Privacy Policy

Privacy Policy

Introduction

This website is operated by Community Kitchen Glos CIO, a charitable incorporated organisation, registered with the Charity Commission in England and Wales, number 1207428 (hereafter the “Charity”). The Charity is committed to protecting and preserving the privacy of those using this website and all of the other information systems managed by the Charity.

Our privacy policy

This policy sets out how the Charity processes any personal data that the Charity collects from you or that you provide to the Charity. The Charity has taken all reasonable steps to ensure we are compliant with all relevant data protection legislation. Please read this policy to understand what happens to personal data that you provide to the Charity. By visiting this website you give consent to the Charity processing your information in the manner given in this document.

Types of information we may collect from you

The Charity may collect, process, retain and use the following kinds of information about visitors to our website and users of our information systems:

Information you supply to the Charity.

You may supply the Charity with information about you through this website and through other information systems. This includes information you provide when you make a contact and/or enquiry, a newsletter subscription request, or submit a volunteer registration. The information we collect has been reviewed by the trustees of the Charity and is the reasonable minimum we believe we require to provide the service or services you have requested.

Information our systems automatically collects about you.

When you use our web services including this website, the Charity may automatically collect and retain information such as:

  1. Technical information provided by your browser/computer system such as the Internet Protocol (IP) address and other information offered by your system as part of the exchange of data between your system and ours.
  2. Information about your visit, including what pages you visit, what time you visited each page, how you got to the site (including date and time); page response times, what you click on, documents downloaded and download errors.

Cookies

The Charity uses cookies on its main website to improve your experience of our site. We also use cookies to manage login data and user experience. We do this across several systems:

  1. Our website at ckglos.org.uk.
  2. Our volunteer extranet ‘Hotpot’ (hotpot.ckglos.org.uk)
  3. Our charity management platform ‘Hotplate’ (hotplate.ckglos.org.uk).

Our main website and Hotpot allow you to opt out of all cookies which are not essential for the site to work correctly (e.g. cookies are used by Hotpot to recognise whether you’re correctly logged in – these are essential). Hotplate only sets essential cookies and is only for use by registered volunteers and trustees of the Charity, if you are a registered volunteer you will need to accept these cookies.

The Charity makes use of third-party web services such as those from Microsoft, Google, Paypal and Zelos, the privacy policies of these organisations are linked herewith. Other service providers will have privacy policies available from their corporate websites. The Charity has no ability to affect these policies.

The only other cookies in which we have an interest are the edible-biscuit variety. We aim to offer these with tea, coffee and squash with every meal we serve. If you’re reading our privacy policy, maybe you’d like to pop in for a drink and a biscuit to recognise your diligence? Please register to be a volunteer and someone will happily personally cover the cost of your drink and biscuit.

How the Charity may use the information we collect

The Charity uses information given to us via electronic means in the following ways:

  • To provide you with information, products and/or services that you request from us.
  • To administer our information systems including for troubleshooting and for management information purposes.
  • To improve our information systems to ensure that content is presented in the most effective manner for you and for your device.
  • Security and debugging as part of our efforts to keep our systems secure and detect unauthorised access attempts.

Disclosure of your information

Any information you provide to the Charity will be stored on a server with appropriate security controls. We use virtual compute, storage and database services provided by third parties to facilitate the running and management of our information system and our data processing. We take reasonable precautions to ensure your personal data is secure and private, such as requiring encryption for data both in transit and at rest on systems we manage.

Where the Charity processes your data on the basis of consent, it does not share that personal information about you with other people or organisations outside of the Charity. There are cases where the lawful basis for processing your data may not involve consent – e.g. if you suffer a serious medical emergency during a volunteer shift, a proportionate subset of your volunteer data, such as name and medical information and emergency contact information will be shared with the emergency services to save your life – in this instance your data would normally be shared on the lawful basis of protecting your ‘vital interests’.

The Charity will use all reasonable efforts to ensure that your personal data is not disclosed in a manner which is not consistent with this policy, unless required by law.

Occasionally the security provisions afforded by common internet protocols fail to offer the security that is appropriate for the information given. The Charity cannot assure the security of your data where you chose to, or the Charity is reasonably required to, use a transfer or storage method (e.g. email) which may, outside the reasonable control of the Charity, periodically fail to provide the security that would otherwise be expected for the category or sensitivity of data that the Charity has been given.

Data Retention

The Charity will retain personal data, only for the time it needs to retain it. Normally the following retention schedules will apply unless the Charity have agreed otherwise with you:

  1. The personal data of registered volunteers, training and attendence records will be held for three years after you let us know you have stopped volunteering. If you do not tell us that you have stopped volunteering but cease to actively volunteer, we will delete this data four years after we have observed you are no longer actively volunteering. If you register as a volunteer but never volunteer or attend an induction, your registration will be deleted after three months.
  2. The personal data of members (including lead volunteers and trustees) of the Charity will be held for at least seven years after you cease to be a member. Members have a clear role in the decision making and corporate governance so depending on the work done by the member, a longer retention period may be necessary. The processes for ending membership or ceasing to be a trustee are given in the Constitution of the Charity and all members and trustees are provided with electronic access to this document when they take up membership or become a trustee.
  3. The personal data of donors will be held for three years after the last donation.
  4. The data of those who have subscribed to communications and/or newsletters may be held for up to one year after the request to stop communications or unsubscribing to a newsletter.
  5. Management data and information about the performance of our systems may be retained for up to three years where this data is fully managed by the Charity.
  6. Corporate records are typically kept for seven years, certain financial records will be kept for twenty one years and a small number of documents such as the records of key decisions or reports (e.g. Annual Reports, minutes from General Meetings) may be kept indefinitely.

References to you in other documentation such as meeting minutes or emails and letters will be kept for as long as is needed according to the retention schedule for that document. This will depend on the content of the document. For example, if you attend a general meeting, the record of your name as an attendee and other information about you which has been reasonably included to form an accurate record of the meeting cannot be removed before the document is scheduled for destruction, even if you later withdraw your consent for the Charity to process your personal data. In this case your data is held lawfully for the legitimate interests of the Charity and your consent is not required and therefore withdrawing it does not require us to remove these records.

Your rights – access to your personal data

You have a qualified right in law to access personal data that the Charity holds about you. Any subject access request (SAR) must be made in writing to the Charity at the registered address or [email protected]. The Charity will provide a response in the manner given in applicable legislation. We may need to request further information from you to fulfil your request. If you have a complaint about how we have used your information and, after complaining to the Charity you still do not feel your complaint has been adequately addressed, you have the right to complain to the Information Commissioner’s Office (ICO) and our ICO registration number is ZB631472.

Changes to our Privacy Policy

This policy may be changed from time to time at the sole and absolute discretion of the trustees of the Charity and it is your responsibility to ensure that you are content with the terms and conditions laid out herein when you provide the Charity with your data.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected] No biscuits without a volunteer registration though.

Last revision 12 Apr 2026 (dave)