Privacy Policy

Who we are

Herts Disability Sports Foundation (HDSF) is a charity (registration number 1156034) providing services for disabled people and raising awareness about disability across Hertfordshire.

Our website address is: http://hdsf.co.uk

What personal data we collect and why we collect it

A full list of the information we hold, and what we do with it is shown below: Most of the personal information we process is provided to us directly by you.

If we collect information about children this will have been provided by the parent or guardian, so we have your consent to hold this information.  We collect this information for either Health and Safety reasons (so that if there’s an incident or accident we can provide medical staff with vital information) or so that HDSF staff can make sure we make all the right arrangements to meet your child’s needs for the session.  We do not pass on information about your child to any other organisations unless legally obliged to, or for urgent medical treatment when we can’t contact you.

Type of info Why we need it What we do with it How long we keep it Your rights
 

Activity booking on the website

Parent/guardian; name, phone number. To make sure we can contact you if there’s an incident or if the activity is cancelled. Stored on the website and a printed copy for the event/session. We will usually keep records for up to 12m after child stops attending, so that we have your information for future sessions. Access, data portability, rectification, objection and erasure.
Child; name, age, school (if applicable), disability and any medical conditions So that we can make sure your child/children are eligible to attend. Stored on the website and a printed copy for the event/session. We will usually keep only for up to 12m after child stops attending sessions so that we have some information for future sessions. Access, data portability, rectification, objection and erasure.
Adult Participant name, age, email and phone number, disability and any medical conditions To make sure we can contact you if there’s an incident or if the activity is cancelled. Stored on the website and a printed copy for the event/session. We will usually keep only for up to 12m after you last attended session. Access, data portability, rectification, objection and erasure
Activity consent form (if required)
Contact details of adult participant, or parent/guardian for child, & age(child), medical details

 

So that we can make any adjustments to the session to ensure your child’s safety, and contact you if needed on the day. We keep this so we can refer back to information when you make a new booking on the website Usually just until the end of the week of sessions. Access, data portability, rectification, objection and erasure.
Type of info Why we need it What we do with it How long we keep it Your rights
Permission to use personal images So that we have images to advertise and publicise our activities. We keep a copy of response as proof of permission/permission withheld. We will usually keep only for up to 12m after you/your child last attended a session. Access, data portability, rectification, objection and erasure.
 

Newsletter

Email address So that we can send you news and information about HDSF and upcoming events. We print a copy of your original consent and emails are stored on the mailchimp website. Until you ask us to remove you from our mailing list. Access, data portability, rectification, objection and erasure.
 

Open Sessions

Name, age and whether the user has a disability To measure how many of our ‘casual’ users have a disability. Analyse how we might need to change what we offer. Until the financial report and annual review for the year concerned are completed. Access, rectification, objection and erasure.
 

Day Services

Name, age, gender and ethnicity as provided by Daycare Services Staff. So we can report back to anyone who has provided us with a grant – they need this information. We remove all names and then send the data back to our funders.  We use the register to invoice Day Services. For one year after the grant is ended – they sometimes come back with questions at a later date. Access, data portability, rectification, objection and erasure.
Audit
For all of the information we collect, we do use it to analyse the work of our charity – who we are reaching, what is most popular, etc.  When we do this we ALWAYS remove the information that would identify you, so the information is anonymised first.

Service adjustments

As a provider of services to the public, we have a legal duty to comply with the Equality Act (2010).

This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services. Our legal basis for processing this information is article 6(1)(c) of the GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(a), which means we need your consent.

We’ll create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to ensure they are communicating with you in the required way.

Similarly, where you or your child book onto one of our activities, we will ask you to sign a consent form providing details of any addition needs – this form consent for us to provide our service and to hold the information.

As we need your consent to process your special category data you have a right to withdraw your consent at any time

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

We will not share your information with any third parties for the purposes of direct marketing from other organisations.

In some circumstances we are legally obliged to share information, for example under a court order.  We also share some of your information to report back to organisations that have provided us with grants - to offer you a service either free of charge or at a subsidised rate.  But when we give them information about who has attended our sessions, we remove your name (or your child’s name) so they cannot identify you.

Our newsletter distribution is managed by a company called MailChimp and we recommend you view their Privacy Notice for Contacts which can be viewed on their website (www.mailchimp.com/legal/privacy#contacts). Because we are sending you information about our charity in the Newsletter, this is considered to be marketing.  At the time you signed up to the Newsletter we asked for your explicit consent to send the Newsletter to you.  If you change your mind, you can unsubscribe at any time using the ‘unsubscribe’ button at the bottom of our Newsletter.

Glint Media host our website and we recommend you look at their privacy notice which can be found  here. In summary, it confirms that they abide by data protection regulation and process your data only for the purposes of our agreement with them. If you wish to view the information they hold on you or ask for it to be removed please contact the Data Controller who will arrange this.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to make a request for a copy of the personal data that we keep about you or to correct the details that we hold about you. We will respond within one month.

Your right to rectification

You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase/delete your personal information in certain circumstances.

Your rights in relation to processing your information

You have the right to ask us to stop processing your personal data where the processing is based on our legitimate interests, for example direct marketing. This does not include processing which is in line with our terms and conditions of participation, or of any contract you have with us, for example payment processing. If we believe we have a legitimate reason for processing your personal information including for the defence of any legal claims we may decline your request.

Under certain circumstances, for example if we decline your request to stop processing, you have the right to ask us to restrict the processing of your personal data.

Your right to data portability

You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you in a portable electric form.  If your request is by email from the address that we hold for you we will respond by email to that address.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

The potential transfer of information to another country would only be through Mailchimp, our website host, or Facebook.  We do not personally transfer your personal information and we have no plans to do so.  If this changes, we will let you know.

Additional information

How we protect your data

In order to comply with our obligations under Data Protection law, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures.

What data breach procedures we have in place

We are registered with the Information Commissioner's Office  (ICO) and any data protection breaches will be reported to them in accordance with GDPR or DPA 2018.

What third parties we receive data from

We do not receive date through third parties except via our website hosted by Glint Media.

What automated decision making and/or profiling we do with user data

We do not carry out automated decision making or profiling.

Industry regulatory disclosure requirements

HDSF has a Data Controller, Fiona Pearce. She is your first point of contact for any questions or enquiries about your data. Her contact details are:

Herts Disability Sports Foundation, c/o Knights Templar School, Park Street, Baldock, Herts, SG7 6DZ

Telephone number – 01462 600193

Email – [email protected]

If you are not happy with the response you are given, you should contact our Senior Information Risk Officer, Maria Anastase, who is one of our Charity Trustees.  She can be contacted through the Chair of Trustees at; [email protected]