GDPR Policy
Introduction
This page defines and explains the GDPR policy of the Mill Centre Management Committee
Data Held
Data are held for maintaining booking records and invoicing and for communication regarding bookings, committee meetings and the functioning of the Mill Centre. Personal data comprises: Name, Address, Phone number, email address. Booking and invoice data cross-references to personal data.
Lawful Basis
These data are held under the “Contract” lawful basis
Period of retention
Data will be held for 7 years, or when the owner requests deletion, whichever is sooner. (but see below)
Data Deletion
An owner can request deletion, which will be carried out immediately, unless the owner has outstanding bookings or unpaid invoices.
Pre-existing invoices will retain name and address in perpetuity.
Data Storage
Personal data is stored on a computer server, protected by password. Only the treasurer and secretary have access to these data
Third Parties
No data will be shared with third parties unless legally required.
April 2018
If you wish to know what data are being held about you, please contact the Data Controller, Mark Esdale