‘TVAP’ may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
A Data Controller is an individual or organisation that determines the purposes and means of processing personal data. Our Data Controller is TVAP and the Data Protection Officer is Gary Warrington.
Address: Thames Valley Adventure Playground, Bath Road, Taplow, Maidenhead, Berkshire, SL6 0PR
Telephone: 01628 628599
What information do we collect, and how do we use it?
• We collect personal information when you submit a form, register with our website, make a donation, complete a job application or otherwise provide us with personal information, such as your name, address, telephone number and email address. We only collect this information if you have given your consent for us to do so and will only use it for the purposes stated at the point of collection, for example, processing your job application or donation, or booking your place on a training course.
• We may also receive personal information about you from third parties, for example when you sign up to fundraise for us using a site such as JustGiving. We will only use this information for the purpose it has been given.
Who has access to your information and where is it stored?
• The information you submit will be passed to the relevant department at TVAP, based on the nature of your enquiry. For example, donations will be passed to Fundraising, job applications to Recruitment and training course bookings to the Training department. Electronic data stored at TVAP is stored in line with our General Data Protection Policy: protected by a strong password, [only on a designated server which is sited in a secure location. Data on these servers is backed up regularly and all servers and computers are protected by approved security software and a firewall]. TVAP’s full General Data Protection Policy outlining in detail how data must be stored at TVAP is available on request from the Data Controller.
• Financial transactions relating to our website will be handled by our payment services providers. We will share transaction data with our payment services providers only for the purposes of processing your payments, refunding payments and dealing with queries or complaints relating to payments and refunds.
• Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:
• Your data will be made available to our website provider
• The data that may be available to them includes any of the data we collect as described in this policy.
• Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
• They will store your data for a maximum of 7 years.
• Your data is processed by and will be available to our website provider [xxxx] The hosting facilities for our website are situated in [xxxx]. Transfers to each of these countries will be protected by appropriate safeguards, namely adherence to the GDPR.
• If you sign up to receive our newsletter or to receive emails about training courses, your data will be stored with our email service provider, [MailChimp]. Data stored with MailChimp is stored outside of the EU in the United States. MailChimp certifies to the Privacy Shield framework, and as such can lawfully receive EU data. Your data will be deleted from MailChimp if you have not opened an email within the last 3 years.
Withdrawing consent or changing your information
You can change or withdraw your consent for us to hold or to use your personal data for the purposes at any time by emailing Gary@tvap.co.uk.
We try to ensure that any changes to your personal data are enacted as soon as possible, which is usually within five working days.
[You can change your profile details for your website account by logging into your account and selecting “My details” at the top, left hand side of the website].
You may opt to update your details or unsubscribe from any newsletter or training mailing lists you have previously subscribed to by clicking the link which in included within all emails we send.
Please be aware that if you withdraw your consent, we may still send you administrative communications if necessary, for example, to provide you with information about a booking you have made on a training course.
Subject access requests
You have the right to ask for a copy of any information we hold about you and to have any incorrect information in your personal details updated. You can request that we remove your records from our database or ask us to stop using your information for a specific purpose.
Subject Access Requests should be made in writing by emailing the Data Controller. We will aim to provide the relevant data within 30 working days. The Data Controller will always verify the identity of anyone making a Subject Access Request before handing over any information.