Our Privacy Policy
Privacy Notice
This Privacy Notice explains how we use the personal information that Share and Repair collects or generates both in relation to the Share and Repair website (https://shareandrepair.org.uk/), Bath Library of Things (https://bathlibraryofthings.org.uk) and Share and Repair workshops and services.
1.
BACKGROUND
1.1
Share and Repair registered by that name with
the Charities Commission with its registered address at 22 Malvern Buildings Bath BA1 6JX and with charity number 1189015.
Share and Repair is responsible for ensuring that it uses Personal Data in
compliance with data protection laws, including (but not limited to) the
General Data Protection Regulation (EU) 2016/679 (“GDPR”) and any other national,
implementing or supplementing Data Protection Legislation including but not
limited to the Data Protection Act 2018.
1.2
At Share and Repair we respect the privacy of our Members and we are committed to keeping
all your Personal Data secure. This Privacy Notice governs the handling
of Personal Data by Share and Repair in the course of carrying out our activities.
1.3
We use the following definitions in
this Privacy Notice:
|
Members |
means a member of Share and Repair’s Bath Library of
Things; an individual who has registered at bathlibraryofthings.org.uk. |
|
User(s) or You |
means the users of the Share and Repair Website or services including Repairs. |
|
Share and Repair Website |
means the platform consisting of the Share and Repair services and the
Share and Repair website https://shareandrepair.org.uk/. |
|
Share and Repair, we or us |
means Share and Repair. |
|
Personal Data |
means any data which relates to a living individual who can be
identified from that data or from that data and other information which is in
the possession of, or is likely to come into the possession of, Share and
Repair (or its representatives or
service providers). In addition to factual information, it includes any
expression of opinion about an individual and any indication of the
intentions of Share and Repair or any other person in respect of an
individual. |
|
Privacy Notice |
means this website privacy notice. |
|
Repairs |
means in-person repair services provided by Share and Repair
volunteers |
|
Workshops |
means events arranged by Share and Repair and hosted by third party
volunteers from time to time. |
2.
THE PRODUCTS AND SERVICES WE PROVIDE
2.1
This Privacy Notice concerns the following information that we collect
about you when providing services as part of the Share and Repair Website or
Workshops:
(A)
Information we receive through our website ("Share and Repair Website");
(B)
Information we receive through our repair cafe ("Repair Cafe");
(C)
Information we receive through our library of things lending services
("Bath Library of Things").
3.
THE TYPES OF PERSONAL DATA WE COLLECT
3.1
Some of the services offered by Share and Repair
require us to obtain Personal Data about you in order to perform the services
we have been engaged to provide. Members may be unable to access the Bath Library
of Things and/ or Users may not be able to access the Share and Repair Website
or Workshops if such Personal Data is not provided. In relation to each of the
services described at Section 2.1 above, we will collect and process the
following Personal Data about you:
·
Information that you provide to Share and Repair. This includes information about you that you provide to us. The nature
of the services you are requesting will determine the kind of Personal Data we
might ask for, though such information may include (by way of a non-exhaustive
list):
-
basic Personal Data
(such as first name; family name; email address; phone number; address; city;
postcode); and
-
any information that
you choose to share on Share and Repair Website, at a
Repair Cafe or Workshop, or on the Bath Library of
Things which may be considered Personal Data.
·
Information that we collect or generate about you. This includes (by way of a non-exhaustive list):
-
any information regarding the services used on the Bath Library of
Things and our interactions with you; and
-
a file with your contact history to be used to track equipment we have
leased to you and to record attendance at a Repair Cafe or Workshop.
·
Anonymised data
-
In addition to the
categories of Personal Data described above, Share and Repair will also process further anonymised information and data that is not
processed by reference to a specific individual.
4.
HOW WE USE YOUR INFORMATION
4.1
Your Personal Data may be stored and processed by us in the following
ways and for the following purposes:
·
for ongoing review and improvement of the information
provided on Share and Repair Website to ensure they are user friendly;
·
to allow you to use and access the equipment and
resources provided by the Bath Library of Things;
·
to set up Members to use the Bath Library of Things;
·
to register attendance at Repair Cafes and/ or Workshops;
·
to record and track progress with your Repair item(s);
·
to contact Members in case an item is overdue or we
have a specific reservation request and the item is not available;
·
to record where loaned equipment will be taken to;
·
to contact you regarding outstanding fees; or
·
in order to comply with and in order to assess compliance with
applicable laws, rules and regulations, and internal policies and procedures.
4.2
However, when we use Personal Data
we make sure that the usage complies with law and the law allows us and
requires us to use Personal Data for a variety of reasons. These include:
·
we need to do so in order to perform our services with
our Users and Members;
·
we have obtained your consent;
·
we need to verify your identity for joining or
renewing membership;
·
we have legal and regulatory obligations that we have
to discharge;
·
we may need to do so in order to establish, exercise
or defend our legal rights or for the purpose of legal proceedings;
·
the use of your Personal Data as described is
necessary for our legitimate business interests, such as:
o allowing us to
effectively and efficiently manage and administer the operation of the charity;
or
o maintaining
compliance with internal policies and procedures.
4.3 We will take steps to ensure that the Personal Data is accessed only by employees and/ or volunteers of Share and Repair that have a need to do so for the purposes described in this Privacy Notice.
5.
DISCLOSURE OF YOUR INFORMATION TO
THIRD PARTIES
5.1
We may share your Personal Data
outside of Share and Repair for the following purposes:
·
with our Workshop
volunteers. For example, this could include our volunteers that run the Share
and Repair Workshops and whom may require access to the Personal Data to check
attendance;
·
with third
party agents and contractors for the purposes of providing services to us (for
example, Share and Repair’s third-party
payment and communication providers). These third parties will be subject to appropriate
data protection obligations and they will only use your Personal Data as described in this Privacy Notice;
and
·
to the
extent required by law, for example if we are under a duty to disclose your
Personal Data in order to comply with any legal obligation (including, without
limitation, in order to comply with tax reporting requirements and disclosures
to regulators), or to establish, exercise or defend its legal rights.
6.
HOW WE SAFEGUARD YOUR INFORMATION
6.1
We have controls in place to maintain the
security of our information and information systems. User and Member files are protected
with safeguards according to the sensitivity of the relevant information.
Appropriate controls (such as restricted access) are placed on our computer
systems. Physical access to areas where Personal Data is gathered, processed or
stored is limited to authorised employees.
6.2
As a condition of employment or volunteering, Share and Repair employees and volunteers are required to
follow all applicable laws and regulations, including in relation to data
protection laws. Access to sensitive Personal Data is limited to those
employees and volunteers who need to it to perform their roles. Unauthorised
use or disclosure of confidential client information by a Share and
Repair employee and/ or
volunteer is prohibited and may result in disciplinary measures.
6.3
When you contact a Share and Repair employee or volunteer
about your file, you may be asked for some Personal Data.
This type of safeguard is designed to ensure that only you, or someone authorised
by you, has access to your file.
7.
HOW LONG WE KEEP YOUR PERSONAL DATA
7.1
How long we will hold your Personal Data for will vary and will be
determined by the following cumulative criteria:
·
the purpose for which we
are using it – Share and Repair will need to keep your
Personal Data for as long as is necessary for that purpose; and
·
legal obligations –
laws or regulation may set a minimum period for which Share and Repair has to keep your Personal Data.
8.
YOUR RIGHTS
8.1
In all the above cases in which we collect, use or store your Personal Data,
you may have the following rights which you can exercise free of charge. These
rights include:
·
the right to obtain
information regarding the processing of your Personal Data and access to the
Personal Data which we hold about you;
·
the right to withdraw
your consent to the processing of your Personal Data at any time. Please note,
however, that we may still be entitled to process your Personal Data if we have
another legitimate reason for doing so. For example, we may need to retain
Personal Data to comply with a legal obligation;
·
in
some circumstances, the right to receive some Personal Data in a structured, commonly
used and machine-readable format and/or request that we transmit those data to
a third party where this is technically feasible. Please note that this right
only applies to Personal Data which you have provided directly to Share
and Repair;
·
the right to request
that we rectify your Personal Data if it is inaccurate or incomplete;
·
the right to request
that we erase your Personal Data in certain circumstances. Please note that
there may be circumstances where you ask us to erase your Personal Data, but we
are legally entitled to retain it;
·
the right to object to,
or request that we restrict, our processing of your Personal Data in certain
circumstances. Again, there may be circumstances where you object to, or ask us
to restrict, our processing of your Personal Data but we are legally entitled
to refuse that request; and
·
the
right to lodge a complaint with the relevant data protection regulator if you
think that any of your rights have been infringed by us.
8.2
You can exercise your rights by contacting us using the details listed
in Section 9 below.
8.3
Further information about your rights may be
obtained by contacting the Information Commissioner’s Office.
9.
QUESTIONS AND CONCERNS
9.1
For further information regarding the processing of your Personal Data
by Share and Repair, this Privacy Notice, questions relating to consent, or in
order to exercise the rights mentioned above, please contact us using the
following contact details:
Address: 22 Malvern Buildings Bath
BA1 6JX
Email Address: hello@shareandrepair.org.uk
9.2
We are usually able to resolve privacy questions
or concerns promptly and effectively. If you are not satisfied with the
response you receive from our a Share and Repair representative, you may
escalate concerns to the Information Commissioner’s Office at www.ico.org.uk or contact their helpline
on 0303 123 1113.