Policies

Privacy & Data Protection Policy

It is important to us that you understand and are happy with how we use your information. Please take the time to read this Website Privacy Statement (below) and our general Data Protection Policy, which follows it.

Contact us
Group
Group

Website Privacy Statement

Your data will be held by the Sherwood Forest Trust charity (SFT) in accordance with General Data protection Regulations (GDPR) 2018.
Further information on how our charity processes, handles and stores your personal data, and your rights, can be found in our Data Protection Policy, which is set out at the end of this document.

When We Gather Data

You can use this website without disclosing any personal information.

We only collect personal data from you via the website when you:

  • Request information about what we do that requires a response.
  • Submit a volunteering request
  • Make a donation via Paypal or via our website
  • Sign-up to our mailing list
  • Take part in a survey
  • Provide us with feedback
  • Supply content for our web-site.

On each occasion we will ask whether or not you agree to our collecting and storing your data.

What Data We Collect

We may collect the following information:

  • Name and title.
  • Contact information including address, postcode, telephone and email address.
  • Demographic information – such as age interests and any special skills that you have told us about – but only where relevant to the activity you wish to participate in (e.g. if you want to do volunteer work with us and we need to assess your suitability to a role.)
  • Other information required by surveys that you have opted to participate in, or in order for us to respond to feedback that you have given us.

How We Use This Data

We require this information to understand your needs and provide you with a better service, for example:

  • To answer enquiries made by you to us
  • To conduct surveys to better understand users of our services
  • To respond to your questions or requests
  • To inform you of news or opportunities which may be of interest to you.

If you have received a communication from the SFT and do not wish to receive any further communications, please email us to let us know: info@sherwoodforesttrust.org.uk

Who Gets To See Your Personal Data?

We will not sell, distribute or lease your personal information to third parties, unless we have asked and received your specific permission to do this, or where we are required to by Law.

We will not display your name or contact details on our website without your prior approval.

Your right to withdraw consent at any time
You can tell us that you no longer wish us to use your data and, if you do, we must stop using it as soon as is reasonably practical

Your right to require the erasure of your data (right to be forgotten)
If you no longer wish us to have or use your data you can tell us to remove your data completely from our records and we must do so as soon as is reasonably practical

How long do we keep your personal data?
We only keep your personal data for as long as it is needed for the purposes listed above, and will not be held for longer than it is needed. Data no longer needed will be deleted, or (if in paper format) shredded.

We do not transfer your personal data to other countries

Your Rights Under GDPR
Under the General Data Protection Regulation you have the following rights:

  1. to be told about what data we have, how and what we use it for, and who we share it with (as we are doing in this Privacy Notice);
  2. to be given access to your personal data;
  3. to have any errors corrected or incomplete data completed;
  4. to stop us using your data if you think our use is unjustified or the data are inaccurate.

You may request details of personal information which we hold about you under the new GDPR 2018. If you would like a copy of the information held on you please contact our Chief Executive by emailing info@sherwoodforesttrust.org.uk

If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible using the email info@sherwoodforesttrust.org.uk
We will promptly correct any information found to be incorrect.

Your legal obligation
You are under no legal obligation to give us your personal data if you do not wish to.

The existence of automated decision making, including profiling
The Charity does not use computers to analyse your data in order to make computer decisions about what communications the charity should, or should not, send to you.

The right to complain to the UK Information Commissioner’s Office:
if you are dissatisfied with the way that the Charity is collecting, holding, processing and using your personal data you are entitled to complain to the Information Commission.

Photographs

Before we use a photo on our website or on Facebook we will – as far as we are able – obtain permission from people in the photo and the photographer who took the photo.

Exceptions to this are images of crowd scenes or long-distance views of the general public at events. In the latter case a public sign is normally displayed so that everyone is aware that photographs may be taken and used for publicity purposes.

Please be aware that some images used by us have been given by permission of other organisations – for example, a local tourist attraction wishing to show what facilities they have available for visitors. In the case of photography loaned or granted to us by third parties, we will direct any enquiries to the organisation / photographer named on the photo credit.

Cookies and how we use them

What is a cookie?

A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information such as how many people use the website and what pages they tend to visit.

How we use cookies

We may use cookies to:

  • Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
  • Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
  • To recognise when you return to our website. We may show you relevant content, or provide functionality you used previously.

Cookies do not provide us with access to your computer or any personal information about you, other than that which you choose to share with us.

Controlling cookies
Your web browser will let you specify which cookies you want to keep on your computer. Most browsers allow you to ‘trust’ certain websites by accepting cookies from them, while avoiding cookies from other sites. The All About Cookies website has a handy guide which explains how to manage your cookies

Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies. However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.

Log files

Every time our web site is accessed an entry is made in the web server’s log file. This tells us broadly where an access is coming from, when it was made, which file was requested and whether the request was successful or not. It usually does not allow us to identify individual users. The data is used to assess usage levels and spot technical problems

Security

We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. We also follow stringent procedures to ensure we work with all personal data in line with the new GDPR.

Links to Other Websites

Our website may contain links to enable you to visit other websites which may be of interest to you.

However, once you have used these links to leave our site, you should note that we do not have any control over that external website.

Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other websites and such sites are not governed by this privacy statement.

You should exercise caution and look at the privacy statement applicable to the website in question.

Furthermore, the inclusion of a link to an external website should not be understood to be an endorsement of that website, the site’s owners or their products/services.

Data Subjects
are people like you, who take part in our activities.

What we do with your personal data?
We use your personal data to help us organise the sort of activities that you like to come to, and to keep you informed about those activities. We can do this because we have a legitimate interest in knowing who is participating in our activities and in being able to share with them details of our activities (including any changes) and related activities.
Additional optional information we only keep and use with your consent.

Your right to withdraw consent at any time
You can tell us that you no longer wish us to use your data in this way and, if you do, we must stop using it as soon as is reasonably practical

Your right to require the erasure of your data (right to be forgotten)
If you no longer wish us to have or use your data you can tell us to remove your data completely from our records and we must do so as soon as is reasonably practical

Who gets to see your personal data?
We only share your personal data with other people when it is necessary to do so in order for us to run our activities efficiently and in the way that you would like.
We do not share your data with anyone else.

How long do we keep your personal data?
We only keep your personal data while you come to our activities, either regularly or from time-to-time.
If we have not seen you at one of our activities for 2 years we will delete your data.

We do not transfer your personal data to other countries

The existence of each of your rights
Under the General Data Protection Regulation you have the following rights:

  1. to be told about what data we have, how and what we use it for, and who we share it with (as we are doing in this Privacy Notice);
  2. to be given access to your personal data;
  3. to have any errors corrected or incomplete data completed;
  4. to stop us using your data if you think our use is unjustified or the data are inaccurate.

Your legal obligation
You are under no legal obligation to give us your personal data if you do not wish to.

The existence of automated decision making, including profiling
The Charity does not use computers to analyse your data in order to make computer decisions about what communications the charity should, or should not, send to you.

The right to complain to the UK Information Commissioner’s Office:
if you are dissatisfied with the way that the Charity is collecting, holding, processing and using your personal data you are entitled to complain to the Information Commission.

Identity and contact details of the controller.
The Charity’s Data Controller is the Board of Trustees of Small Charity Support
The Controller can be contacted via: The Principal Trustee, Small Charity Support, 46 Farm Road, Edgware HA8 9LT
Telephone: 020-8958 6801; e-mail: enquiries@smallcharitysupport.uk

The Sherwood Forest Trust. Updated Jan 2021

The Data Protection Policy

The Sherwood Forest Trust (SFT) recognises its responsibility to comply with the General Data Protection Regulations (GDPR) 2018 which regulates the use of personal data. This does not have to be sensitive data; it can be as little as a name and address.

General Data Protection Regulations (GDPR)

The GDPR sets out high standards for the handling of personal information and protecting individuals’ rights for privacy. It also regulates how personal information can be collected, handled and used. The GDPR applies to anyone holding personal information about people, electronically or on paper.

When dealing with personal data, Trust staff and Trustees must ensure that:

  • Data is processed fairly, lawfully and in a transparent manner
    This means that personal information should only be collected from individuals if staff have been open and honest about why they want the personal information.
  • Data is processed for specified purposes only
    This means that data is collected for specific, explicit and legitimate purposes only.
  • Data is relevant to what it is needed for
    Data will be monitored so that too much or too little is not kept; only data that is needed should be held.
  • Data is accurate and kept up to date and is not kept longer than it is needed
    Personal data should be accurate, if it is not it should be corrected. Data no longer needed will be shredded or securely disposed of.
  • Data is processed in accordance with the rights of individuals
    Individuals must be informed, upon request, of all the personal information held about them.
  • Data is kept securely
    There should be protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Storing and accessing data

The Trust recognises its responsibility to be open with people when taking personal details from them. This means that staff must be honest about why they want a particular piece of personal information.

The Trust may hold personal information about individuals such as their names, addresses, email addresses and telephone numbers. These will be securely kept at the Trust’s office and are not available for public access. All data stored on the Trust’s office computers is password protected.

Once data is not needed any more, is out of date or has served its use and falls outside the minimum retention time of the Trust’s document retention policy, it will be shredded or securely deleted from the computer.

The Trust is aware that people have the right to access any personal information that is held about them. Subject Access Requests (SARs) must be submitted in writing (this can be done in hard copy, email or social media). If a person requests to see any data that is being held about them, the SAR response must detail:

How and to what purpose personal data is processed

  • The period the Trust intends to process it for
  • Anyone who has access to the personal data

The response must be sent within 30 days and should be free of charge.

If a SAR includes personal data of other individuals, the Trust must not disclose the personal information of the other individual. That individual’s personal information may either be redacted, or the individual may be contacted to give permission for their information to be shared with the Subject.

Individuals have the right to have their data rectified if it is incorrect, the right to request erasure of the data, the right to request restriction of processing of the data and the right to object to data processing, although rules do apply to those requests.

Please see “Subject Access Request Procedure” for more details.

Confidentiality

Trustees and staff must be aware that when complaints or queries are made, they must remain confidential unless the subject gives permission otherwise. When handling personal data, this must also remain confidential.

The Sherwood Forest Trust. Revised November 2020
Family walking in Sherwood LARGE photo

Talk to us!

Get in Touch

Whether it’s by phone, email, letter, or Facebook, we love to hear from you.

Contact us