The Phoenix Garden’s Privacy Policy
How we respect privacy when we deal with personal information collected by our organisation
This Privacy Policy applies to information we, The Phoenix Garden, collect about individuals who interact with our organisation. It explains what personal information we collect and how we use it. If you have any comments or questions about this notice, feel free to contact us at admin@thephoenixgarden.org.
This Privacy Policy applies to information we The Phoenix Garden collect about individuals who interact with our organisation.
It explains what personal information we collect and how we use it. If you have any comments or questions about this notice, feel free to contact us at admin@thephoenixgarden.org.
Purpose
- Enquiring about our organisation and its work
- Subscribing to email updates about our work
- Making a donation
- Website functionality
Data (key elements)
- Name, email, message
- Name, email
- Name, email, address, payment information
- Name, email
- Website activity collected through cookies
Basis
- Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect.
- Consent – you have given your active consent.
- Legitimate interests – this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message.
- Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table at the top of this policy.
For example, we may use your personal information to:
- reply to enquiries you send to us
- handle donations or other transactions that you initiate, this includes room booking payments made online. We do not collect credit/debit card information, when making a payment you are directed to a secure server run by WorldPay to make your payment
- where you have specifically agreed to this, send you marketing communications by email relating to our work which we think may be of interest to you
We will only pass your data to third parties in the following circumstances:
- you have provided your explicit consent for us to pass data to a named third party
- we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfills our legal obligations in relation to the use of third party data processors
- we are required by law to share your data
In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.
We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.
Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.
You have a range of rights over your data, which include the following:
- Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).
- You have the right to ask for rectification and/or deletion of your information.
- You have the right of access to your information.
- You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.
A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us.
Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.