Banbury Community Action Group

Privacy Policy

About Us

Banbury Community Action Group (BCAG) was formed in November 2013. It brings together residents who are already volunteering locally with environmental and community groups, together with residents who are growing their own food, living off-grid or have a keen interest in improving their home town and living sustainably.
We organise community events to raise awareness and take action of pressing environmental issues including waste reduction, sustainable transport, food, water and energy efficiency.
We are part of the Community Action Group (CAG) Project who support community groups across Oxfordshire and Devon:
Resource Futures Ltd t/a
The Community Action Group Project, Makespace Oxford, 1 Aristotle Lane, Oxford, OX2 6TP

What Information we collect

  •  In most cases the information that we collect from you will be a name and email address with a small number of home addresses and phone numbers for active volunteers.
  •  Permission slips for young volunteers which contain next of kin details and relevant health information.
  •  Basic banking information for donations and payments.
  •  Photographs during events and activities.

How we use your information

  • Email Circulation List – to inform you of events which are being run by the Banbury Community Action Group and occasionally events organised by other groups in which you may be interested and for no other purpose.
    We use an external provider called Mailchimp with the double opt-in method of consent.
    Their privacy policy can be found here: https://mailchimp.com/legal/privacy
    It is rare to receive more than one email a month from us unless you decide to instigate further communication with one of us.
  • Communication – our main method of communication is via email which we use to respond to enquiries and planning community events. We will never pass on your information to any other organisation or individual unless we have your explicit agreement for a specific purpose (for example, because you have volunteered to liaise with another organisation or organising a joint event).
    We use an external provider called Google Mail.
    Their privacy policy can be found here: https://policies.google.com/privacy
  • Funding and Venue applications – volunteers in specific roles occasionally provide their personal details as a contact point.
  • Annual Accounts – information is used solely for compliance with the laws for running a voluntary organisation.
  • Promotion – we use photographs taken at events and activities to publicise the group. These are shown on our website, social media, and our display boards on a promotion stall. Notification signs will be placed at events and close up photos of young people are only taken with permission from a parent/guardian who is present.
  • Permission Slips – to fulfil our safeguarding obligations, we store permission slips from parents/guardians allowing young people to participate.

Who has access to your information

  • We have three committee members plus project co-ordinators and event/activity leaders.
  • Only volunteers holding specific roles will have access to personal data which is relevant to their tasks and responsibilities.
  • Please contact us if you wish to know who these authorised volunteers are.

How we keep your information safe

  • Electronically stored information using Google Drive, Email or personal pc’s/laptops are password protected.
  • Passwords are issued by a committee member or project co-ordinator. These are changed on a regular basis and also when an active volunteer, with a specific role, steps down.
  • Paper documents relating to our accounts are stored securely by the Treasurer.
  • Essential documents have personal information redacted before being stored or shared.
  • Young volunteers’ permission slips will be scanned and stored electronically and original paper versions destroyed.

How long we keep your information for

  • Email circulation list – indefinitely until you unsubscribe or ask us to remove you from the list.
  • Paper mailing list signup sheets – transferred to our mailchimp sign up banburycag.org.uk/contact then securely shredded.
  • Funding and Venue applications – until the event/grant is completed then personal data is redacted or the document deleted.
  • Accounting records – 6 years
  • Photographs – until the event publicity is no longer needed, the group is dissolved or you ask us to destroy them
  • Permission Slips – paper copies are scanned electronically then securely shredded. This information is then deleted annually in December or upon request.

Data Breach

In the event that the personal data we hold is accidentally lost, unlawfully destroyed, altered or disclosed/accessed without authorization, then we will investigate how it happened and amend our procedures to prevent it recurring in the future.

If sensitive data has been breached and results in a high risk to an individual’s rights and freedoms, then in addition to an investigation we will:

  • Notify the Information Commissions Office (ICO)
  • Notify the individual(s) concerned.

Further information on a data breach:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/

Updated: 25 May 2018

GDPR