Forest School Swansea Neath & Port Talbot (FSSNPT) is strongly committed to protecting personal data.
Introduction
This Privacy Notice explains the following:
We recommend you read this privacy notice thoroughly. Please contact us with any questions or concerns regarding our privacy practices. Our contact details are on our website and also contained within this Privacy Notice.
1. Who we are
Forest School Swansea Neath Port Talbot (SNPT) is a registered Charity (1087964) and company (4194600). We act as both a Data Controller and Data Processor in the following circumstances:
You can contact us either by telephone on 01792 367118 or via e-mail on manager@forestschoolsnpt.org.uk
2. What information do we collect?
When we talk about personal data or personal information, we are only referring to information from which an individual person can be identified. It does not include data where the identity has been removed.
Our engagement activities, delivered sessions and projects across Swansea, Neath & Port Talbot are fundamental to our commitment to our communities. We collect and process information with our partners, other funded initiatives and projects. We also have duties regarding employment, health and safety, and managing risk. This includes the following categories of information:
To put this in to context, it includes personal information collected as a result of:
3. How we collect your information, why we need it and how we use it
When you contact us regarding the work we do, we will handle your data with the utmost care and we are sensitive to the need to handle all data lawfully, fairly and transparently.
The methodology of collection varies but includes and is not exclusive to:
On occasion we may receive funding where the requirement to retain such data is governed under contractual arrangements from our funding bodies. In these circumstances we act as the processors for the information and we will only use the information as instructed by those funding bodies.
4. Use of automated decision making and profiling
FSSNPT does not conduct marketing profiling, however it does undertake targeted social media advertising. This advertising is based on the activity of the individual and characteristics (age, gender, interests and their professional capacity) via their social media account (e.g. Facebook, Instagram).
5. Use of cookies and other technologies
By using our website, you consent to our use of cookies, so we recommend you read through the information below. This cookie policy may change at any time, so please check it regularly.
A cookie is a small file of letters and numbers which often includes an anonymised, unique identifier. This means that it can be used to identify you without revealing your personal information. When you visit a website, it asks permission to store a cookie in the cookies section of your hard drive. Cookies are widely used on the internet to make websites work more efficiently or to provide information about your usage of the site to the site owner/third parties.
We use cookies to improve the way our website works, we also use third-party cookies set by Google Analytics to review our site functionality. Before third party Cookies that use your personal data are placed on your computer or device, you will be shown a popup requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may deny consent to the placing of Cookies; however certain features of our site may not function fully or as intended. You will be given the opportunity to allow only first party Cookies and block third party Cookies which use your personal data.
6. What legal basis we have for processing your personal data?
The legal basis that applies to our data processing is as follows:
To put the use of the six legal basis we use for processing personal data in to context we will use the personal data and information we collect for the following purposes:
We must have a lawful reason for processing your personal information. Most commonly, we will use your personal information in the following circumstances:
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Information is only held for as long as there is a legitimate reason to do so, information that is no longer required is destroyed in such a way that it cannot be reconstructed. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us
7. When do we share personal data?
We may need to disclose your information to a third party as part of ongoing management and audit requirements. Third parties include:
We will ensure that if information is required to be shared, then it will be shared securely. You will be informed that we have shared it, who we have shared it with and how we shared it.
8. Where do we store and process personal data?
Data is stored within Mailchimp, Eequ, Zoom, Quickbooks, Google storage software and stored on a backup drive. We undertake regular security reviews of all our third party platforms to comply with our duty as a Data Controller. The systems identified are third party systems, which have not been created by or owned by us, and adhere to their own Privacy Policies. Please contact our Data Protection Officer (see point 15) for further information should you wish to understand how your data is processed by the relevant platform.
9. How do we secure personal data?
We have in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised manner or otherwise used or disclosed. We operate up to date, and regularly review, policies for Data Protection and Confidentiality. This supports our business processes and ensures that all staff are aware of the importance of data security. Access to information is permitted on a need to know basis.
10. How long do we keep your personal data for?
We only keep and process personal data for as long as there is a contractual or business requirement to do so or we are otherwise obliged to keep the same under any contractual, regulatory or legal requirement. Once the requirement has expired, the information is deleted safely and securely from our systems in such a way that Information which is deleted is done so in accordance with current security regulations.
11. Keeping us up to date
As part of our responsibility to ensure that information we hold about you is up to date, we rely on you to keep us updated. We request that where any of your details change, that you inform us so that we may update our records accordingly.
12. Your legal rights in relation to personal data
As a data subject, you have rights in relation to your Personal data. These are:
You also have the right to make a Subject Access Request. As part of this process you will be able to ascertain:
We reserve the right to validate your identity prior to release of information. We will not make any charges for such requests, unless the requests are made repeatedly and are considered excessive. We will respond to your request within 28 days. We provide a form for you to fill in which we use to ensure that your rights are addressed in full.
If you have provided consent to FSSNPT to process any of your data, then you also have a right to withdraw that consent unless we are contractually or legally obligated to retain data. Withdrawal of consent will also result in withdrawal of support from the FSSNPT services or programme(s) to which you are signed up to. In cases where we do not need to retain data for contractual or legal reasons, we will delete the data as soon as possible and at the very least within 28 days.
13. Links to other websites and third party contact
FSSNPT does link to external sites and resources as part of our normal business activity. This includes news stories and links to other websites as part of the information being shared on our website/social media. Use of those links may allow third parties to collect or share your personal information. As we have no control over how such third parties may collect and share your information we do not take any responsibility for their use of your information.
14. How to contact us, including how to make a complaint with a supervisory authority
You can contact Forest School SNPT via a number of different routes. We will deal with your enquiry in the same way regardless of how you choose to contact us. For further information on how FSSNPT process your data, please contact us in writing at:
Jackie Dorrian
Manager and Data Protection Officer
Forest School SNPT
Caswell
Swansea
SA3 3BS
or via e-mail to manager@forestschoolsnpt.org.uk
If you are unhappy with the way in which your personal data has been processed and wish to raise a complaint, please do so by one of the methods described above. We will handle your complaint sensitively, and confidentially and will write to you with a response within 10 working days. If you are dissatisfied, you have the right to communicate directly to the Information Commissioner (ICO). The Information Commissioner can be contacted at the following address. We would appreciate it if you would let us try and resolve the matter first before referring it to the ICO.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
This Privacy Notice was passed for use in Forest School SNPT
On: 19/07/2022
Presented by: Sophie Lacey (Previous Manager)
Approved By: Board of Trustees
Date of planned review: 19/07/2023
Sign up to our newsletter