1. INTRODUCTION
The Rock is a Registered Charity (No: 1190651), with the mission to be an inspiring youth work charity with a strong Christian foundation which enables young people, regardless of faith or background to engage with challenging activities, learn essential life skills and to develop their physical, emotional and spiritual wellbeing.
This Privacy Notice is designed to comply with the General Data Protection Regulation (GDPR) and sets out how we use (‘process’) the personal data we collect, how we work to protect your privacy and to ensure personal data you provide to us is kept safe.
2. YOUR INFORMATION
We collect personal information from you, for example when you complete a Consent Form for your child, request to become a supporter or prayer partner of The Rock, sign up for an event, make a donation, or otherwise provide your personal details.
3. WHAT DO WE DO WITH YOUR PERSONAL DATA?
When providing personal data we will make it clear the use for that data, this includes:
Young People’s Consent Forms
Supporter Information
Volunteer Information
4. OUR LEGAL BASIS FOR HOLDING AND PROCESSING YOUR PERSONAL DATA
Legitimate interest
We may contact you by email, telephone or in writing where we have a legitimate interest to do so. For example, where you have made a donation to The Rock, we send a letter of appreciation and information about the work your donation is supporting. Where you have previously asked us not to contact you in this way we will respect your contact preferences.
Preferences Consent
We may contact you by email, telephone or in writing if you have given us your consent to do so. We will only communicate in accordance with your preferences and you are free to change your preferences at any time.
Specific Provision
We may contact you as the parent/guardian (or emergency contact, as completed on the Rock Consent Form) by email or telephone in relation to your son or daughter, and the youth work provision they access at The Rock or would possibly be able to access.
Applying for a role as a volunteer with us
Where you provide personal data and sensitive personal data when applying for a volunteering position with The Rock, such as the information on your application form, we will process, store and disclose the personal data we collect to:
Support the recruitment process and yearly review process.
Use third parties to provide services such as references, qualifications, DBS checks, verification of information you have provided.
Answer any questions or feedback you may have.
Support the recruitment process where a Christian commitment is necessary for the role.
5. HOW AND WHERE WE STORE YOUR INFORMATION
How long?
We will keep your personal information only for as long as is necessary for the relevant activity or until you request us to erase it. We are legally required to hold some types of information to fulfil our statutory obligations and maintain compliance with applicable legislation, for example safeguarding and tax and account requirements.
How safe is the personal information we hold?
We ensure that access to personal data is restricted only to those staff members or volunteers whose job roles require such access and that suitable training is provided for these staff members and volunteers. All Rock Employees and Volunteers are subject to DBS checks and Safer Recruitment process.
Where we store your personal information
Credit / debit card security
We may use a third party to process donations e.g. Justgiving and Stewardship, but will ask them to process your information in line with the GDPR and the Payment Card Industry Data Standard.
6. WHEN WE SHARE YOUR INFORMATION
We do not share your details with third parties unless under a legal duty we need to pass on information if required by law or by a regulatory body. For example, a safeguarding matter has arisen, a Gift Aid audit by HMRC, or if asked for details by a law enforcement agency.
7. HOW WE TREAT CHILDREN
Aged under 13 years
We are concerned to protect the privacy of children aged under 18 years old that we work with. The GDPR require parents/guardians of all children under 13 years old to give their permission for their child to give us their personal information. It is our practice to obtain Consent Forms, signed by a parent/guardian for all young people under 18 years old.
8. YOUR RIGHTS AND TELLING US WHEN THINGS CHANGE
We fully recognise your right to have your data removed, to be forgotten, to opt out of communications or withdraw consent and to have a copy of your personal data.
Preferences
You can change your preferences at any time about what you receive from us by contacting us at the address given below.
Right to be Forgotten, Restrict or Object
You have the right to ask us to erase your personal data, to ask us to restrict our processing or to object to our processing of your personal data; to do so please contact us at the address given below. We are legally required to hold some types of information to fulfil our statutory obligations and maintain compliance with applicable legislation, for example safeguarding and tax and account requirement.
Right to Access
You have the right to request details of the information we hold about you. To receive a copy of the personal information we hold please write to us at the address given below. We will respond within one month of receiving your letter.
Right to Rectification
You have the right to request that information is corrected if it is not accurate; to do so contact us at the address below, informing us of the inaccuracy and providing the correct information.
Right to Data Portability
You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine readable format suitable for transferring to another controller; to do so contact us at the address given below.
Right to lodge a complaint
If you think we have infringed your privacy rights, you can lodge a complaint by addressing your concerns to us at the address given below.
For more information about your rights please visit the website of the Information Commissioner’s Office (https://ico.org.uk/for-the-public/personal-information/).
9. CHANGES TO THIS PRIVACY NOTICE
We may amend this policy from time to time to take account of changes to our processes or changes to data protection or other legislation. If we make any significant changes to this policy we will indicate this clearly on our website, in our publications or by writing to you directly.
10. POLICY IMPLEMENTATION
The practical implementation of this policy is the responsibility of the members of the Board of Trustees and the Operations Director. Please use the address and contact details below when making contact with The Rock about any data protection matters:
Telephone: 01242 700700
Email: hello@therock.uk.com
Address: The Rock, St Peter’s Church, Tewkesbury Road, Cheltenham, Glos, GL50 9AH.
_________________________________
This Policy will be reviewed every 2 years.
Written : May 2018
Reviewed November 2023
Next review: November 2025
All emails sent by the system contain a tracking pixel. This is used to track whether each email has been opened by the recipient, and when. This information can be viewed by those users of the system with permission to view email delivery reports. We do not display any information regarding the location of the recipient. Note that the tracking pixel is only activated if the recipient chooses to download images into their email client.
We, The Rock Youth Centre, make use of the myClubhouse software supplied by Simmetrics Ltd to process personal data we include on our myClubhouse website in accordance with our privacy policy set out above. Simmetrics Ltd processes your personal data on our behalf and they can only do so in accordance with our written instructions. You can find the details of our data processor’s privacy policy here: http://www.myclubhouse.co.uk/Home/PrivacyPolicy.