Privacy policy

House of St Barnabas Privacy Policy

The House of St Barnabas (HoSB) group comprises HoSB and HoSB Events Ltd. This privacy policy explains how the House of St Barnabas group uses any personal information we collect about you.

Why we keep personal data: We keep any personal data which is required to satisfy our legal obligations, to fulfil any contractual obligations to you and to pursue our legitimate interests of running our members’ club, venue hire and delivering our charitable mission. If you provide your consent, we will also use your contact details to inform you about HoSB news and events via our newsletters. You have the right to withdraw your consent at any time

Correction and access to your information: We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You have the right to object to or restrict processing of your data or to erase your personal information. We will, however, still need to keep or process some of your data if it is legally or contractually required and such restrictions or erasure may adversely impact on our ability to deliver services to you. You also have the right to request a copy of the information that we hold about you.

How to contact us: email us at dp@hosb.org.uk or write to us at Data Protection Lead, House of St Barnabas, 1 Greek Street, London. W1D 4NQ

Changes to our privacy policy: We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated in April 2018.

Use of third party data processors: Third party data processors are used for certain processes (detailed below) so that we can provide a more efficient or effective service. Where relevant, data is encrypted. The terms and conditions or contracts we have in place with these data processors specify they will keep your data safe and only use it in accordance with GDPR (General Data Protection Regulation) or that they are compliant with Data Protection Act 1998 and working towards GDPR.

How we keep your data secure: We aim to be fully compliant with GDPR. We believe our systems to be secure. We have a firewall, password policies, malware and patching in place. We are in the process of obtaining cyber certification. If you use your credit card to pay membership fees or donate to us, we pass your credit card details securely to our payment processing partners as part of the payment process, using SSL encryption. Our card partners are GoCardless and Stripe. GoCardless is authorised by the Financial Conduct Authority under the Payment Services Regulations 2009 and you can find out more here: https://gocardless.com/security/. Stripe is certified to PCI Service Provider Level 1 and you can find out more here: https://stripe.com/help/security.

Complaints: If you believe there is a problem with the way we are handling your personal information then please contact us at dp@hosb.org.uk. You also have the right to contact the Information Commissioner’s Office to complain.

Cookies:  Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information about cookies visit www.aboutcookies.org. You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

 

What personal data we keep How we keep your data How long we keep your data and why Who we share your data with and why
Club members and guests      
When you apply to be a member of the club you provide your name, address, telephone number, email address and date of birth to us.

 

We store your data on our membership database so that we can assess your eligibility and process your membership application. Some data may be stored on our email system if we enter into further communication with you.

 

We may keep your data for up to seven months while the application process takes place.If your application is successful and you decide to join the club, please see section below.

If you decide not to pursue your application, we keep your data for up to 3 months after your initial invoice while you finalise your decision.

 

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

When you become a member of the club we retain the above data.

 

We store your data on our membership database so that we can fulfil our contractual obligations to you. Some data may be stored on our email system if we enter into further communication with you. We store your name and contact details on our finance database so that we can maintain appropriate financial records.

 

We keep your data on our membership database and email system throughout your membership and for up to seven months following your last unpaid renewal invoice in case you change your mind.

We keep your name and contact details on our financial database and any communications regarding your financial transactions with us for up to 6 years to be compliant with Companies Act 2006.

 

When you pay via the website, your data is processed by a third party encrypted payment portal.

All transactions are made via the banking system.

We have a Cloud based finance system.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

For individuals with House Access passes, we are provided with your name and email address. We store your data on a temporary database so that we can provide a quality service to you. Some data may be stored on our email system if we enter into further communication with you. We keep your data for up to three months after your access period expires so that we can follow up your experience with you and so we do not have to ask you for these details again if you decide to join the club. If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

When you hire a room at HoSB, we keep your name, telephone number, address and email address. We store your data on our venue hire database so that we can fulfil our contractual obligations to you. Some data may be stored on our management and email systems if we enter into further communication with you. We store your name and contact details on our finance database so that we can maintain appropriate financial records. If you give your consent, we keep your data on our venue hire database and / or email system for a year after your booking so that we do not have to ask you for these details again when you re-book.

We keep your name and contact details on our financial database and any communications regarding your financial transactions with us for up to 6 years to be compliant with Companies Act 2006.

We have a Cloud based finance system.

All transactions are made via the banking system.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

If you visit the club as a guest, we take your name, on arrival, for safety reasons.

 

If you are on the guest list for an event, your name will be held on that list so that you can attend the event. Otherwise, we store your details in a handwritten visitors’ book. Guest lists are disposed of within a month of the event. Visitors’ books are kept for 5 years.
If you attend a pre-booked, ticketed event at the club, we are provided with your name and email address. All public event bookings are made via a third-party data processor. They share your name and email with us so that we can ensure that you are allowed access to the event, to comply with health and safety regulations and contact you if necessary.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

Donors      
If you donate money to us, we keep your name, telephone number, address and email address. We store your data on our donorbase so that we can provide you with an annual progress report, if appropriate, and provide supporting information for audit purposes.

We store your name and contact details on our finance database so that we can maintain appropriate financial records.

We keep your name and contact details on our donorbase and financial database regarding your financial transactions with us and details of your tax status for up to 6 years, to be compliant with Companies Act 2006 and HMRC GiftAid regulations. If you are also a member of the club, details of your donations are held on the membership database so that we can claim GiftAid, where appropriate, more easily. If you have made your donation via the HoSB website, your personal data is encrypted and passed to a third-party donation platform for processing.

If your donation is made directly to the HoSB and you have signed the GiftAid declaration, we share your name and address with HMRC in accordance with GiftAid legal requirements.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

Job applicants      
If you apply for a position with HoSB, you will need to provide us with your name, telephone number, address, email address and employment history.

If you are offered a position, we will also obtain a reference from previous or existing employer(s) and an employment agency where relevant. We may also require more details about your background in certain cases.

We store your job application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our email and management systems. We also keep hard copies of interview notes in locked filing cabinets. This information is only accessible by those individuals directly involved in the recruitment process. If you are not appointed, we may keep your recruitment documents for up to 6 months after an appointment has been made in case we want to approach you in relation to other opportunities or to provide feedback on the recruitment process. In certain cases, it may be necessary to retain documents for longer than this for legal purposes. If you are appointed, you will receive an employees’ privacy policy.

 

In some cases, employment agencies provide us with CVs and references containing personal details of applicants with us so that we can shortlist for interview.

Previous and existing employers provide us with personal data regarding employment dates and, in certain cases, performance or other relevant information. We only seek references from a previous or existing employer if a job offer (subject to references) is made.

 

Employment Academy applicants      
If you apply for a place on the HoSB EA programme, you or your referring agent provide us with your name, telephone number, address, email address, date of birth, copy of your ID documents and specific health, housing or other background information where applicable to you so that we can assess your eligibility for the programme.

 

We store your application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our email system and EA database. This information is only accessible by those individuals directly involved in the EA recruitment process. If you do not pursue your application or you are unsuccessful at interview, we will delete your details from our system within one month of your (scheduled) interview date. In certain cases, it may be necessary to retain documents for longer than this for legal purposes. If you are successful, you will receive a participants’ privacy policy.

 

Referral agencies provide us with your personal details so that we can consider your application and assess your eligibility.

We use a cloud-based database.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

Mentor applicants      
If you apply to be a mentor with HoSB, you will need to provide us with your name, telephone number, address and email address. If you already have a portable DBS certificate, you provide us with your certification number so that we do not have to re-apply.

 

We store your application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our database, email and management systems.

 

We may keep your application documents for up to three years to provide sufficient time for you to undertake training and be matched to an appropriate EA graduate. If you are successful, you will receive a mentors’ privacy policy.

 

 

 

If required, we submit your personal details and ID to the Disclosure and Barring Service (DBS Scotland) for verification in accordance with legal requirements.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

Trustee applicants      
If you apply to be a Trustee for HoSB, you will need to provide us with your name, telephone number, address, email address and CV.

If we progress your application, we will also obtain references from individuals that you have nominated and a recruitment agency where relevant. We may also require more details about your background in certain cases.

We store your application documents, references, specific additional material obtained post interview and any communication with you or relevant third parties on our email and management systems. We also keep hard copies of interview notes in locked filing cabinets. This information is only accessible by those individuals directly involved in the trustee recruitment process.

If your application progresses to the Nominations Committee, your personal details will be included in the minutes of that meeting.

If you are not appointed, we may keep your recruitment documents for up to 6 months after an appointment has been made in case we want to approach you in relation to other opportunities or to provide feedback on the recruitment process. In certain cases, it may be necessary to retain documents for longer than this for legal purposes.

Nominations Committee minutes are kept for the duration of the charity and for 10 years after its dissolution in compliance with the requirements of Charity Commission and Companies Act 2006.

 

In some cases, recruitment agencies provide us with CVs and references containing personal details of applicants with us so that we can shortlist for interview.

Your referees provide us with personal data regarding, for example, your employment dates, your performance or other relevant information.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

Contractors      
If we enter into a contract for services with you, you provide us with your name, telephone number, address, email address and bank account details. We store your name and contact details on our finance database and account details on the banking system so that we can fulfil our contractual obligations to you and maintain appropriate financial records. Some data may be stored on our email system if we enter into further communication with you. We may also store your data on a relevant database depending on the nature of the contract. We keep your name and contact details on our financial database and any communications regarding your financial transactions with us for up to 6 years to be compliant with Companies Act 2006. We have a Cloud based finance system.

All transactions are made via the banking system.

If you provide your consent to receive our newsletters, we share your data with a third party that manages our mailing lists.

 

All users – general information      
We have CCTV at the premises for safety and insurance purposes.

 

CCTV footage is kept for 3 months.

 

It is a requirement of our licence that we have CCTV at the premises. If there is a criminal incident on the premises we may need to share relevant CCTV footage with the police so that an investigation can be carried out and / or with our insurers so that we can claim for damages.