Begbroke Village Hall (BVH) Data Protection Policy
1. Introduction
Begbroke Village Hall (BVH) is committed to protecting the privacy and security of personal data. This policy outlines how we collect, use, and manage personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope
This policy applies to all individuals whose personal data BVH processes, including:
• Hall hirers and users.
• Staff, volunteers, and trustees.
• Suppliers and contractors.
• Members of the local community.
3. Key Principles
BVH adheres to the following principles when processing personal data:
1. Lawfulness, fairness, and transparency – Data will be processed lawfully, fairly, and transparently.
2. Purpose limitation – Data will only be collected for specified, explicit, and legitimate purposes.
3. Data minimisation – Data collected will be adequate, relevant, and limited to what is necessary.
4. Accuracy – Personal data will be accurate and kept up to date.
5. Storage limitation – Data will be retained only as long as necessary.
6. Integrity and confidentiality – Data will be processed securely to maintain confidentiality and prevent unauthorised access.
4. Data We Collect
BVH may collect and process the following types of personal data:
• Name, address, and contact information (e.g., telephone number, email).
• Booking details (e.g., dates, times, and purpose of hire).
• Financial information (e.g., payments and invoices).
• Emergency contact details, if applicable.
5. How We Use Personal Data
BVH processes personal data for the following purposes:
• Managing hall bookings and related communications.
• Complying with legal obligations (e.g., insurance, safeguarding).
• Maintaining records for financial and administrative purposes.
• Enhancing the safety and security of users (e.g., emergency procedures).
6. Legal Basis for Processing
BVH relies on one or more of the following lawful bases for processing personal data:
• Consent: Explicit consent for specific purposes, such as marketing communications.
• Contract: Data necessary for the performance of a booking or service agreement.
• Legal Obligation: Compliance with legal and regulatory requirements.
• Legitimate Interests: For purposes such as improving operations and ensuring the safety of users.
7. Data Sharing
BVH does not sell or share personal data with third parties for marketing purposes. Data may be shared with:
• Regulatory bodies, if required by law.
• Service providers (e.g., IT support) under strict confidentiality agreements.
8. Data Security
BVH implements appropriate technical and organisational measures to protect personal data, including:
• Secure storage systems (e.g., password-protected devices, locked filing cabinets).
• Regular staff and volunteer training on data protection responsibilities.
• Periodic reviews of data security protocols.
9. Data Retention
Personal data will be retained only as long as necessary to fulfil the purposes for which it was collected or as required by law. BVH follows the following data retention guidelines:
| Data Type | Retention Period | Reason |
| Financial records | 6 years from end of tax year | HMRC requirements |
| Booking and hire records | 3 years after the booking | Reference for disputes or repeat bookings |
| Contact details | 1 year after the last interaction | Follow-up or feedback purposes |
| Consent forms (e.g., marketing) | Until consent is withdrawn or no longer relevant | Proof of consent accountability |
| Volunteer or staff records | 6 years after the individual leaves their role | Address potential claims or safeguarding |
| Safeguarding records | Indefinitely (or until the affected person reaches age 25) | Safeguarding best practices |
| Incident reports | 3 years (general incidents); 6 years (potential legal claims) | Legal limitation periods for claims |
| Committee meeting minutes | Permanently or long-term | Historical and legal reference |
BVH conducts regular reviews to delete data no longer required in accordance with these guidelines.
10. Data Subject Rights
Individuals have the following rights under UK GDPR:
• Right to access personal data BVH holds about them.
• Right to rectify inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”).
• Right to restrict or object to data processing.
• Right to data portability.
• Right to withdraw consent at any time.
To exercise these rights, please contact:
Data Protection Officer: [Insert contact details]
11. Breach Reporting
BVH takes data breaches seriously and will:
• Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach poses a risk to individuals’ rights and freedoms.
• Inform affected individuals promptly, where applicable.
12. Policy Updates
BVH reserves the right to amend this policy to ensure compliance with legal and regulatory updates. Changes will be communicated via the BVH website or direct notification.
13. Contact Information
If you have any questions about this policy or how BVH handles personal data, please contact:
Data Protection Officer: Patrick Hague ([email protected])
ICO Registration Number: ZB910144
Approved by: Marco van der Linden – Chairman, Begbroke Village Hall Management Committee
Date: 18th June 2025
Review date every 12 months thereafter