Thames Head Energy Privacy and GDRP Policy

Who we are

Our website address is: www.thamesheadenergy.org

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

 If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Data Protection Policy: Thames Head Energy Community Group

1) Definitions

  1. Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.
  2. Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

2) Responsibility

  1. Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld.
  2. All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the group.

3) Overall policy statement

  1. Thames Head Energy Community Group needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities.
  2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the UK General Data Protection Regulation (GDPR) and other relevant legislation.
  3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
  4. We will only collect, store and use data for:
    • purposes for which the individual has given explicit consent, or
    • purposes that are in our group’s legitimate interests, or
    • contracts with the individual whose data it is, or
    • to comply with legal obligations, or
    • to protect someone’s life, or
    • to perform public tasks.
  5. We will only share data with 3rd parties where that data is required to perform a service to Thames Head Energy that is in keeping with the purpose of Thames Head Energy, for example undertaking feasibility studies or providing an estimate or quotation where data on the community is required. In such cases, only the information required to perform the service will be shared and the 3rd party will be instructed to hold such data in compliance with GDRP and to destroy the data once it is no longer required for the service they are performing for Thames Head Energy
  6. We will provide individuals with details of the data we have about them when requested by the relevant individual.
  7. We will delete data if requested by the relevant individual unless we need to keep it for legal reasons.
  8. We will endeavour to keep personal data up-to-date and accurate.
  9. We will store personal data securely.
  10. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
  11. We will not share personal data with third parties without the explicit consent of the relevant individual unless legally required to do so.
  12. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.
  13. To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.

4) Review

This policy will be reviewed every two years

Date: 24 July 2022

Signature: Mike McKeown

Data protection procedures

1) Introduction

  1. Thames Head Energy Community Group has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
  2. These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases, we will ensure our Data Protection Policy is upheld.

2) General procedures

  1. Data will be stored securely. When it is stored electronically, it will be kept in password-protected files. When it is stored online on a third-party website (e.g. Microsoft Office 365) we will ensure the third party comply with the UK GDPR.
  2. When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.
  3. We will keep records of consent given for us to collect, use and store data. These records will be stored securely.

3) Mailing list

  1. We will maintain a mailing list. This will include the names and contact details of people who wish to receive information from Thames Head Energy Community Group.
  2. When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time.
  3. We will not use the mailing list in any way that the individuals on it have not explicitly consented to.
  4. We will provide information about how to be removed from the list with every mailing.
  5. We will use mailing list providers who store data within the EU.

4) Contacting committee members

  1. The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met.
  2. Committee contact details will be shared among the committee.
  3. Committee members will not share each other’s contact details with anyone outside of the committee, or use them for anything other than Thames Head Energy Community Group business, without explicit consent.

5) Review

These procedures will be reviewed every two years

Date: 24 July 2022

Signature: Mike McKeown