Privacy Policy

GDPR Privacy Policy for Gerrards Cross Community Association GXCA

Effective Date: 11 February 2025
Gerrards Cross Community Association GXCA (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Introduction
The General Data Protection Regulation (GDPR) is a law designed to protect the privacy and personal data of individuals within the European Union. We are fully committed to complying with the GDPR and ensuring that your personal data is handled in a secure and transparent manner.

2. Who We Are
Gerrards Cross Community Association GXCA is a Charitable Incorporated Organisation (CIO) based in Gerrards Cross, United Kingdom. We provide a range of services and activities for the local community. We are the data controller for the personal information you provide to us.

3. What Data We Collect
We may collect and process the following types of personal data:
Personal Identification Information: Name, address, email address, phone number
Membership Information: Membership details, including membership types and payment information
Communication Records: Email correspondence, event registrations, feedback, and surveys
Event Participation: Data about your participation in our events or activities
Financial Information: Payment information, including transaction history for membership fees and donations
We only collect the personal data necessary to fulfil the purpose for which it was provided.

4. How We Use Your Data
We use your personal data for the following purposes:
Membership Management: To process your membership, provide you with relevant updates, and keep you informed about our activities and events.
Communication: To respond to your queries, provide customer service, and send you newsletters or event information.
Event Management: To manage event registrations, communicate event details, and record your participation in our activities.
Financial Transactions: To process donations, payments, and to send receipts and thank you notes for your contributions.
Compliance: To meet legal obligations, including tax or accounting requirements.

5. Legal Basis for Processing Your Data
We process your personal data based on the following legal grounds:
Consent: Where you have given us explicit consent to process your data (e.g., when signing up for newsletters or events).
Contractual Necessity: To fulfil our obligations to you as a member or participant in our events.
Legal Obligation: Where we are required to process your data to comply with legal or regulatory obligations.
Legitimate Interests: Where processing your data is necessary for the legitimate interests of the Association (e.g., managing memberships, improving our services, or ensuring the safety of event participants).

6. Sharing Your Data
We will not share your personal data with third parties, except in the following circumstances:
Service Providers: We may share data with third-party service providers who assist us in operating our website, sending communications, processing payments, or managing events.
Legal Obligations: We may disclose your data if required to do so by law, for example, to comply with a legal process or a request from government authorities.
We ensure that any third-party service providers we work with are GDPR compliant and handle your data securely.

7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal or accounting requirements. Once your data is no longer needed, it will be securely deleted or anonymised.

8. Your Rights
Under GDPR, you have the following rights regarding your personal data:
Right of Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: If you believe that the data we hold is inaccurate or incomplete, you can request that we correct it.
Right to Erasure: You can request that we delete your personal data, subject to certain legal exceptions.
Right to Restriction of Processing: You can ask us to restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You can request that we provide your personal data in a machine-readable format or transfer it to another data controller.
Right to Object: You can object to our processing of your personal data in certain situations.
If you wish to exercise any of these rights, please contact us using the details provided below.

9. Security of Your Data
We take the protection of your personal data seriously and implement appropriate technical and organisational measures to safeguard it. This includes encryption, secure storage, and restricted access to sensitive data.

10. Cookies and Tracking
We may use cookies on our website to improve user experience, enhance functionality, and collect information about website usage. For more information, please refer to our Cookie Policy.

11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any changes will be posted on this page, and the “Effective Date” will be updated accordingly. We encourage you to review this policy periodically.

12. Contact Us
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights under GDPR, please contact us at:

Gerrards Cross Community Association (GXCA)
The Memorial Centre, 8 East Common, Gerrards Cross, Buckinghamshire SL9 7AD
Email: Office@gxca.org.uk
Phone: 01753 883759

Thank you for trusting Gerrards Cross Community Association with your personal data. Your privacy is important to us.