ARC Renewal Community
ARC renewal community has a responsibility to handle any data or information it stores concerning any member of the community, responsibly and confidentially. This document sets out how we, as a community enact this responsibility.
The ARC Renewal Community holds the following data on all members of the community, which under GDPR (General Data Protection Regulations (2016) EU) is deemed the personal property of the individual:
- Name.
- Email address.
- Postal address including postcode.
- Landline and mobile telephone numbers.
- Images on Zoom recordings
This data is retained in order that the community can:
- Manage our volunteers.
- Maintain our own accounts and records.
- Deliver the services that individuals have requested.
- Inform individuals of news, events or activities running within ARC Renewal Community. For example to send out booking forms for our annual event.
- To communicate with each other throughout the year, so that we can pray for each other and communicate that need to one another, and for discernment.
This information is currently held in three places:
- In a Google contacts folder on the ARC google drive, entitled [email protected]
- On a spreadsheet which is used both as a registration document for our annual event and to produce and manage our accounts. Held by Chris Lunt at www.jumpingdev.com
- On a contacts CVS by all members of the ARC team, to be updated by end of September 2022
Full details of the location of information held by the ARC Renewal Community, is contained within our information register which can be found on the same password protected Google drive entitled [email protected]. A copy of our information register is available on request to:
Data Controller
Close Cottage
Church Lane
Bootle
Cumbria
LA19 5TE
Data Control
The data referred to in this document is controlled by the ARC Renewal Community.
Currently there are three Data processors within the ARC renewal community who have access to this data: Chris Rolfe-More, Caroline Shevelan and Chris Lunt.
Members of the ARC Renewal Community have a right to request a copy of their data at any time from the data controllers.
This should be done in writing to [email protected] or
Data Controller
Close Cottage
Church Lane
Bootle
Cumbria
LA19 5TE
A full copy of this document is available from the 25th May 2018 for everyone to view, both on our website at www.arcrenewalcommunity.org, as a file on the facebook page, and on the ‘policy wall’ at our annual conference.
The following data control policies are in place and valid from 30th September 2018.
- All the information retained by the ARC Renewal Community will be current, and held with the permission of each individual member of the community. Children under the age of 13 will be represented by a parent/guardian.
- All third parties that the ARC Renewal community interacts with will have been checked to ensure they are GDPR compliant. (See section Third Party Compliance).
- Laptops used to download documents containing personal information (as defined by GDPR legislation) will be encrypted and securely destroyed/erased when no longer in use. (Achieved 25th May 2018).
1) Obtaining consent to hold data
We achieved this by asking everyone aged thirteen and over, who attended our annual event in August 2018, to read and sign a copy of our information notice. We also asked parents of children below the age of thirteen to sign on behalf of their children.
From 30th September 2018 a new register has been kept and all out of date information deleted/destroyed along with the data of individuals who have not given their consent.
The data described on the first page of this policy will be retained for a period of 5 years from 30th of September 2018 and will be updated annually at our community event to ensure it is accurate. If, after the five years retention period no new contact has been established either by phone, in writing via email or post, via the facebook page or via another member of the community, the team will assume that the individual no longer wishes to be contacted by the ARC Renewal Community and will delete their contact details from the database.
We will keep an electronic consent register, currently on a google drive, and retain a paper copy of signed consent forms in a locked filing cabinet at the home of Caroline Shevelan.
This consent is now collected digitally via secure form held by Chris Lunt at www.jumpingdev.com
2) Third Party Information
Under GDPR, the ARC Renewal Community is responsible for ensuring that any third parties it deals with are compliant with the new legislation.
This will be achieved by contacting the third parties concerned and asking for evidence of the following:
- A copy of Policies and Agreements that the company has in place with regard to data protection and GDPR legislation.
The ARC Renewal Community deals with the following third parties. The names in bold are the third parties where there may be an opportunity for personal information to be shared with third parties.
- Jumpingdev.com
- clook.com
- Facebook (Google)
- UCheck. (DBS)
- Bewerley Park Outdoor Education Centre 01423 711287
- Pateley Bridge Pool 01423 711442
- The Nippy Chippy 07790065615
- The logs man
- The milkman 07967 967907
- The icecream man 07763 191 458
This information is held on an electronic register with copies of the policies and evidences obtained. This register will be available from 30th September 2018 for anyone to view on request to:
Data Controller
Close Cottage
Church Lane
Bootle
Cumbria
LA19 5TE
3) Laptop encryption
Caroline Shevelan, Chris Rolfe-Moore and Chris Lunt, the three people within the community who have access to personal information as defined by GDPR, all have encrypted laptops. In addition Caroline Shevelan uses an app called mobile iron which creates a secure encrypted cloud within the computer so that the information never touches the hard drive.
This means that if laptops were to be stolen, lost or needed to go for repair, no-one would be able to retrieve the information from the hard drive.
Caroline Shevelan, Chris Rolfe-Moore and Chris Lunt have also agreed to have all technology wiped to military standard once they have finished using the equipment before it is passed on to anyone else.
Should the laptop be sent for destruction or recycling, all hard drives will be destroyed by a certified company and a certificate of destruction retained.
Additional Information – Safeguarding
In addition to the information stated above, the ARC Renewal Community also holds a record of the individuals within the community who hold a current DBS certificate to enable them to volunteer with the ARC Renewal Community. This record contains:
- Name
- Address
- Email address
- Telephone number
This data is retained so that the ARC Renewal Community can:
- Manage our volunteers. This includes the need to contact them to renew DBS certificates and with information about current courses.
- Ensure that our volunteering recruitment is compliant with child protection legislation.
The ARC Renewal Community also retains a copy of the DBS certificates of individuals who have a current DBS certificate to work within the ARC Renewal Community. This information is retained in order for the lead safeguarding officer to comply with the law on safeguarding children.
A current DBS certificate contains the following information:
- Name
- Date of birth
- Place of birth
- Address
This information is held digitally on an excel spreadsheet and is retained on a password protected, encrypted laptop held by Diane Baylis .
Currently only Diane Baylis (administrator) Caroline Shevelan and David Judge (safeguarding officers) have access to this data in addition to the individuals themselves.
Where this information is held physically, it is retained in a locked filing cabinet at the home of Caroline Shevelan.
The ARC Renewal Community has a separate policy for handling DBS data. This is available on our website, on the files section of our facebook page, on the ‘policy wall’ at our annual event and in writing from [email protected] or
Data Controller
Close Cottage
Church Lane
Bootle
Cumbria
LA19 5TE
Data Sharing
Your personal data will be treated as strictly confidential, and will ONLY be available to be viewed by the following named people; Chris Rolfe-Moore, Caroline Shevelan and Chris Lunt. (DBS data Diane Baylis, Caroline Shevelan and David Judge).
Your personal data WILL NOT be shared within ARC Renewal Community without your consent unless required to do so by law. This consent was obtained on the booking form and a record is kept on the booking/registration document of who has consented to this and who has not. We will also keep a consent register. All members of the team are aware of who has NOT consented to share their details WITHIN the community. This consent will be renewed every five years (next date August 2022) and maintianed annually via the booking form.
We WILL NOT share your data outside of the ARC renewal community, unless required to do so by law, or with your explicit consent.
The ARC renewal community has taken all reasonable measures, as set out in this document, to ensure that the data that it holds is held securely and confidentially and cannot be obtained without permission of the individual to whom the data belongs.
Data Breach
If a breach of someone’s personal data occurs it should be internally reported to our nominated Data Protection Officer Caroline Shevelan at [email protected] and then to the Information Commissioner’s Office within 72 hours.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
https://ico.org.uk/global/contact-us/
If any member of the ARC renewal community is a member of the facebook group associated with the community, data collection is subject to the preferences the individual has set on their facebook profile when they signed up.
Any data obtained by Facebook through our Facebook page is the responsibility of each individual member of the community. This data is not held, stored or processed by the community in any way.
Website
Our current web address is www.arcrenewalcommunity.org.
It is a site created and maintained by Chris Lunt and hosted by www.jumpingdev.com which is a GDPR compliant hosting company. The servers are located within www.clook.com
Our privacy notice for the website is available on the website
Resources & Further Information
- Overview of the GDPR – General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
- Facebook Privacy Policy
- Google Privacy Policy
- clook.com Privacy Policy
- UCheck Applicant Privacy Policy
- UCheck Client Privacy Policy
- North Yorkshire. County Council Privacy Notice
Updated August 2022