Privacy Policy

Privacy Policy

Introduction

This website is operated by Community Kitchen Glos CIO, a charitable incorporated organisation, registered with the Charity Commission in England and Wales, number 1207428 (hereafter “The Kitchen”). The Kitchen is committed to protecting and preserving the privacy of those using this website and all of the other information systems managed by The Kitchen.

Our privacy policy

This policy sets out how The Kitchen processes any personal data that The Kitchen collects from you or that you provide to The Kitchen. The Kitchen has taken all reasonable steps to ensure we are compliant with all relevant data protection legislation. Please read our privacy policy to understand what happens to personal data that you provide to The Kitchen. By visiting this website you give consent to The Kitchen processing your information in the manner given in this document.

Types of information we may collect from you

The Kitchen may collect, process, retain and use the following kinds of information about visitors to our website and users of our information systems:

Information you supply to The Kitchen.

You may supply The Kitchen with information about you through this website and through other information systems. This includes information you provide when you make a contact and/or enquiry, a newsletter subscription request, or submit a volunteer registration. The information we collect has been reviewed by the trustees of The Kitchen and is the reasonable minimum we believe we require to provide the service or services you have requested.

Information our systems automatically collects about you.

When you use our web services including this website, The Kitchen may automatically collect information such as:

  1. Technical information provided by your browser – specifically all of the data given in the HTTP (HyperText Transfer Protocol) request header including the Internet Protocol (IP) address and other elements such as User-Agent string offered by your browser as part of routine HTTP handshakes with your system and The Kitchen’s hosting provider/s. The types of information shared in this header are given in the HTTP protocol specification and is dependent on the configuration of your device and software.
  2. Information about your visit, including what pages you visit, what time you visited each page, how you got to the site (including date and time); page response times, what you click on, documents downloaded and download errors.

Cookies

The Kitchen uses cookies on its main website to improve your experience of our site. We also use cookies to manage login data and user experience through our volunteer extranet ‘Hotpot’ (hotpot.ckglos.org.uk) and our charity management platform ‘Hotplate’ (hotplate.ckglos.org.uk). Our main website and Hotpot allow you to opt out of all cookies which are not essential for the site to work correctly (e.g. cookies are used by Hotpot and Hotplate to recognise whether you’re correctly logged in – these are essential). Hotplate only sets essential cookies and is only for use by registered volunteers and trustees of The Kitchen. The Kitchen makes use of third-party web services such as those from Google, Microsoft, Paypal and Zelos, the privacy policies of these organisations are linked herewith. Other service providers will have privacy policies available from their corporate websites. The Kitchen has no ability to affect these policies.

The only other cookies in which we have an interest are the edible-biscuit variety. We aim to offer these with tea, coffee and squash with every meal we serve. If you’re reading our privacy policy, maybe you’d like to pop in for a drink and a biscuit to recognise your diligence? Please register to be a volunteer and someone will happily personally cover the cost of your drink and biscuit.

How the Kitchen may use the information we collect

The Kitchen uses information given to us via electronic means in the following ways:

  • To provide you with information, products and/or services that you request from us.
  • To administer our information systems including for troubleshooting and for management information purposes.
  • To improve our information systems to ensure that content is presented in the most effective manner for you and for your device.
  • Security and debugging as part of our efforts to keep our systems secure and detect unauthorised access attempts.

Disclosure of your information

Any information you provide to The Kitchen will be stored on a server with appropriate security controls. We use virtual compute, storage and database services provided by third parties to facilitate the running and management of our information system and our data processing.

Asymmetric key encryption is often used by providers who store information on our behalf. This means that these providers may not be able to read or update any data that they store on our behalf. They are unlikely to be able to reliably delete information they cannot read, even if your consent is provided to them.

Where The Kitchen processes your data on the basis of consent, it does not share that personal information about you with other people or organisations outside of The Kitchen. There are cases where the lawful basis for processing your data may not involve consent – e.g. if you suffer a serious medical emergency during a volunteer shift, a proportionate subset of your volunteer data, such as name and medical information and emergency contact information will be shared with the emergency services to save your life – in this instance your data would normally be shared on the lawful basis of protecting your ‘vital interests’.

The Kitchen will use all reasonable efforts to ensure that your personal data is not disclosed in a manner which is not consistent with this policy, unless required by law.

Occasionally the security provisions afforded by common internet protocols fail to offer the security that is appropriate for the information given (e.g. opportunistic TLS encryption for emails). The Kitchen has taken all reasonable measures to protect your personal data. The Kitchen cannot assure the security of your data where you chose to, or The Kitchen is reasonably required to, use a transfer or storage method (e.g. email) which may, outside the reasonable control of The Kitchen, periodically fail to provide the security that would otherwise be expected for the category or sensitivity of data that The Kitchen has been given.

Data Retention

The Kitchen will retain personal data, only for the time it needs to retain it. Normally the following retention schedules will apply unless the Kitchen have agreed otherwise with you:

  1. The personal data of registered volunteers, training and attendence records will be held for three years after you let us know you have stopped volunteering. If you do not tell us that you have stopped volunteering but cease to actively volunteer, we will delete this data four years after we have observed you are no longer actively volunteering. If you register as a volunteer but never volunteer or attend an induction, your registration will be deleted after three months.
  2. The personal data of members or trustees of The Kitchen will be held for at least seven years after you cease to be a member or trustee. Members and trustees have a clear role in the decision making and corporate governance so depending on the work done by the member or trustee, a longer retention period may be necessary. The processes for ending membership or ceasing to be a trustee are given in the Constitution of The Kitchen and all members and trustees are provided with electronic access to this document when they take up membership or become a trustee.
  3. The personal data of donors will be held for three years after the last donation.
  4. The data of those who have subscribed to communications and/or newsletters may be held for up to one year after the request to stop communications or unsubscribing to a newsletter.
  5. Management data and information about the performance of our systems may be retained for up to three years where this data is fully managed by the Kitchen.
  6. Corporate records are typically kept for seven years, certain financial records will be kept for twenty one years and a small number of documents such as the records of key decisions or reports (e.g. Annual Reports, minutes from General Meetings) may be kept indefinitely.

References to you in other documentation such as meeting minutes or emails and letters will be kept for as long as is needed according to the retention schedule for that document. This will depend on the content of the document. For example, if you attend a general meeting, the record of your name as an attendee and other information about you which has been reasonably included to form an accurate record of the meeting cannot be removed before the document is scheduled for destruction, even if you later withdraw your consent for The Kitchen to process your personal data. In this case your data is held lawfully for The Kitchen’s legitimate interests and your consent is not required.

Your rights – access to your personal data

You have a qualified right in law to access personal data that The Kitchen holds about you. Any subject access request (SAR) must be made in writing to The Kitchen at the registered address or [email protected]. The Kitchen will provide a response in the manner given in applicable legislation. We may need to request further information from you to fulfil your request. If you have a complaint about how we have used your information and, after complaining to The Kitchen you still do not feel your complaint has been adequately addressed, you have the right to complain to the Information Commissioner’s Office (ICO) and our ICO registration number is ZB631472.

Changes to our Privacy Policy

This policy may be changed from time to time at the sole and absolute discretion of the trustees of The Kitchen and it is your responsibility to ensure that you are content with the terms and conditions laid out herein when you provide The Kitchen with your data.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected]

No biscuits without a volunteer registration though.