7.3.4. A description of the likely consequences of the personal data breach.
7.3.5. A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
8. Changes to Privacy Policy in relationship to data held by the Synagogue
8.1. Our Privacy Policy may change from time to time. In this case, the amended version will be published on the website (www.dhcreform.org). Members will be notified of any substantial material changes.
Further information about the new GDPR can be found on the ICO’s website or through the link:
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Last Updated: May 2018