Leeds Tidal Privacy Notice
Last updated: May 2018
How we respect privacy when we deal with personal information collected by our organisation
This Privacy Notice applies to information Leeds Tidal, and our Leeds for Change project, collect about individuals who
interact with our organisation. It explains what personal information we collect and how we use it. If you have any
comments or questions about this notice, feel free to contact us at firstname.lastname@example.org
Our full Data
Protection Policy can be read here.
1. Personal data that we process
The following table explains the types of data we collect and the legal basis, under current data protection
legislation, on which this data is processed.
|Purpose||Data (key elements)||Basis|
|Enquiring about our organisation and its work||Name, email, message||Legitimate interests – it is necessary for us to read and store your message so that we can respond in
the way that you would expect.
|Subscribing to email updates about our work||Name, email||Consent – you have given your active consent.|
|Making a donation and becoming a supporter||Name and optional email or postal address (if you wish to receive our annual newsletter about our work)||Legitimate interests – this information is necessary for us to fulfill your intention of donating money
and sending our thanks if you chose to allow us to contact you. Your payment details are processed by
Local Giving and are not accessible by Leeds Tidal.
|Signing up as a member of Leeds for Change||Name, email, and optional first 3 letters of your postcode.||Legitimate interests – this information is necessary for us to be able to provide our services.
We ask for the first letters of your postcode to monitor the reach of our work. It is optional to
|Registering for one of our events or trainings||Name and email address||Legitimate interests – this information is necessary for us to be able to provide our services and
|Being photographed at one of our events||Photograph||Consent – you have given your active consent|
|You are a previous employee, director, volunteer, contractor||Pay records,
contracts, appraisals and personal records
|Legitimate interests – this information is necessary for us to fulfil our legal obligations. Pay
records are destroyed after 3 years, and
contracts, appraisals and personal records
are destroyed after 6 years.
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as
set out in the table at the top of this policy.
For example, we may use your personal information to:
We will only pass your data to third parties in the following circumstances:
We take the principles of data minimisation and removal seriously and have this policy in place to ensure that we only
ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer
required. We ensure that stored data is relevant and limited to what is necessary to carry out our work.
The vast majority of the personal information we hold about you will be obtained via forms or sign up boxes on our
website, Local Giving, Eventbrite or if you contact us by email.
We store your data with integrity and in confidentiality. Your data is stored on secure GDPR complaint clouds. Tidal
uses Eventbrite, Dropbox, and Google Drive to process and store your data, all of which are US companies with Third
Country Status, making them compliant with EU regulation. These are password protected and only accessible to
authorised staff and volunteers of the organisation.
It is Tidal’s responsibility to ensure all personal and company data is non-recoverable from any computer system
previously used within the organisation, which has been passed on/sold to a third party.
You have a range of rights over your data, which include the following:
A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/
If you would like to access the rights listed above, or any other legal rights you have over your data under current
legislation, please get in touch with our Coordinator at email@example.com
Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for
us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access
to your rights while continuing to deliver as many services to you as possible.
We ensure that the data we keep is accurate and rectifiable. To keep things up to date, we may occasionally email to
tell you what information we have of you, and ask for verification that its still correct.
Tidal is responsible for reporting a security breach to the Information Commission, notifying the data subjects, and
publishing a statement on our website.
This notice will be updated as necessary to reflect best practice in data management, security and control and to
ensure compliance with any changes or amendments made to the law.
This policy has been written using a template provided by White Fuse GDPR
ready template for charities