Privacy Notice

1. Introduction

Great Yarmouth Preservation Trust (GYPT) have provided this Privacy Notice to help you understand how we collect, use and protect your information whilst we provide you with work, volunteering, training, consultation, or any other involvement in projects or tenancy agreements.

The purpose of this document is to clearly acknowledge GYPT’s responsibilities in relation to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

It is important that you read this Privacy Notice together with GYPT’s Privacy Policy. GDPR says that GYPT are allowed to use personal information only if there is a proper reason to do so.

2. Definitions

Personal Data means any information related to an identified or identifiable living person (a “Data Subject”) i.e. a person that can be directly or indirectly identified by reference to an identifier such as name or location data, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

Special Category Data previously known as ‘sensitive personal data’, relates to race, ethnic origin, politics, religion, trade union membership, genetic data, biometric data, health, sex life or sexual orientation. Records of criminal personal data must also be treated in a similar way.

Data Controller determines the purposes and means of processing personal data.

3. Who We Are

GYPT is a non-profit registered charity working to preserve, save, enhance and promote the historic built environment. The service that GYPT provide is discretionary. It is the Data Controller for the Personal Data which is collated and processed and as such is responsible for the privacy and security of it.

GYPT regard lawful and correct treatment of personal information as critical to their successful operations, maintaining confidence between GYPT and those with whom they carry out business. GYPT will ensure that they treat personal information correctly in accordance with the law.

If you have any questions about this Privacy Notice or GYPT’s data protection practices you can contact our data protection contact, by telephone on 01493 859640 or by emailing lyn@gy-pt.org. You can also write to Great Yarmouth Preservation Trust, 135 King Street, Great Yarmouth, Norfolk, NR30 2PQ.

4. The data we collect about you

This Notice explains what personal information we collect from you – whether that is in person, over the phone, by email or via our website. GYPT may collect, use, store and transfer different kinds of Personal Data about you as follows:

•   Identity Data
•   Contact Data
•   Financial Data
•   Profile Data
•   Marketing and Communications Data
•   Criminal Convictions Data
•   Transaction Data
•   Technical Data
•   Usage Data

The categories of data and the different methods used to collect Personal Data are further explained as follows:

Name: Event Applications, Consultation Responses, Business Enquiries and Support Requests, Grant Applications, Project Evaluations, Contact Information, Tenancy Agreements

Email Address: Event Applications, Consultation Responses, Business Enquiries and Support Requests, Grant Applications, Project Evaluations, Contact Information, Tenancy Agreements

Telephone Number: Event Applications, Consultation Responses, Business Enquiries and Support Requests, Grant Applications, Project Evaluations, Contact Information, Tenancy Agreements

Address including postcode: Event Applications, Consultation Responses, Business Enquiries and Support Requests, Grant Applications, Project Evaluations, Contact Information, Tenancy Agreements

Bank Account Details: Grant Applications

Bank Statements: Grant Applications

Age Group: Project Evaluations

Country of Residence: Project Evaluations

Special Category Data (Ethnic Group, Gender Identifier, Biological Gender, Health Problem/Mental Wellbeing/Disability Questionnaire): Project Evaluations

This data may be collected from data subjects who are below the age of 16. In these instances, consent will be obtained from a parent/legal guardian.

5. How GYPT uses Personal Data

Under GDPR, there are several lawful bases for an organisation to process personal data. These are:

Consent: the individual has given clear consent to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

GYPT will only use your Personal Data for the purpose for which it collected it unless we have obtained your consent or for other lawful purposes. The list below outlines the lawful basis for each data processing activity we undertake:

To send you communications which you have requested or that GYPT believe may be of interest to you – Consent
To process a job or volunteering application – Contract
To carry out our obligations arising from any contracts entered into by you and us – Contract
To deal with entries into a competition – Contract
To reply to any questions, suggestions or complaints you have contacted GYPT about – Legitimate interest
To seek your views or comments on the services we provide – Legitimate interest
To notify you of changes to our services – Legitimate interest
To process donations you have given and claim Gift Aid – Legal obligation
To process grant applications – Contract
To inform consultations and update you of developments relating to these consultations – Legitimate interest
To process event applications which allow the facilitation of events on GYPT property – Contract
To contact you regarding volunteering that you consensually signed up for – Consent
To evaluate the success of the projects that are run by GYPT – Legitimate interest

6. Data Sharing

7. International transfers

GYPT and its service providers do not transfer, store or process any Personal Data outside of the European Economic Area (EEA).

8. Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data including the right to receive a copy of the Personal Data that the GYPT hold about you and the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues.

The GDPR provides you with the following rights:

The right to be informed about the collection and use of your personal data.
The right of access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information GYPT hold about you and to check that we are lawfully processing it.
The right to rectification of the personal information that GYPT hold about you. This enables you to have any incomplete or inaccurate information that we hold about you corrected.
The right to erasure of your personal information. This enables you to ask GYPT to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask GYPT to delete or remove your personal information where you have exercised your right to object to processing (see below).
The right to restrict processing of your personal information. This enables you to ask GYPT to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
The right to data portability and to transfer your Personal Data to another party.
The right to object to processing of your Personal Data where GYPT are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where GYPT are processing your Personal Data for direct marketing purposes.
The right to not be subject to automated decision making and profiling. Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. GYPT does not use systems to make automated decisions about you.

9. Your consent to processing

If you have previously given your consent to the processing of your Information, you may freely withdraw such consent at any time. You can do this by notifying us in writing using our contact details below. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you withdraw your consent, and if we do not have another legal basis for processing your Information (see above), then we will stop processing your Information. If we do have another legal basis for processing your Information then we may continue to do so, subject to your legal rights.

Where we are unable to rely on consent, we will rely on the performance of a contract with you or compliance with our legal obligations as the basis for processing your Information, unless we consider that processing is necessary for our legitimate interests (e.g. delivery and/or improvement of our services).

Any requests in relation to your rights with regards to the personal data we hold should be made by contacting our data protection contact, by telephone on 01493 859640 or by emailing lyn@gy-pt.org. You can also write to Great Yarmouth Preservation Trust, 135 King Street, Great Yarmouth, Norfolk, NR30 2PQ.

10. Your responsibilities

You are responsible for making sure you give GYPT accurate and up-to-date information, and for informing GYPT if any personal information we hold is incorrect or if anything changes.

11. How long do we keep your information?

GYPT will only hold your Personal Data for as long as necessary to fulfil the purposes it was collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, GYPT consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which GYPT process your Personal Data and whether it can achieve those purposes through other means, and the applicable legal requirements. Retention is in line with GYPT’s Privacy Policy and is as follows:

Financial Data – 6 years plus current or longer if required by grant/financial regulation (when providing financial data you will be informed if your data is to be held longer than the time stipulated above);
Personal Data – 3 years plus current for inactive data or longer if required by contractual or legislative regulations (when providing Personal Data you will be informed if your data is to be held longer than the time stipulated above).

You can request that your Personal Data is deleted at any time.

12. Data security

GYPT takes the security of your Information very seriously and takes appropriate steps to ensure that data is protected from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Only authorised personnel are able to access your Information and all personal information is transferred using secure processes. Our processes and systems are regularly reviewed to ensure they remain secure, and we use technical and organisational measures in accordance with good industry practice to safeguard your Information.

We only hold your Information for as long as is necessary for us to administer our relationship with you. If we dispose of your Information, it will be done so securely.

13. Changes to this privacy notice

GYPT reserve the right to update this Privacy Notice at any time, and will provide you with a new Privacy Notice if any substantial updates are made. GYPT may also notify you in other ways from time to time about the processing of your Personal Data.

14. How can you find out about or update the information we hold about you?

It is important that any personal information we may hold is kept accurate and up-to-date. If you wish to review the information we hold about you or have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our data protection contact, by telephone on 01493 859640 or by email at lyn@gy-pt.org. You can also write to Great Yarmouth Preservation Trust, 135 King Street, Great Yarmouth, Norfolk, NR30 2PQ.

This policy was last updated in September 2020.