PRIVACY NOTICE AND DATA PROTECTION POLICY
Policy Owner: Honorary Secretary
Effective Date: Approved by Council at its meeting on 29 August 2023
Next review Date: 2026
Version Control: v2 August 2023, (replaces v 1 adopted on 31.05.2018)
2.4. Contact details
2.5. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the above details. Beth Shalom’s registration number with the ICO is
2.6. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your membership with us.
2.7. This website may include links to third-party websites, plug-ins and applications that we have identified as necessary for the smooth functioning of the service. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
3. The Data we collect about you
3.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.2. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name (if applicable), last name, username or similar identifier, marital status and related halachic information, title, date of birth and gender.
- Contact Data includes billing address, home address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of services or tickets you have purchased from us.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Usage Data includes information about how you use our website.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
3.3. We may collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
4. How is your personal data collected?
We use different methods to collect data from and about you including through:
4.1 Direct interactions. You may give us your Identity, Contact and Financial Data by filling in an application form, by responding to a survey or by corresponding with us.
4.2. Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies and other similar technologies.
4.3 We may receive personal data about you from named third parties as set out below:
- analytics providers such as Google;
- providers of technical, payment and delivery services
- publicly available sources such as Companies House and the Electoral Register based inside the UK
- Joint Jewish Burial Society
- Donations, purchase of tickets through Eventbrite or similar ticket service providers.
5. How we use your personal data
5.1. Generally, we do not rely on consent as a legal basis for processing your personal data although (subject to 6.7 below) we will get your consent before sending third party direct marketing communications to you via email or text message.
5.2. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need to enter into or have entered into a membership agreement or other contractual arrangement with you.
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- where we need to comply with a legal obligation.
5.3. You have the right to withdraw consent to marketing at any time by contacting us.
6. Purposes for which we use your data
6.1. To enable BSRS to perform and deliver religious services, festivals and life cycle events to our members and to the public in accordance with our constitution.
6.2. To process applications for membership and generally manage our relationship with members and Friends, including administering and maintaining all relevant records (including processing for Gift Aid and all financial records).
6.3. To process and manage subscriptions for funerals and membership of our funeral expenses scheme.
6.4. To manage our employees and volunteers.
6.5. To manage and deliver our cheder.
6.6. To fundraise and support the charitable interests of BSRS.
6.7. To inform and communicate with our members and Friends through our electronic newsletter and other communications about our activities, and those of our partner communities which we believe will be of interest to you.
6.8. To deliver and manage this website.
6.9. To comply with our legal obligations including preparation of our financial accounts and statutory returns.
6.10. To provide any necessary security and crime prevention at our premises including the use of CCTV.
7. Third party marketing and disclosure of your data
7.1. We may share your personal data with the parties set out below where it is necessary for our legitimate purposes:
- At the direction of the trustees, we may share your data with other members of the synagogue only and in so far as may be necessary for the purpose of delivering membership and other synagogue services.
- Any administrators and bookkeepers from time to time (including BRS Virtual and Hannah Elsom Consulting) who manage our administration, bookkeeping, membership accounts and records.
- Our lawyers, accountants, and other professional advisers.
- The Movement for Reform Judaism to inform you of news and activities in the wider Jewish community in the UK or overseas.
- Jewish Joint Burial Society to provide you with access to the funeral and burial scheme.
- HMRC for the purposes of Gift Aid on qualifying donations.
- CCTV data may be shared with relevant authorities for the purposes of security and crime prevention.
- Mailchimp: https://mailchimp.com/gdpr/
- Zoho: https://www.zoho.com/en-uk/privacy.html
- Google: https://policies.google.com/privacy?hl=en-GB
7.2. We will obtain your express consent before we share your information with any third parties for marketing purposes.
7.3 We do not transfer your data outside the UK but users should consult the privacy policies of Google, Mailchimp and Zoho for information on their respective data transfer policies.
8. Data Security
8.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
8.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data Retention
9.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
9.2. We may retain your personal data for a longer period in the event of a complaint.
10. Your legal rights
10.1. Unless subject to an exemption under General Data Protection Regulation, you have the right to:
- Request a copy of your personal data which we hold about you.
- Request correction of your personal data if it is found to be inaccurate or out of date.
- Request erasure of your personal data where it is no longer necessary or legally required for us to hold the data.
- Object to processing of your personal data (in certain circumstances).
- Request restriction of processing your personal data.
- Request transfer of your personal data to another data controller.
- Right to withdraw consent to processing at any time.
- Right to lodge a complaint with the ICO.
10.2. If you wish to exercise any of the rights set out above, please contact us as above.
10.3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
10.4. Occasionally we may need to request additional information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
10.5. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.