Privacy Policy for Quakers in Yorkshire


The event organiser, Quakers in Yorkshire, has the legal responsibility to tell ticket buyers and event attendees how their personal information will be collected and used. You can find their Privacy Policy below or contact them to request it.


Quakers in Yorkshire Data Protection Policy This policy applies to the charity Quakers in Yorkshire (QiY) and has been developed and agreed by the Trustees. ‘We’ in the policy refers to all those acting on behalf of the charity. 1. INTRODUCTION 1.1 PURPOSE “Do you maintain strict integrity in your business transactions and in your relations with individuals and organisations?” Advices and Queries 36. As Quakers, we seek to be clear and transparent and maintain strict integrity in the work that we do, including our recording and use of personal data. Those sharing personal data with or within QiY should be reassured that their data will be treated with respect, ensuring its accuracy, security and use only for the (legitimate and clearly specified) purposes for which it is needed or provided. This is also a requirement of the 2018 Data Protection Act. The purpose of this policy is to ensure that all those collecting or processing personal data on behalf of QiY are doing so in full accordance with the 2018 Data Protection Act. 1.2 SCOPE This policy applies to the collection and processing of personal data for all QiY Activities, including meetings, events and initiatives, trust management, nominations and appointments and communications. At present these comprise:  Meetings, events and initiatives: o QiY Quarterly Meetings o Trustee and Working Group Meetings o Junior holidays o Yorkshire Friends Holiday School and Reunion o Easter Settlement o Outreach projects o Support to Youth Development Worker o Preparations for Support to Local Development Work(er)  Trust Management for: o Rawdon Friends School Trust o Adult School Fund o Forrest Meeting House Fund o Buildings Charity Fund o Yorkshire General Meeting Charity o Linton Taylor Fund  Appointments: o Appointment of Governors to Bootham, the Mount and Breckenbrough Schools o Appointment of Trustees to Glenthorne Quaker Centre 1o Appointment of Custodians to Yorkshire Quaker Archives o Appointment of representatives to North Yorkshire Standing Advisory Council on Religious Education (SACRE) and West Yorkshire Churches Together o Appointment to the Nominations Committee of the Retreat  Communications: o Compiled Membership Book of the Members and Attenders in the seven Area Meetings within Yorkshire which comprise the membership of QiY o Newsletters o Communications through the QiY website. ‘Personal data’ covers any information relating to an identifiable person who can be directly or indirectly identified through the data. It includes but is not restricted to peoples’ names, physical and email addresses. The 2018 Act applies to such personal data held in computer databases, manual filing systems or paper or electronic listings lists (e.g. of Members and Attenders), and also covers personal data in minutes of meetings and electronic or personnel files for QiY activities. 1.3 LEGAL BASIS All the personal information we collect and/or process will fall under one or more of the categories specified in the 2018 Act as enabling the processing to be legal. Our processing of data for the QiY Membership Book, circulation lists for the Newsletter and any personal data collected through the website will ensure that the individual whom the data is about (or parents/guardians of those under 18 years old) has consented to the processing. The responsibility for obtaining this permission lies, in the case of the Area Meeting (AM) pages of the Membership Book, with the respective AM, and in the case of circulation lists for other activities, with the organiser of the activity. Other personal data that we collect and/or process in relation to meetings, events and initiatives, trust management, nominations and appointments will be restricted to that needed to satisfy our ‘legitimate interests’ (as defined by the 2018 Act) in relation to these activities, processing information about those involved in these activities with a minimal privacy impact, or where there is a compelling justification for the processing. The only exceptions to the above will be where:  The processing is necessary in relation to a contract which the individual has entered into, or because the individual has asked for something to be done so they can enter into a contract,  The processing is necessary because of a legal obligation (other than a contract), or  The processing is necessary to protect the individual’s “vital interests” (e.g. in the case of a medical emergency). We are exempt from registering with the Information Commissioner’s Office (ICO) and paying an annual fee on the grounds that, besides being a charity, we:  only process information necessary to establish or maintain membership or support;  only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it;  only hold information about individuals whose data we need to process for this exempt purpose; 2 ensure the personal data we process is restricted to personal information that is necessary for this exempt purpose, and  do not use CCTV for crime protection. 2. HOW WE HANDLE PERSONAL DATA 2.1 WHY WE COLLECT DATA We need to collect names and contact details of those attending our meetings and events and taking part in our initiatives in order for these activities to be able to function efficiently. ‘Sensitive data’ in relation to a person’s health may on occasions be collected to protect the individual concerned, and financial data (bank, debit or credit card details) for those making payments for events. We also collect names and contact details for communications in relation to trust management, and for nominations and appointments. Sensitive personal data may be required on those being considered for nominations or appointment, though restricted to that necessary to identify whether the individuals concerned meet the criteria for the posts, and in the case of more than one nomination for a post, which nominee best meets the criteria. The Membership Book is compiled to enable those appearing in the book to obtain copies for the sole purpose of communicating with each other on Quaker matters and not, for example, to be used for any commercial or political purposes. Personal data may also be needed for communications with those wishing to receive copies of newsletters or other circulated communications or seeking to communicate via the QiY website. 2.2 HOW WE COLLECT DATA Personal data required for meetings, events and initiatives is collected by those organising the respective meeting, event or initiative. The data is supplied by the individuals wishing to take part after responding to a general invitation and being contacted by the organiser. The receipt of any personal data in relation to other communications will be limited those responsible for the matter for which the data was supplied, for example compiling and circulating distribution lists or responding to website enquiries. Application forms for annually repeated activities (e.g. the Easter Settlement) include a line asking if the applicant would, or would not, agree to being advised about the event by email in the following years. The QiY Treasurer collects contact details of those requesting support from the QiY trusts or otherwise involved in the management of the QiY trusts. Personal data required for nominations and appointments is collected by members of our Nominations Committee. The Clerk of QiY (or other member of QiY given responsibility on the Clerk’s behalf for the Book of Members and Attenders) collects the lists of Members and Attenders from each of our Area Meetings. Area and Local Meeting Membership Secretaries collect names and contact details of Members and any Attenders who request this through data consent forms. These forms and accompanying privacy notices also provide a means for members and attenders to request to be put on the Area Meeting and Quakers in 3Yorkshire lists of Members and Attenders. It is the responsibility of the respective Area Meeting to ensure the consent of the individuals concerned for this use of their personal data, the accuracy of the data collected, and the use of a privacy notice to advise individuals on the use and protection of the data. 2.3 HOW WE PROCESS DATA The personal data that we process in accordance with our legitimate interests or contractual and legal obligations will be kept to the minimum required for the respective purpose and handled only by the relevant QiY post-holders or others responsible for managing our meetings, events and initiatives. We will take reasonable steps to ensure that all those involved are aware of and adhere to the 2018 Act requirements in their processing of personal data. We will also take reasonable steps to ensure that those in Area Meetings supplying us with membership lists are aware of and adhering to the 2018 Act requirements. Apart from archived material, personal data will be kept only for as long as it is remains correct and necessary to achieve these purposes, or until the person asks us to no longer keep it. Members’ personal data, minutes and other documents will be archived securely for historical and research purposes but will not be used in connection with decisions affecting particular individuals or in a way that is likely to cause damage or distress. When we ask for personal data for other purposes, we will outline how we will use and manage it and, where appropriate, ask for the individual’s consent to do so on this basis. We will not use this personal data for other purposes without asking permission of the persons concerned. When sending emails to groups of people who are not QiY post-holders and who do not require knowledge of the email addresses of others within the group, we will use blindcopy procedures to maintain privacy of the respective email addresses, We will not pass personal data to other organisations, except for legally required reasons sanctioned under the 2018 Act such as for people’s protection or police investigations. We will never sell personal data to third parties or allow it to be used other than in accordance with the 2018 Act. 2.4 HOW WE PROTECT DATA Personal data will be held by office holders in electronic and paper form as appropriate, only for as long as necessary and with appropriate password or other security measures and protected against misuse. The central repository for data will be the electronic and paper filing systems at Carlton Hill Meeting House, Leeds and archiving facilities at Leeds University. Increasing use will be made of password-protected cloud storage. Except for securing archiving of members’ personal data, minutes and other documents, we will not keep information for longer than necessary to fulfil the uses set out in section 2.1, or until the person concerned asks us to no longer keep it. Data in paper form will be held securely in locked rooms, drawers and cabinets, and will be shredded when no 4longer needed, for example old copies of the list of Members and Attenders (apart from one archived copy of each). 3. PROTECTING ACCESS RIGHTS Enquiries or amendments to personal data held in the AM pages of the Membership Book should be passed to the to the Membership Clerk of the AM concerned. Anyone wishing to make a subject access request to view their personal data held by QiY can do so through the email address enquiries@quakersinyorkshire.org.uk or by telephoning one of the officers listed on the ‘Contact us’ page of our website: https://quakersinyorkshire.org.uk. Anyone wishing to withdraw permission for use of their data or to update the data held on them by QiY can do so using the same means of contact. The same means of contact can be used for anyone having any queries about this policy. In the case of emailed copies of newsletters and other circulated material on Quaker issues, those no longer wishing to receive these can at any time use the unsubscribe response on the email where this exists, or inform the sender accordingly. 4. ACTION ON ANY SECURITY BREACH If, despite these precautions, a security breach occurs, then the following will apply. 1. Immediately anyone is aware of a security breach, whether or not it is serious, it must be reported to at least one of the following, who would then inform the other two: the relevant Local Meeting Clerk or co-clerks, the relevant Area Meeting Clerk or co-clerks, and the Clerk of Trustees with details. 2. The Clerk of Trustees will obtain advice on the seriousness of the leak in terms of likely damage to individuals. 3. If not sufficiently serious to obviously affecting any particular individuals, then this will be recorded by the Clerk of Trustees and minuted by Trustees at the next Trustee meeting or meeting of Trustees to review implementation of this policy. 4. If it is serious, the ICO will be immediately notified within 72 hours of the breach along with any individuals placed in jeopardy by the leak. An investigation will be undertaken, with recommended action on the breach and avoiding a future breach, and the outcome sent to the ICO and affected individuals. 5. SUPPORTING AND MONITORING POLICY IMPLEMENTATION QiY Trustees will provide all those responsible for QiY activities and all Area Meeting Clerks and Membership Secretaries with a copy of this policy and obtain confirmation of their understanding of and adherence to this policy. QiY Trustees will review this policy and its implementation every two years, and also if there is any change in Data Protection legislation. Approved by QiY Trustees 28 November 2020