GDPR Policy

Introduction

This page defines and explains the GDPR policy of the Mill Centre Management Committee

Data Held

Data are held for maintaining booking records and invoicing and for communication regarding bookings, committee meetings and the functioning of the Mill Centre. Personal data comprises: Name, Address, Phone number, email address. Booking and invoice data cross-references to personal data.

Lawful Basis

These data are held under the “Contract” lawful basis

Period of retention

Data will be held for 7 years, or when the owner requests deletion, whichever is sooner. (but see below)

Data Deletion

An owner can request deletion, which will be carried out immediately, unless the owner has outstanding bookings or unpaid invoices. Pre-existing invoices will retain name and address in perpetuity.

Data Storage

Personal data is stored on a computer server, protected by password. Only the treasurer and secretary have access to these data

Third Parties

No data will be shared with third parties unless legally required. April 2018

If you wish to know what data are being held about you, please contact the Data Controller, Mark Esdale