Littlehempston Community Pub Ltd (LCPL)
Data Protection and Privacy Policy
1. Purpose of the policy
This policy sets out how we collect, use and keep safe the personal data supplied to us by LCPL’s Members (shareholders) and Supporters.
We recognise the importance of the correct and lawful processing of personal data in maintaining confidence in our operations.
2. How the data is collected
The personal data we hold is supplied by share applicants applying to become Members or by Supporters requesting the LCPL newsletter.
3. How the personal data is used
LCPL holds personal data on its Members and Supporters for the purpose of:
- serving notice to Members of Annual and Special Members Meetings
- informing and consulting Members regarding the activities of Littlehempston Community Pub
- maintaining a register of Members and pending applicants
- sending newsletters to both Members and Supporters
- repaying shareholders in the event of withdrawal of shares, the payment of interest/dividends or the repayment of share capital in the event of dissolution of the company
We do not share, sell, or disclose to a third party any personal information we hold.
4. What data is held
The following data is held on LCPL Members:
- name and address
- telephone number
- e-mail address
- date of share application
- number of shares requested or held
- details of any Enterprise Investment Scheme (EIS) application
- bank account details
The following data is held on Supporters of LCPL:
- name and e-mail address
5. How the data is stored
Data is stored in ways that minimise the risk of accidental loss such as through fire or computer breakdown, but that restrict access to the data on a “need to know” basis:
- hard copy of the Share Register containing names, addresses and number of shares of all Members is held in a secure office by the Treasurer.
- the full Share Register is held in digital form on one personal computer, normally the Secretary’s.
- digital data containing names and e-mail addresses of both Members and Supporters is held on the LCPL website.
6. How the data is kept secure
Data is kept secure from accidental divulgement, loss or aggressive data attack in the following ways:
- a Data Protection Officer (DPO) is responsible for keeping data secure and updated. The DPO will normally be the Secretary or another nominated officer.
- hard copy of the Share Register is held in a secure office by the Treasurer. This is a paper back-up copy for use if digital data is lost.
- the Share Register in digital form is held on the DPO’s personal computer, that is password protected, regularly updated with the latest security software and backed up.
- digital data held on the LCPL website is protected through regular updates of the latest security software. It is used to send out notices to Members and also newsletters to both Members and Supporters. Personal data is not revealed to the sender or the recipients of the communications.
7. Communicating Privacy Information
- The following notice is included when applications for shares are made and applicants have to actively tick a box to agree to this statement:
I agree to my name, address, phone number(s), email address and the number of Shares I wish to purchase being held on a computer database. I understand that this information will be used for the purpose of maintaining a register of Members and potential Members and for posting of notices regarding the activities of Littlehempston Community Pub Limited, and will not be passed to third parties.
- Applicants for shares will be directed to this policy for full information. This policy will also appear publicly on the Littlehempston Community Pub Ltd. website.
8. How Members and Supporters can control personal data
- On every type of digital communication, Members and Supporters are invited to click on a link to Unsubscribe. Those contacted by letter are also given this option.
- Requests to access, rectify or erase personal data should be made by e-mail to: LCPL Secretary via the contact form on the Tally Ho website (littlehempstoncommunitypub.co.uk) or by letter to the registered office addressed to: LCPL Secretary, The Tally Ho, Littlehempston, Totnes, Devon TQ9 6LY.
- Such requests will be dealt with within 30 days of the request, but will normally be dealt with as soon as possible.
9. Data Breaches
- All data breaches should be reported to the Chairman and the Secretary and/or DPO without delay.
- Any breach will normally be reported to the members concerned.
- Serious breaches may need to be reported to the Information Commissioner’s Office (ICO).
Data Protection and Privacy Policy adopted July 16th 2018