We are dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
This privacy statement describes why and how we collect and use personal data and provides information about data subjects (individuals) rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. MCHub- My Community Hub processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
What information we collect
We may collect personal data from direct and indirect sources.
We may obtain personal data directly from individuals who complete online forms, apply as volunteers or for open job roles and to subscribe to our marketing communications. We may also obtain personal data in the course of delivering services to our clients and customers.
We may obtain personal data from a variety of sources including our clients and recruitment service providers. We may append personal data we hold about individuals to better serve our clients during the course of the contract, satisfy a legal obligation and or pursue our legitimate interests.
– Public Sources: Personal data may be obtained from publicly held registers of information such as polling registers, companies house, charity commission, news articles, sanction lists and internet searches.
– Recruitment services: We may obtain personal data about new candidates from an employment agency and other parties including former employers.
– Background checks: We may obtain personal data about new candidates from credit reference agencies and or other background check agency providers.
How do we collect personal information
We may collect personal information through various medium of communication as outlined below:
Information that you have given to us when speaking to one of our team members on the telephone.
Information that you have entered on our website?(www.mchub.org.uk)?when making an inquiry or a booking.
Categories of Personal data collected
We may obtain following categories of personal data about individuals:
- Contact details: name, company name, role title, personal, work and mobile telephone numbers, personal and work email address, postal address, etc
- Professional details: career history, educational and professional affiliations, etc.
- Family, next of kin/beneficiary details: name of next of kin/beneficiary, personal, work and mobile telephone numbers
- Financial details: bank details, payroll, pensions, bankruptcy records, etc
- Tax details: tax records, PAYE details
- Curriculum Vitae (CV) for job applications
Sensitive (special category) data and minor data
We normally would not collect sensitive about individuals. However, there maybe instances where this data is collected based on the consent of the individual unless it is obtained indirectly for legitimate interests.
- For the purposes of complying with employment law and processing sensitive information about employees.
- Personal Identification documents to obtain access to high security venues could reveal race or ethnic origin, and possibly biometric data.
- Organising events for under 13 years old. In this instance, parental/guardian consent is obtained.
How we use your information
We only ever use your personal data with your consent, or to the extent necessary to:
- Enter into, or perform, a contract with you;
- Comply with a legal duty;
- Remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or
- For our own (or a third partys) legitimate interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights dont override these.
We will only use your information for the purpose it was collected (or for similar/related purposes).
We will never sell your personal data or share it with third parties who might use it for their own purposes.
We use personal information (such as email addresses and sms) to market and promote our services to other businesses.
You can choose to opt out of MCHub marketing communications by clicking the unsubscribe link at the bottom of our emails. If you wish to change your contact details or preferences please email us firstname.lastname@example.org.
We employ a variety of technical and organizational measures to keep personal data safe and to prevent unauthorized access to, or use or disclosure of it.
Third party and International transfers
We will only share personal data with others when we are legally permitted to do so. ?When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
We normally only store data within the European Economic Area (EEA). If we or one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
We will continue to store limited information about the client (including transaction records), volunteers and employees for up to 6 years for accounting, record keeping and administrative purposes. If we consider there is a need to store records for longer (for example, the transaction has been the subject of a dispute or claim or former employee pension provider details) then we will retain the data for as long as is necessary.
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. ?Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
This privacy statement is intended to provide information about what personal data we collect about you and how it is used. ?As well as rights of access and amendment, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
You can exercise your rights by writing to:
MCHub Data Controller
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioners Office (ICO), which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Links to other websites
Data controller and contact information
Any questions about your personal data or this policy should be directed to:
MCHub Data Controller
Changes to this statement
Last modified: 23 November 2018