This policy describes how we, through our ‘Blaenau Gwent Heritage Forum’ website collect, store, process and protect the personal data of our visitors. This policy also explains how the privacy rights of our visitors are protected by law.
What personal information do we collect, store and process?
Why do we collect, store and process personal information?
How do we collect personal information?
Where do we store personal Information?
What systems have we put in place to protect the personal information that we hold?
Who do we share personal information with?
How long do we retain your personal information?
The UK General Data Protection Regulation (GDPR)
What rights do our visitors have over their personal information?
1. What is personal information?
Personal information (data) refers to information that can be used on its own, or combined with other data, to identify a visitor to our site as an individual. As a Forum, we try to handle our visitors’ personal information respectfully, lawfully, and transparently.
In line with the General Data Protection Regulation (GDPR) of 2018, we ask visitors to our site for their consent for us to collect, store and process their personal information.
We provide a pop-up box so that visitors can choose to accept all cookies, some cookies, or no cookies when they visit our site. These Cookie consent preferences are active for one year.
Necessary cookies, required for the running of our site, are not included in these choices. These cookies do not store any personal data.
2. What personal information do we collect, store and process?
When visitors buy our products, subscribe to our newsletter, contact us via our Contact Form, book on to our trips and events we collect and process the personal information they provide.
So, on this site we generally collect:
Names, addresses, email addresses and phone numbers
Anonymous location data such as GPS co-ordinates and IP addresses
More specifically, we automatically collect personal data when a visitor makes the following actions:
Sends us an email – name, email address and the content of the message
Makes contact using the Contact form – name, email address and the content of the message
Makes a purchasefrom our shop – names, address, phone number. email address, and the content of any message
Voluntary sign-up to our Newsletter – Name and email address
Voluntary sign-up for our trips and events – Name and email address
3. Why do we collect and process personal information?
We do this so that we can:
Send our Newsletter out
Reply to communications
Keep records of trip and events attendees
Keep records for our annual accounts
Improve our services
4. How do we collect information?
Listed below are the ways in which we collect data:
Via our online shop: We use the ecommerce platform, WooCommerce, which automatically collects and stores information relating to our visitors’ interaction with the shop.
Payment details such as debit card etc are not seen by us. Payment is transferred to a secure page of PayPal which is not accessed or controlled by BGHF.
Via Cookies Internet cookies refer to the data that is stored on our computers when we visit websites so that they can remember our preferences and make our browsing experience more personalised and convenient.
We ask our visitors to consent to our use of cookies before they enter our website. We can provide accurate and specific information about the data each cookie tracks and its purpose. We also keep a log of the choices regarding the acceptance of cookies our visitors have made. These logs have identifying codes but no names. We scan our website regularly to look at the type of cookies we have on the site and make amendments if necessary.
We process anonymous technical information about the hardware and software our visitors use to access our site and use our services. This includes Internet Protocol (IP) addresses, browser type and version and device operating systems
We collect anonymous information about the Country, region and town our visitors are from
We collect anonymous usage information such as the frequency visitors use our services, the pages that they visit, how long they stay on page etc. We analyse and use this information to improve our website
Via images Some images might contain embedded content. This means that visitors to our site can download and extract data from these images. Embedded content from other websites behaves in exactly same way as if the visitor was visiting that site.
Via videos on YouTube I have provided links to some excellent short videos on YouTube but please be aware that YouTube imbeds tracking and advertising cookies which monitors our interactions with the content we are looking at. These cookies only relate to the YouTube videos and are designed to personalise user experience in terms videos and ads that YouTube shows to each viewer. I have looked at YouTube’s Privacy Policy regarding this, and this is what they say:
‘We do not sell your personal information to anyone. We use the information we collect to customize our services for you, including providing recommendations, personalizing search results, and serving relevant ads for you. While these ads help fund our services, your personal information is not for sale.’
5. Where do we store personal information?
Emails and messages through the Contact form – these are stored in a specific password protected account set up for the Forum.
Purchasesfrom our online shop – information is stored on the website within the password protected ‘WooCommerce’ database
Sign-up to our Newsletter On the password protected ‘Mailchimp’ database
Sign-up for our trips and events On the password protected ‘Ticket Source’ database or in some instances on the password protected PayPal site
Paper documents There are very few of these but what we have are kept in a locked box.
6. What systems have we put in place to protect the personal information we hold?
We use password protected accounts
The site is scanned regularly for spyware and viruses
The only person who sees personal information is the website administrator
There is another admin. listed on the site who, also, has password access. His role is to ensure the hosting and technical running and updating of the site is in order. and would not generally have a need to see visitors’ personal information.
7. Who do we share personal information with?
We do not sell, share or disclose to third parties, any personal information acquired through our website.
8. How long do we retain personal information?
Emails – We keep these for as long as is required for the purposes for which they are supplied, or for as long as is legally required. Emails and contact messages are deleted manually once interactions are completed
Purchases from our shop – these are automatically deleted by the WooCommerce data base after I year.
Sign-up to our Newsletter – manually deleted when visitors unsubscribe
Sign-up for our trips and events – manually deleted after I year as details are needed for annual accounting
9. The UK General Data Protection Regulation (GDPR)
Legally, the information we hold has to fall into one of 6 specific categories or ‘bases’. The information the BGHF website holds on our visitors falls into 2 bases:
Base 1 – Contract
When our visitors buy a product from us, book onto an event or make contact with us, a contract is formed between them and us. To carry out our responsibilities under this contract we will need to process the information our visitors give to us. Some of this information will be personal data. We continue to process this information until the contract between ourselves and the visitor ends, or our annual accounts are completed.
Base 2 – Consent
When our visitors choose to share their personal details with us for specific purposes, e.g. signing-up to our Newsletter or booking onto an event, they are also giving their clear consent for us to process the data they supply. This consent can be withdrawn at any time without penalty, however, in some instances, it might be difficult for us to proceed if consent isn’t given.
10. What rights do our visitors have over their personal information?
They can request to receive a file of the personal data we hold about them
They can request that we change incorrect data that we hold on them
They can request that we delete their personal data
They have the right to know how long we store their data
They have the right to withdraw their consent at any time.
They have the right to complain
They have the right to know the consequences to them of failing to provide data for us.
If you would like to exercise any of the rights above, please contact: Mrs Carolyn Jones (website administrator) at: [email protected]
