How we use and collect your personal data
The Galleywood Heritage Centre uses an external service to manage and deliver our newsletters and other information to our subscribers. The service is called MailChimp.
The Data Protection Act 2018 (DPA) is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and updates the Data Protection Act 1998.The The Data Protection Act 2018 forms the UK privacy law that affects organisations in the UK and around the world and it become enforceable on May 25, 2018. It regulates how any organization treats or uses the personal data of individuals. Personal data is any piece of data that, used alone or with other data, could identify a person. If we collect, change, transmit, erase, or otherwise use or store the personal data, we need to comply with the DPA 2018.
We need to have a legal basis, like "consent", to process your personal data. Under the Data Protection Act 2018, we also use other legal basis for processing personal data if for wxample you make a booking with us or use our website, these rely on "Legitimate interests". Where we use your consent it must be specific and verifiable.
Verifiable consent requires a written record of when and how someone agreed to let us process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.
About Individual Rights
The DPA 2018 also outlines the rights of individuals around their personal data. Individuals have the right to ask for details about the way you use their personal data and you can ask us to do certain things with that data. GHC supports people's requests in a timely manner. Individuals have the right to request their personal data be corrected, that it be provided to them, prohibit certain uses, or to be removed completely.
We prepared for DPA 2018 and modifyed many of our internal practices and policies over the period prior to implementation, because we are committed to achieving compliance with the DPA.
Transparent data processing is mandatory for us, MailChimp DPA compliant signup forms help us to stay compliant with the latest laws.
The DPA says we must obtain specific consent from you and clearly explain how we plan to use your personal data. Our DPA/GDPR fields in the sign up forms include checkboxes for opt-in consent, and sections that allow us to explain how and why we are using your data.
MailChimp stores our Galleywood Heritage Centre forms and contact data in case we need it in the future. If someone signs up for our list through a MailChimp hosted form, we can export that list and view information related to the signup for additional evidence of consent.