Established 1966

Privacy Policy

Cirencester Civic Society takes your privacy seriously. We will always keep your personal information safe and secure and will never sell your details.

This privacy notice tells you how we collect your personal data, what data we collect, and why we use it. It also tells you about your data protection rights and how you can contact us.

1. About us

Cirencester Civic Society is a registered charity (number 251381). We aim to promote, protect and shape our wonderful town and we have been doing this since 1966. We meet our aims by:

  • providing TALKS and EVENTS which are open to members and non-members of the society
  • leading guided WALKS which can be pre-booked throughout the year or, in season, you can just turn-up-and-go
  • scrutinise and commenting on planning applications which may have an effect on the historic or social character of the town
  • shaping the built environment through our Civic Society Design Award 
  • awarding Civic Pride Grants to neighbourhood groups wanting to enhance their local community area.

2. How we collect personal data

We collect your personal information when:

  • you provide it to us directly, by phone, email, text, or other messaging service, by post, or in person
  • you permit a third party to share your information with us. For example, if you attend an event organised jointly by us and another organisation or if someone nominates you or your group for an award
  • we collect it as you use our website, or third-party digital platforms, such as social media platforms

3. What personal data we collect

The information we collect about you depends on your relationship with us.

3.1. Personal data

In most cases, we collect basic personal information when you contact us. This normally includes your name and contact details such as your address, email address, and telephone number. We collect this information so we know who you are and can contact you. 

When we need to, we also process your financial information, such as your credit or debit card details, bank account details, and whether you are a UK income taxpayer (for Gift Aid purposes). 

As examples, we may collect financial information when you:

  • make a donation
  • complete a Gift Aid declaration
  • pay a membership fee
  • claim permitted expenses as a volunteer

3.2. Special category data

In certain circumstances, we may need to process special categories of personal data, such as information about your health if, for example, you attend an event and have access or dietary requirements.

4. Why we use personal data

We use personal information to help us meet our charitable aims and objectives, legal and regulatory obligations, and other legitimate interests.

4.1. Our uses of personal data

In relation to our aims and purpose, and depending on our relationship with you, we may use your personal information to:

  • deal with general queries and requests, and provide information about our activities
  • create and maintain appropriate records of our relationships with our members, supporters and volunteers, which may include providing administrative communications and conducting relevant checks as may be required
  • administer orders and accounts relating to our suppliers
  • conduct marketing and fundraising activities, including administering fundraising events, sending marketing and fundraising communications
  • create case studies and other material related to our purposes and to use that material to promote our aims and objectives
  • register, investigate, and resolve concerns and complaints
  • exercise good governance, ensuring legal and regulatory obligations are met
  • protect our reputation

5. When we share personal data

To meet our charitable purposes most effectively, we engage other organisations to provide services to us, or to you on our behalf. Where it is relevant to your relationship with us, we may also share your personal information with other third parties.

5.1. Data processors

Data processors are individuals or organisations that perform functions on our behalf. Before engaging a data processor, we conduct due diligence checks to ensure they appropriately protect the personal data they will use. The terms of our arrangements with our data processors are set out in suitable contracts with specific clauses to ensure high data protection standards are maintained. Our data processors are limited to only using the personal data we share with them for the purposes that we decide and instruct them to perform.

The categories of services provided by organisations that process personal data on our behalf are:

  • providers of IT systems and infrastructure that permit us to manage our organisational information efficiently and securely. These include companies that provide general and specialist system and software solutions, as well as companies that provide specialist services to help ensure our systems and infrastructure are kept secure
  • payment collection and processing organisations, including providers of contactless card payment equipment, cheque processing, payment processing intermediaries, and banking and other financial service providers
  • website and online service providers, including companies that host our website, provide online security, conduct online monitoring, analytics, and profiling functions
  • companies that provide specialist communications tools and correspondence related services such as companies that provide marketing services on digital platforms
  • providers of audit and accountancy functions, legal advice, and other functions that assist us to exercise good governance and legal and regulatory compliance

5.2. Third parties we may share your personal information with

Where it is relevant to our relationship or is necessary for us to meet our legal obligations or legitimate interests, we may share your personal information with third parties.

As an example, we may share your personal data when you have signed up to attend one of our events that is being hosted by a third party.

5.3. Disclosures of personal data

From time to time, we may be asked to disclose personal data we hold.

As examples, we may receive a request from the police force or a coroner.

6. Marketing and fundraising communications

Keeping in touch with our supporters, members, and volunteers is vital to help the Society meet its aims.

We may send you marketing and fundraising emails, texts, or other electronic mail messages relating to administration or services which provide you with important information as part of your relationship with us.

As examples, administrative or service messages can include:

  • a letter or email to notify you that your membership is due to expire
  • a telephone call to provide information about an event you are participating in

7. Digital and social media platforms

An important part of our interaction with our audiences online is through our own digital presence, such as our website. We also maintain a presence on a range of third party digital and social media platforms.

7.1. Our websites and digital platforms

We may use our website to collect personal data directly from you, such as through secure online forms.

We also gather general information about the use of our website, such as which webpages users visit most often, and which services, activities, or events are of most interest. We may use this information to make improvements to our website and to ensure we provide the best service for you and others new to the site. Wherever possible, we use aggregated or anonymous information which does not identify individual visitors to our website. 

7.2. Third parties that may collect your personal data

Our website may include links to third-party websites, plug-ins, and applications. Clicking those links or activating those plug-ins or applications may allow third parties to collect your information.

When you interact with third parties online, such as by visiting their website or digital or social media platform where we maintain a presence, both Cirencester Civic Society and the third party may process your personal information. In this regard, we may be a joint controller of your data, alongside the third-party platform.

An example of this is if you interact with us or content we have posted on a social media platform.

When you interact with a third-party platform, the third party will process your data in line with their privacy and cookies policies. You can update your privacy and cookie preferences directly with the third party. We are not able to update your preferences for how third parties use your information.

7.3. Our presence on third party digital and social media platforms

We use third party digital and social media platforms to share a range of content, including videos, images, graphics, stories, information, and web links, that our followers can interact with by liking, commenting, and sharing. We interact on those platforms by responding to post comments and mentions and receiving and responding to private messages.

We analyse data from activity on digital and social media platforms and create reports to understand how our content has performed, in terms of reach and engagement; how it has been received, in terms of comment and private message volume and sentiment; as well as analysing our overall channel performance, in terms of audience size, reach, and engagement.

In addition to our presence on digital and social media platforms, we use third party social media tools to schedule and publish content, reply to comments and messages, compile reports, and monitor insights.

8. The lawful basis used to process personal data

We process your personal data under one or more of the following lawful bases:

  • Consent: You have given clear consent for us to use your personal data for a specific purpose
  • Legal obligation: Using your information is necessary for us to comply with the law

8.1. Consent

Some of the ways we may use your personal information require your consent. We rely on your consent when we are obliged to, and when the information we process about you is sensitive and we can offer you genuine choice and control over our use of your information.

As examples, we obtain your use it for other purposes that are not incompatible with those purposes such as to meet our legal obligations. Where a significant time has passed since we obtained your consent, we may contact you to ask if your consent is still valid.

8.2. Legitimate interests

We may process your personal data when we or a third party have a legitimate interest in doing so. This may include where those interests are wholly aligned with your own interests. We only process your personal data for legitimate interests when there is a defined purpose, the processing is necessary for that purpose, and we are satisfied that, on balance, your own interests and the privacy impact of the processing do not override the interest in using the data.

Our legitimate interests are as follows:

  • Gift Aid: Where you have informed us that a donation is eligible for Gift Aid, by completing a Gift Aid declaration, we will use your personal data to claim Gift Aid
  • Preventing fraud: We may process your information to protect you and us against fraud, such as when transacting on our website, and to ensure our websites and systems are secure.
  • Analytics: To process your personal information for the purposes of supporter analysis, assessment, and profiling, on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information.
  • Research: To determine the effectiveness of promotional campaigns and advertising, and to develop our products, services, systems, and relationships.
  • Verifying eligibility and suitability: In relation to those who apply for membership or a voluntary position, as well as verifying that those who request our support are eligible to receive it from us. This can include requesting and obtaining references, such is in relation to volunteering roles or grant applications.

You have a right to object to your personal data being processed under legitimate interests if you do not consider we have compelling legitimate grounds for the processing. Please see the section below for more information.

9. Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

9.1. Your right of access

You have the right to request a copy of your personal information. This is commonly known as a Subject Access Request. The right covers access to your own personal data, subject to applicable exemptions, but does not cover information that relates to other people, or information that is not personal data. This means that, if you make a request, you may not always receive all the information that we process about you. 

9.2. Your right to object to processing

You have the right to object to us processing your personal data. For our purposes of sending you direct marketing, this is an absolute right. To opt out of receiving direct marketing from us, you should contact xxxxxxxxxx

In some other circumstances, such as where we are required to process your information to meet a legal obligation, your right to object may not apply. 

9.3. Your right to erasure

You have the right to ask us to erase your personal information, in certain circumstances. However, where we need to keep information about you to meet our legal obligations, or for other legitimate purposes, your right of erasure may not apply. 

9.4. Your right to rectification

You have the right to ask us to rectify information you think is inaccurate, or to complete information you think is incomplete. 

If your personal details change, please notify us so we can keep your information up to date.

9.5. Further information about your data protection rights

You are not required to pay a charge for exercising your data protection rights. However, before we can accept a request from you, we may need to conduct checks to establish that you are entitled to make the request. We may also need to clarify your request with you.

We respond to rights requests without undue delay and in normal circumstances within one month. Where requests are complex, we may take up to a further two months to respond, in line with applicable law. We will tell you if this is the case.

9.6. How to make a data protection rights request

If you would like to make a request related to your data protection rights, you can contact us by email. Email is our preferred way of communicating. It is quicker, more convenient, cheaper, and has less impact on the environment. If you need to write to us, you can contact us at secretary@cirencestercivicsociety.org.uk 

9.8. The right to complain

If you are unhappy with how we have handled your personal information, we want to hear from you. Contact us about your data protection concerns by emailing: xxxxxxx

Email is our preferred way of communicating. It is quicker, more convenient, cheaper, and has less impact on the environment. If you need to write to us, you can contact us at secretary@cirencestercivisociety.org.uk 

You also have the right to complain to a data protection supervisory authority. In the UK, this is The Information Commissioner’s Office (ICO). The ICO states that you should give us the chance to make things right, before contacting them about a complaint.

If you have contacted us about your concern but you remain dissatisfied, you can contact the ICO using the following details: By using the: Information Commissioner’s Office complaints tool or by writing to the Information Commissioner’s Office, at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Please note: the regulator asks that you send them a copy of any letters and emails about your complaint, between you and us, as well as any other information that supports your complaint.

10.  How we protect personal data

We are committed to making sure the personal data we hold is always appropriately protected. We do this by implementing and maintaining a range of technical and organisational measures.

We make sure our systems are appropriately configured to prevent unauthorised access or disclosure, and we apply relevant technical controls to keep our systems secure. These include applying security updates, software patches, bug fixes, malware and virus scans, and vulnerability testing. We routinely review who has access to our systems, to ensure the information we hold is only accessible to those we authorise, and who need to use it.

We apply appropriate security at points where data is collected and shared, such as by ensuring any online data capture forms are encrypted, and online payments and donations are made via secure payment gateways. We apply data transfer security measures, such as industry-standard email encryption, to help keep data secure. 

Our procedures reflect our commitment to keeping data secure, and they are reviewed regularly. Any volunteers who may access your personal data are provided with appropriate data protection information to ensure they maintain a good awareness and understanding of their data protection responsibilities.

11. How long we keep personal data

We only keep hold of personal data for as long as we need to, related to the purposes for which it was collected, or for other purposes that are compatible with those purposes such as to meet our legal obligations. When we no longer need personal data, it is securely deleted or destroyed. Where practical, we inform you how long we will retain your data, at the time you provide it to us.

For example, where our uses of personal data involve financial data being stored we normally keep those records for 7 years, from the time of a relevant transaction or decision. This is so we can demonstrate compliance with financial record keeping requirements, tax and charity law, and other applicable rules and regulations. This timeframe applies to records related to donations, gifts, donations and grants that we receive, as well as where data is processed to claim Gift Aid. This period also applies to records created when grants are provided.

12. Changes to our privacy notice

We keep this privacy notice under review. Where we need to make changes to our privacy information, we will update this privacy notice. If those changes are significant, we may contact individuals who are potentially affected by the changes, to bring our updated privacy information to their attention.If you have any queries about this privacy notice, please contact us. Email is our preferred way of communicating. It is quicker, more convenient, cheaper, and has less impact on the environment. If you need to write to us, you can contact us at secretary@cirencestercivicsociety.org.uk