St Anthony’s Trust Limited Privacy Policy
1. Welcome
The Trust is the landlord of Tablehurst and Plaw Hatch Community Farms in Forest Row and Sharpthorne. It owns most of the land and the buildings on which the farms operate and works closely with the farms and the Tablehurst & Plaw Hatch Community Farms Co-op to ensure that biodynamic, community-owned agriculture in Forest Row is safeguarded for generations to come. It also owns the Rachel Carson Centre, a building and land that is a former biodynamic training centre. We have no endowment and depend on gifts and legacies for our ongoing work. We have two main charitable aims: education, training, and research in biodynamic farming and horticulture and assistance to the aged, infirm, and poor.
To this end, St. Anthony’s Trust owns Old Plaw Hatch Farm and Tablehurst Farm and lets them to the farms to operate as biodynamic agricultural farms and training centres. We value your privacy and are committed to ensuring that the personal information you share with us is safe and used only for the purpose it has been collected for.
We have followed the guidance of the Information Commissioner’s Office, the Charity Commission for England and Wales, and the Chartered Institute of Fundraising to shape this policy.
2. Introduction:
a. The General Data Protection Regulation (GDPR) applies in the UK as of 25 May 2018. It replaces the 1998 Data Protection Act and introduces new rules on privacy notices and the processing and safeguarding of personal data.
b. The purpose of this policy is to ensure Saint Anthony’s Limited (referred to as “us”, “the organisation”, and “the charity”) complies with GDPR and only stores necessary personal data, and only for the duration that it is required; and to ensure that the data is kept securely and safely deleted when it is no longer required.
c. We are committed to ensuring that your privacy is protected. Any personal information received will only be used in accordance with this privacy statement and solely for the purpose for which it was given.
d. We may change this policy to comply with new relevant legislation.
e. This policy applies to all the personal data collected by St. Anthony’s Trust directly from you, through our website or from our partners.
3. Reference:
3.1 Personal Data
According to UK GDPR, personal data is information that relates to an identified or identifiable individual. In other words, it is information that allows people to identify you. This can be as simple as a name or a number or include other identifiers such as an IP address, a cookie identifier, or other factors. If it is possible to identify you directly from the information we are processing, then that information may be personal data.
The UK GDPR provides a non-exhaustive list of identifiers, including
● Name, identification number, location data; and an online identifier; Post / Email address; Phone number; one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
● ‘Online identifiers’ include IP addresses and cookie identifiers, which may be personal data.
Information about a deceased person does not constitute personal data and, therefore, is not subject to the UK GDPR. Information about a limited company, companies, public authorities or another legal entity, which might have a legal personality separate from its owners or directors, does not constitute personal data and does not fall within the scope of the UK GDPR.
3.2 Special Categories of Personal Data
Personal data may include special categories of personal data that are considered more sensitive, require a higher level of protection, and must only be processed in limited circumstances. They can refer to an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, criminal conviction, offences data, biometric data, health data and gender identity.
3.3 The Seven Principles of Data Protection
1. Lawfulness, fairness, and transparency – using personal data in a way that complies with the law and in a way our supporters and staff expect and have been told about.
2. Purpose limitation – We only use personal data for the reasons we declare and not for something extra or unrelated.
3. Data minimisation – We will limit the personal data we collect to what we need.
4. Accuracy – The personal details in our records should be accurate and kept up to date. If you notice any mistake or want to be removed from our records, please contact us at admin@saintanthonystrust.com
5. Storage limitation – We will keep personal data for as long as needed. It will be securely destroyed or deleted when we no longer need it.
6. Integrity and confidentiality (security) – Your personal information will be kept secure. We ensure that the details of our staff, volunteers, trustees, partners and donors are protected and that you can access those details.
7. Accountability – This underpins the other six principles. We take responsibility for having appropriate measures in place.
4. The Information We Process, Where It Comes From, Why We Process it, Lawful Basis, Who We May Share It With, How Long We Keep It for
4.1 Personal Information
We collect personal data from various sources, including our website’s contact form, directly from individuals, from organisations they are involved with, from members of the public or third-party organisations, from other government departments, regulators, law enforcement agencies and similar organisations, and from publicly available sources (such as websites, statutory registers and public records).
4.2 Non-personal Information
a. We may collect non-personal identification data during your interaction with our website. This non-personal identification data may encompass details such as the browser name, the type of computer you are using, and technical information regarding your method of connecting to our website. This includes information about your operating system and the Internet service providers utilised, among other similar data.
b. We employ technologies like cookies, web beacons, pixel tags, and similar tracking technologies to facilitate the collection of this non-personal identification data.
Rest assured, we handle this data with utmost care and adherence to relevant privacy regulations, ensuring that it remains non-personal and anonymous in nature.
c.Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:
● Cookies or Browser Cookies. A cookie is a small file placed on your device. You can instruct your browser to refuse all cookies or indicate when a cookie is being sent. However, if you do not accept Cookies, you may be unable to use some parts of our Service. Unless you have adjusted your browser setting so that it will refuse cookies, our Service may use Cookies.
● Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity). Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser. Learn more about cookies on the Privacy Policies website article. We use both Session and Persistent Cookies for the purposes set out below:
● Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to providing you with services available through the Website and enabling you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.
● Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
● Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid having to re-enter your preferences every time you use the Website.
4.3 Why we process personal data:
a. Our commitment is to use personal information shared with us solely for its intended purpose.
b. We process personal data under either one of the following lawful bases:
(a) Your Consent: You have the right to provide or withdraw your consent at any time. To do so, please contact us at admin@saintanthonystrust.com
(b) Contractual Obligation: We process personal information when it is necessary to fulfil a contractual obligation.
(c) Legal Obligation: In cases where a legal obligation exists, we process personal information accordingly.
(d) Legitimate Interest: Personal information may be processed when we have a legitimate interest that is not overridden by the individual’s rights and interests.
Our approach to personal information processing aligns with these lawful bases, ensuring compliance with data protection regulations and safeguarding individuals’ rights and privacy.
Please see here for specific information
5. How we store your personal information:
a. Secure Storage of Your Information
Your personal information is maintained securely. We employ robust security measures, including antivirus software, strong password protocols, and two-step authentication processes, to safeguard files containing personal information from unauthorised access or breaches.
b. Retention of CVs and applicant’s personal data CVs submitted by applicants to work, volunteer or be a Trustee in St. Anthony’s Trust are retained for a period of six months from the date when the relevant job position is successfully filled. Personal information from individuals applying but not ultimately assuming a position will be deleted within six months of its receipt.
c. No Physical Copies of Personal Information
We do not maintain physical copies of documents containing personal information. Any printed copies are responsibly and securely destroyed before disposal to mitigate the risk of data exposure.
6. Links to Other Websites
Our website contains links to other websites that we do not operate. If you click on a third party link, you will be directed to that third-party’s site. We strongly advise you to review each individual site’s privacy policy. We have no control over and assume no responsibility for any third-party sites or services’ content, privacy policies, or practices.
7. Your Legal Rights as a Data Subject
Under data protection law, you have rights, including
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think needs to be completed.
Your right to erasure—In certain circumstances, you have the right to ask us to erase your personal information.
Your right to restriction of processing—In certain circumstances, you have the right to ask us to restrict the processing of your personal information.
Your right to object to processing—You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability—You have the right to ask that we transfer the personal information you gave us to another organisation or to you in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond.
Please contact us at admin@saintanthonystrust.com
7. How to Complain
a. If you have any concerns about our use of your personal information, you can submit a complaint to us at admin@saintanthonystrust.com If you wish to exercise any of the rights set out in this privacy notice, please contact admin@saintanthonystrust.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone with no right to receive it. We will usually ask you to provide one form of proof of identity and one form of proof of address. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within 28 days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may not always be able to release all the information you have requested. This might be because certain information is exempt from being released to the public. In some circumstances, we may be able to review the outcome of your request within 28 days of it being issued. Please contact the ICO if you think our decision-making about what information we release is incorrect. It is helpful if you tell us why you think our decision is wrong and exactly what additional information you would like us to release.
b. You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF.
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
8. Review
a. This policy will be reviewed in a timely manner to ensure its effectiveness and compliance with legal requirements.
b. Amendments to the policy will be approved by the board of trustees and communicated to all relevant individuals.
c. We will notify you of any changes by posting the policy on this page.