This page defines and explains the GDPR policy of the Mill Centre Management Committee
Data are held for maintaining booking records and invoicing and for communication regarding bookings, committee meetings and the functioning of the Mill Centre. Personal data comprises: Name, Address, Phone number, email address. Booking and invoice data cross-references to personal data.
These data are held under the “Contract” lawful basis
Period of retention
Data will be held for 7 years, or when the owner requests deletion, whichever is sooner. (but see below)
An owner can request deletion, which will be carried out immediately, unless the owner has outstanding bookings or unpaid invoices.
Pre-existing invoices will retain name and address in perpetuity.
Personal data is stored on a computer server, protected by password. Only the treasurer and secretary have access to these data
No data will be shared with third parties unless legally required.
If you wish to know what data are being held about you, please contact the Data Controller, Mark Esdale