Data Protection Policy

1. Introduction

We take the privacy of your personal information seriously and take reasonable care to comply with the requirements of the General Data Protection Regulation 2018 (GDPR) relating to the personal information you supply to be a member of Kehillat Kernow (KK), and on the website.

For the purpose of GDPR, the data controller is Kehillat Kernow, represented by the Data Protection Officer.

Data refers to information held both electronically and on paper.

2. Your Personal Data

The information we gather may include your name, address, email address, and any other personal information you submit to KK.

This includes information about children under the age of 16 which we need to hold to deliver the objects of KK, e.g. the advancement of Judaism through educational activities.

We share your data with:

  1. our associate, The Movement For Reform Judaism (whose object is communicating Reform Jewish values and traditions)Ā  for statistical purposes, for emailing their newsletters and information on their events and activities.
  2. The Board of Deputies of British Jews (who are the first port of call for government, the press and others seeking to understand the Jewish Community) in connection with appointing a delegate to their organisation.
  3. the Charities Commission to comply with their regulations that apply to KK as a registered charity.
  4. and HM Revenue and Customs with whom we are registered to receive GiftAid payments.

We share your data with the Movement for Reform Judaism and the Board of Deputies of British Jews for the purposes of demographic and statistical information, as well as to ensure that you are aware of our events and activities. You have the right to opt out by the Data Protection Officer.

As part of your membership you will be on our mailing list and we will send you newsletters. We may from time to time offer you the opportunity to sign up to a mailing list and/or additional newsletter, to participate in a survey or a competition and to receive information by email about third partiesā€™ products and services or any other products and services which we provide. You may opt out by notifying the Data Protection Officer.

We use the Information we collect from you to keep you informed about events and activities, which we believe will be of interest to you. Should you not wish to receive this information you can opt out by informing the Data Protection Officer.

As part of your membership we use the Information to draw up and circulate lists of names towards fulfilment of the key objects of KK to practice and develop Judaism, e.g.a list for yahrzeit purposes and to promote the safety of KKĀ Ā  members, e.g. a security rota. Should you wish for your name not to be disclosed on these lists, please contact the Data Protection Officer.

We will not sell, distribute or disclose your Information without your consent, or unless required or permitted to do so, by law. Ā  Sensitive personal information will be held by and at the homes of the Council Officers.

3. Updating your Information and Retention

If any of your information is inaccurate or if it changes, please notify us by email.

We will retain personal information to cover the period of statutory limitations i.e. 7 years to comply with Charity Commission requirements and HM Revenue and Customs (HMRC) and also indefinitely whilst it serves to support administration of current and previous membership of KK. Information in connection with payments and receipts will be retained at KKā€™s discretion for financial purposes.

4. Access to personal data

You have the right to obtain:

a) confirmation that your data is being processed

b) access to your personal data and to informationĀ corresponding to that in this privacy notice

The information will be provided free of charge except where excessive, repeated or duplicate requests are made. In such a case a fee to cover the costs of administration will be made.

The information will generally be provided electronically within one month of the request. Should an extension of up to two months be required we will inform you of the reason.

5. Links to Third Partiesā€™ Sites

We may provide links to other websites. Before supplying any personal information to any other website, we recommend that you check the websiteā€™s Privacy Policy.

We do not accept responsibility for the protection of any data supplied to other sites.

6. Cookies

We may use cookies to give you a better experience and to monitor how you are using the website, as this will help us make improvements for the future.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies, but if you do so, parts of the website may not work correctly.

For more information and to find out more about cookies and Google Analytics read information and advice for members of the public regarding EU Cookie Laws on the UK Governmentā€™s Information Commissionerā€™s Office website.

7. Internet and Data Storage

The KK website uses a security system that protects your Information from unauthorised use. However, as no data transmissions over the Internet can be guaranteed to be 100% secure, we cannot take responsibility for any unauthorised access or loss of personal information that is beyond our control, e.g. whilst in transit. Any data you send is at your own risk.

We have procedures and security features in place to keep your data secure once we receive it. Your data is held in the UK only and only shared with the third parties mentioned in sections 2 and 3 above.

Please remember that other methods of Internet communication, such as emails and messages sent via a website, are not secure, unless they are encrypted.

We take no responsibility for any unauthorised access or loss of personal information that is beyond our control.

8. Complaints about a data breach

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainantā€™s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a personā€™s record is in dispute. If a complainant doesnā€™t want information identifying him or her to be disclosed, we will try to respect that.Ā  However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ā€˜need to knowā€™ principle.

9.Ā  Data breach

In case of a personal data breach that is likely to result in a risk to peopleā€™s rights and freedoms, KK will adhere to the mandatory regulation to report it to the Information Commissionerā€™s Office (ICO) within 72 hours.

High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. You will need to notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.

A breach notification must contain the nature of the personal data breach including, where possible:

  • the categories and approximate number of individuals concerned
  • the categories and approximate number of personal data records concerned
  • The name and contact details of the data protection officer (if your organisation has one) or other contact point where more information can be obtained
  • A description of the likely consequences of the personal data breach
  • A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
  1. Ā Changes to Privacy Policy

Our Privacy Policy may change from time to time. In this case, the amended version will be published on the KK website. Further information can be found on the ICOā€™s website.

Updated: 20 May 2018