Privacy & Data Protection Policy

1. Policy Statement

Tittensor Village Hall Management Committee (TVHMC), as the managing trustees of Tittensor Village Hall charity, is committed to protecting the rights and privacy of individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

TVHMC acts as the Data Controller for personal data processed in connection with the management and operation of Tittensor Village Hall. Hallmaster (hallmaster.co.uk) acts as a Data Processor on behalf of TVHMC under a written data processing agreement.

Personal data may be held electronically (e.g. on computers, laptops, mobile devices, cloud systems) or in paper form. This may include names, contact details, booking records, financial information, employment records, meeting minutes, correspondence, and photographs.

TVHMC is responsible for ensuring personal data is processed lawfully, fairly, transparently, securely, and in accordance with individuals’ rights.

For further information or to exercise your data protection rights, please contact:

Chair, Tittensor Village Hall Management Committee
Tittensor Village Hall
Winghouse Lane
Tittensor
Stoke-on-Trent
Staffordshire
ST12 9HW

Email: info@tittensorvillagehall.org.uk

2. Purpose of Processing

TVHMC processes personal data for the following purposes:

  • Managing hall bookings and lettings

  • Financial administration, accounting and fundraising

  • Managing trustees, volunteers and staff

  • Health and safety management

  • Maintaining insurance records

  • Communications and promotion of hall activities

  • Compliance with legal and regulatory obligations

Personal data will only be used for specified, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes.

3. Lawful Bases for Processing

Under UK GDPR, TVHMC relies on one or more of the following lawful bases:

  • Contract – where processing is necessary for a booking agreement or employment contract

  • Legal obligation – where required for accounting, taxation, insurance, charity law, or health and safety compliance

  • Legitimate interests – for the effective administration and management of the Hall

  • Consent – where required (e.g. certain marketing communications or use of photographs)

  • Vital interests – where necessary to protect someone’s life

Where consent is relied upon, it will be freely given, specific, informed and capable of withdrawal at any time.

4. Data Protection Principles

TVHMC will comply with the UK GDPR principles. Personal data shall be:

  1. Processed lawfully, fairly and transparently

  2. Collected for specified, explicit and legitimate purposes

  3. Adequate, relevant and limited to what is necessary (data minimisation)

  4. Accurate and kept up to date

  5. Kept for no longer than necessary (storage limitation)

  6. Processed securely (integrity and confidentiality)

  7. Accountable — TVHMC will be able to demonstrate compliance

5. Data Retention

Personal data will only be retained for as long as necessary for the purpose collected or to meet legal, accounting, insurance or regulatory requirements.

  • Financial records will normally be retained for 6–7 years in line with HMRC requirements.

  • Insurance-related records may be retained in accordance with insurer requirements.

  • Employment records will be retained in line with employment law guidance and limitation periods (normally 6 years after employment ends unless there is a lawful reason for longer retention).

  • Accident records will be retained in accordance with health and safety legislation.

Personal data will not be kept indefinitely unless there is a clear lawful basis.

Secure destruction procedures will be followed when data is no longer required.

6. Sharing Personal Data

Personal data may be shared where necessary with:

  • Local authorities

  • Funding bodies

  • Insurers

  • Professional advisers (e.g. accountants, legal advisers)

  • Regulatory bodies

  • Hallmaster (as Data Processor)

Data will only be shared where there is a lawful basis.

Personal data will not be transferred outside the UK unless appropriate safeguards are in place in accordance with UK GDPR.

7. Special Category Data

Where TVHMC processes special category data (e.g. health information for accident reporting), this will only be done where permitted under Article 9 UK GDPR and the Data Protection Act 2018, and with appropriate safeguards in place.

8. Individual Rights

Under UK GDPR, individuals have the right to:

  • Be informed about how their data is used

  • Access their personal data (Subject Access Request)

  • Request rectification of inaccurate data

  • Request erasure (in certain circumstances)

  • Restrict processing (in certain circumstances)

  • Object to processing (where based on legitimate interests)

  • Data portability (where applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Subject Access Requests will be responded to within one calendar month of receipt and verification of identity.

Individuals may complain to the:

Information Commissioner’s Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

9. Data Security Measures

TVHMC will implement appropriate technical and organisational measures, including:

  • Locked storage for paper records

  • Password-protected electronic systems

  • Strong passwords and secure access controls

  • Up-to-date security software on devices

  • Access to personal data limited to trustees on a need-to-know basis

  • Dedicated hall email account (not personal email accounts)

  • Secure storage of accident records

  • Secure disposal (shredding/deletion) of data when no longer required

  • Data protection included as a standing agenda item at trustee meetings

10. Data Breaches

Any personal data breach will be recorded and assessed promptly. Where required under UK GDPR, the ICO will be notified within 72 hours of becoming aware of the breach. Affected individuals will be informed where there is a high risk to their rights and freedoms.

11. Accountability

TVHMC trustees are collectively responsible for ensuring compliance with UK GDPR and the Data Protection Act 2018. Appropriate contracts will be in place with any data processors.

Adopted by: Tittensor Village Hall Management Committee
Date: 16/02/2026
Review date: 16/02/2027