House of St Barnabas Privacy Notice
The House of St Barnabas (HoSB) group comprises HoSB and HoSB Events Ltd. This privacy notice explains how the House of St Barnabas group uses any personal information we collect about you.
Why we keep personal data: We keep any personal data which is required to satisfy our legal obligations, to fulfil any contractual obligations to you and to pursue our legitimate interests of running our Members’ Club, venue hire and delivering our charitable mission. We will use your consent, where provided, or our legitimate interest to inform you about HoSB news and events via our newsletters or other communications and to undertake research to assist our understanding and enhancing our profile of you. You have the right to withdraw your consent at any time.
Correction and access to your information: We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You have the right to object to or restrict processing of your data or to erase your personal information. We will, however, still need to keep or process some of your data if it is legally or contractually required and such restrictions or erasure may adversely impact on our ability to deliver services to you. You also have the right to request a copy of the information that we hold about you.
How to contact us: email us at [email protected] or write to us at Data Protection Lead, House of St Barnabas, 1 Greek Street, London. W1D 4NQ
Changes to our privacy notice: We keep our privacy notice under regular review, and we will place any updates on this web page. This privacy notice was last updated in May 2023.
Use of third-party data processors: Third party data processors are used for certain processes (detailed below) so that we can provide a more efficient or effective service. Where relevant, data is encrypted. The terms and conditions or contracts we have in place with these data processors specify they will keep your data safe and only use it in accordance with UK GDPR (General Data Protection Regulation)/EU GDPR where applicable, or that they are compliant with Data Protection Act 1998 and working towards UK/EU GDPR.
Transferring data out of the UK: Where we transfer your personal data out of the UK we will only do so to countries where there are sufficient security and privacy arrangements to protect your data. This may be where the UK has granted that country an “Adequacy Decision” where their laws provide sufficient protection e.g. countries in the EEA. If such an “Adequacy Decision” does not exist we will ensure that our contractual agreement with third parties in those countries contains clauses that ensure sufficient security and privacy arrangements are in place to protect your data.
How we keep your data secure: We aim to be fully compliant with UK/EU GDPR. We believe our systems to be secure. We have a firewall, password policies, malware and patching in place. We have achieved Cyber Essentials Certification. If you use your credit card to pay membership fees or donate to us, we pass your credit card details securely to our payment processing partners as part of the payment process, using SSL encryption. Our card partners are GoCardless and Stripe. GoCardless is authorised by the Financial Conduct Authority under the Payment Services Regulations 2009, and you can find out more here: https://gocardless.com/security/. Stripe is certified to PCI Service Provider Level 1 and you can find out more here: https://stripe.com/help/security.
Complaints: If you believe there is a problem with the way we are handling your personal information then please contact us at [email protected]. You also have the right to contact the Information Commissioner’s Office to complain:
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns
In order for us to process your request we may need to verify your identity.
Cookies: Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information about cookies visit www.aboutcookies.org. You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result. The cookie settings on our website are set to “allow cookies” to give you the best browsing experience possible, users have the option to ‘accept’ or ‘reject’ cookies when visiting our website.
| What personal data we keep | How we keep your data | How long we keep your data and why | Who we share your data with and why |
|---|---|---|---|
| Club members and guests | |||
| When you apply to be a member of the Club you provide your name, address, telephone number, email address, date of birth, gender (optional) & ethnicity. | We store your data on our CRM database so that we can assess your eligibility and process your membership application. Some data may be stored on our email system if we enter into further communication with you. | We may keep your data for up to seven months while the application process takes place. If your application is successful and you decide to join the Club, please see section below. If you decide not to pursue your application, we keep your data for up to 3 months after your initial invoice while you finalise your decision. | If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. |
| When you become a member of the Club, we retain the above data. We may use information you have given us together with publicly available information sources, such as Companies House, Google and LinkedIn to get a better view of your capacity to make a significant donation and to understand you and your philanthropic priorities. This is so we can be measured in who we approach for substantial support or further involvement in the organisation. You are able at any time to opt out of your data being processed in this way: contact us on the contact information detailed above. | We store your data on our CRM database so that we can fulfil our contractual obligations to you. Some data may be stored on our email system if we enter into further communication with you. We store your name and contact details on our finance database so that we can maintain appropriate financial records. We will store any research and resulting profile on the CRM database and/or securely within the organisation’s secure information systems. | We keep your data on our CRM database and email system throughout your membership and for up to seven months following your last unpaid renewal invoice in case you change your mind. We keep your name and contact details on our financial database and any communications regarding your financial transactions with us for up to 6 years to be compliant with Companies Act 2006. | When you pay via the website, your data is processed by a third party encrypted payment portal. All transactions are made via the banking system. We have a Cloud based finance system. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. We may undertake research in-house or engage other organisations such as Milestone Research or Factary to help us identify people who may be able to support us substantially. |
| For individuals with House Access passes, we are provided with your name and email address. | We store your data on a temporary database so that we can provide a quality service to you. Some data may be stored on our email system if we enter into further communication with you. | We keep your data for up to three months after your access period expires so that we can follow up your experience with you and so we do not have to ask you for these details again if you decide to join the Club. | If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. |
| When you hire a room at HoSB, we keep your name, telephone number, address and email address. We may use information you have given us together with publicly available information sources, such as Companies House, Google and LinkedIn to get a better view of your capacity to make a significant donation and to understand you and your philanthropic priorities. This is so we can be measured in who we approach for substantial support or further involvement in the organisation. You are able at any time to opt out of your data being processed in this way: contact us on the contact information detailed above. | We store your data on our venue hire database so that we can fulfil our contractual obligations to you. Some data may be stored on our management and email systems if we enter into further communication with you. We store your name and contact details on our finance database so that we can maintain appropriate financial records.
We will store any research and resulting profile on the CRM database. | If you give your consent, we keep your data on our venue hire database and / or email system for a year after your booking so that we do not have to ask you for these details again when you re-book. We keep your name and contact details on our financial database and any communications regarding your financial transactions with us for up to 6 years to be compliant with Companies Act 2006. | We have a Cloud based finance system. All transactions are made via the banking system. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. We may undertake research in-house or engage other organisations such as Milestone Research or Factary to help us identify people who may be able to support us substantially. |
| If you visit the Club as a guest, we take your name, on arrival, for safety reasons. | If you are on the guest list for an event, your name will be held on that list so that you can attend the event. | Guest lists are disposed of within a month of the event. | |
| If you attend a pre-booked, ticketed event at the Club, we are provided with your name and email address. | All public event bookings are made via a third-party data processor. They share your name and email with us so that we can ensure that you are allowed access to the event, to comply with health and safety regulations and contact you if necessary. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. | ||
| Donors | |||
| If you donate money to us, we keep your name, telephone number, address and email address. To make our fundraising as effective as possible, we may use information you have given us together with publicly available information sources, such as Companies House, Google and LinkedIn to get a better view of your capacity to make a significant donation and to understand you and your philanthropic priorities. This is so we can be measured in who we approach for substantial support or further involvement in the organisation. You are able at any time to opt out of your data being processed in this way: contact us on the contact information detailed above. | We store your data on our secure CRM database so that we can provide you with updates on our impact, if appropriate, and provide supporting information for audit purposes. We store your name and contact details on our finance database so that we can maintain appropriate financial records. We will store any research and resulting profile on the CRM database | We keep your name and contact details on our CRM database and financial database regarding your financial transactions with us and details of your tax status for up to 6 years, to be compliant with Companies Act 2006 and HMRC GiftAid regulations. | If you have made your donation via the HoSB website, your personal data is encrypted and passed to a third-party donation platform for processing. If your donation is made directly to the HoSB and you have signed the GiftAid declaration, we share your name and address with HMRC in accordance with GiftAid legal requirements. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. We may undertake research in-house or engage other organisations such as Milestone Research or Factary to help us identify people who may be able to support us substantially. |
| Artists and artwork | |||
| If you donate, consign or purchase artwork to us, we keep your name, telephone number, address and email address. | We store your data on our management and financial systems so that we can maintain appropriate financial records. | We keep your name and contact details on our financial database for up to 6 years, to be compliant with Companies Act 2006. | We have a Cloud based finance system. |
| If you enquire about buying artwork from us, we keep your name, telephone number, address and email address. | We store your data on our management and financial systems so that we can maintain appropriate financial records. | We may keep this information for up to a year in order to complete the sale and any follow up matters. | |
| Job applicants | |||
| If you apply for a position with HoSB, you will need to provide us with your name, telephone number, address, email address and employment history. If you are offered a position, we will also obtain a reference from previous or existing employer(s) and an employment agency where relevant. We may also require more details about your background in certain cases. | We store your job application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our email and management systems. We also keep hard copies of interview notes in locked filing cabinets. This information is only accessible by those individuals directly involved in the recruitment process. | If you are not appointed, we may keep your recruitment documents for up to 6 months after an appointment has been made in case we want to approach you in relation to other opportunities or to provide feedback on the recruitment process. In certain cases, it may be necessary to retain documents for longer than this for legal purposes. If you are appointed, you will receive an employees’ privacy policy. | In some cases, employment agencies provide us with CVs and references containing personal details of applicants with us so that we can shortlist for interview. Previous and existing employers provide us with personal data regarding employment dates and, in certain cases, performance or other relevant information. We only seek references from a previous or existing employer if a job offer (subject to references) is made. |
| Employment Academy applicants & Participants | |||
| If you apply for a place on the HoSB EA programme, you or your referring agent provide us with your name, telephone number, address, email address, date of birth, copy of your ID documents and specific health, housing or other background information where applicable to you so that we can assess your eligibility for the programme. If you join the programme, we will store your application & referral documents, additional information from the interview process including communications & information related to your ongoing support. | We store your data on our email system and EA database. This information is only accessible by those individuals directly involved in the EA recruitment process & programme and support provision. | If you do not pursue your application or you are unsuccessful at interview, we will delete your details from our system within one month of your (scheduled) interview date. In certain cases, it may be necessary to retain documents for longer than this for legal purposes. If you join the programme as a Participant your records will be kept for up to 10yrs from the date you started the programme. This is so that we can support you as effectively as possible and evaluate the success of our programme. | Referral agencies provide us with your personal details so that we can consider your application and assess your eligibility. We use a cloud-based database. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. If you join the programme, in order for us to support you into work, we may share your CV with partners and prospective employers. If we refer you to partner agencies for specialist support or housing, or involve your referral agency in joint support of you, we may need to share relevant personal information with them. We undertake an annual impact review and may share your name and contact details with our partner research organisation which conducts interviews and analyses data on our behalf. |
| Mentor applicants | |||
| If you apply to be a mentor with HoSB, you will need to provide us with your name, telephone number, address and email address. If you already have a portable DBS certificate, you provide us with your certification number so that we do not have to re-apply. We may use information you have given us together with publicly available information sources, such as Companies House, Google and LinkedIn to get a better view of your capacity to make a significant donation and to understand you and your philanthropic priorities. This is so we can be measured in who we approach for substantial support or further involvement in the organisation. You are able at any time to opt out of your data being processed in this way: contact us on the contact information detailed above. | We store your application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our database, email and management systems. We will store any research and resulting profile on the CRM database | We may keep your application documents for up to ten years from the end of your mentor/mentee relationship (or from your application date if you’re not matched) to provide sufficient time for you to undertake training and be matched to an appropriate EA graduate. | If required, we submit your personal details and ID to the Disclosure and Barring Service (DBS Scotland) for verification in accordance with legal requirements. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. We may undertake research in-house or engage other organisations such as Milestone Research or Factary to help us identify people who may be able to support us substantially. |
| Trustee applicants | |||
| If you apply to be a Trustee for HoSB, you will need to provide us with your name, telephone number, address, email address and CV. If we progress your application, we will also obtain references from individuals that you have nominated and a recruitment agency where relevant. We may also require more details about your background in certain cases. | We store your application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our email and management systems. We also keep hard copies of interview notes in locked filing cabinets. This information is only accessible by those individuals directly involved in the trustee recruitment process. If your application progresses to the Nominations Committee, your personal details will be included in the minutes of that meeting. | If you are not appointed, we may keep your recruitment documents for up to 6 months after an appointment has been made in case we want to approach you in relation to other opportunities or to provide feedback on the recruitment process. In certain cases, it may be necessary to retain documents for longer than this for legal purposes. Nominations Committee minutes are kept for the duration of the charity and for 10 years after its dissolution in compliance with the requirements of Charity Commission and Companies Act 2006. | In some cases, recruitment agencies provide us with CVs and references containing personal details of applicants with us so that we can shortlist for interview. Your referees provide us with personal data regarding, for example, your employment dates, your performance or other relevant information. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. |
| Contractors | |||
| If we enter into a contract for services with you, you provide us with your name, telephone number, address, email address and bank account details. | We store your name and contact details on our finance database and account details on the banking system so that we can fulfil our contractual obligations to you and maintain appropriate financial records. Some data may be stored on our email system if we enter into further communication with you. We may also store your data on a relevant database depending on the nature of the contract. | We keep your name and contact details on our financial database and any communications regarding your financial transactions with us for up to 6 years to be compliant with Companies Act 2006. | We have a Cloud based finance system. All transactions are made via the banking system. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists. |
| All users – general information | |||
| We have CCTV at the premises for safety, licencing, and insurance purposes. | CCTV footage is kept for 6 weeks. | It is a requirement of our licence that we maintain CCTV at the premises. If there is an incident on the premises we may need to share relevant CCTV footage with the police so that an investigation can be carried out and / or with our insurers so that we can claim for damages. | |