The Bridge is committed to ensuring the safety and security of your information. The purpose of this document is to explain what we do with the information you provide when signing up to receive communications from us that are outside of your business with us (if you have any). It includes data captured on our website. If we make any significant changes to this document, we will advertise this on the website so please check the website occasionally to make sure you are happy with any changes.
For the purposes of the legislation in this area, The Bridge is known as the ‘Data Controller’, and is therefore responsible for what happens to the information you provide. We have a dedicated email address for any questions you may have about the use to which we put your data – the address is email@example.com.
If you prefer to write to us, please address your letters to the Operations Manager, 73-81 Southwark Bridge Road, London SE1 0NQ, or telephone us on 020 7089 6250.
The Bridge is committed to complying with the Data Protection Act 1998, the General Data Protection Regulation (GDPR) from 25th May 2018 and The Privacy and Electronic Communications (EC Directive) Regulations 2003. By using our website, office and services, you are consenting to us processing your information in the ways stated in this document.
personal information we collect
We collect personal information when you ask about our activities, register with us or when you order products and services – for example, hire a room, register as a gym member, attend one of our programmes or register for email newsletters.
By submitting personal data manually or in electronic form to our website, or by using the site, you automatically give your consent that all personal data you submit may be processed in the manner and for the purposes described below.
If you do nothing other than read pages or download information while using our web site, we will collect information about your visit. This information will not personally identify you. It relates to:
- the internet domain and IP address from which you access the web site
- the type of browser and operating system you use
- the date and time of your visit,
- demographic and interest information from Google,
- the pages you visit, and
- the address of the website from which you linked to us (if applicable).
When registering and signing up for our health services, we collect the personal health data you provide to us. We collect this to ensure we are offering you the right services and so your progress can be tracked by yourself and us. We may ask you for information about your health in order to recommend appropriate exercise regimes or offer our other services.
We collect financial data for payment processing and to comply with our legal obligations.
We are sometimes required to collect information about your ethnicity and other sensitive data in order to provide information and reports on our charitable work and profile to the relevant stakeholders. This information is used only for statistical purposes and is always kept secure and anonymous. If you prefer not to provide us with this data, you do not have to.
how we use your information
We will use your information (personal or otherwise) to provide you with the services, products or information you have requested. We may need to share your information with our service providers, associated organisations and agents for these purposes.
We will use your information only for the purposes of:
- responding to your query and providing relevant information
- providing you with any services that you have purchased or receive free as part of a health or other scheme
- checking your eligibility where appropriate
- research and analysis so we can develop and improve our services for your benefit
- providing marketing communications (if you have given us your permission)
- asking you to complete a survey or an evaluation
- contacting you about events
- processing a transaction if you make a payment to us
- complying with legal requirements.
- safeguarding users of our services
We will only use your information for the purposes it was given. The information will not be put to any other use without seeking additional consent from you.
our legal basis for processing your information
By submitting an email via our “contact us” section on our website, you have consented to us contacting you in response to your query, and using your details for that purpose.
If you have opted into any of our mailings (events, updates, to be contacted regarding programmes, etc.), you have consented to us using your information for this purpose.
When we contact you to ask if you would like to participate in a survey, we treat this as a legitimate interest of the business – that interest being to seek views to improve our service. We do not send these requests frequently and there is no obligation to respond, therefore we consider any prejudice to you to be limited, and the legitimate need to seek views of our contacts on how we are performing so that we can deal with any issues that arise and improve our offering, outweigh this.
You can withdraw your consent to this at any time by contacting firstname.lastname@example.org or writing to us at the above address. However your consent will remain valid until we receive the withdrawal notice from you. There will also be the option to unsubscribe from any of our mailings at the bottom of the email you receive.
how we keep your information safe
We understand the importance of security of your personal information and take appropriate steps to safeguard it. We hold data in secure environments such as on our CRM System. All of our data held in servers or in the cloud are stored in London. We regularly review our IT provision to ensure that what we have is fit for purpose and that data is secure.
All staff who have access to personal data are trained in how to use the information in a secure and sensitive way, and our policies on accessing information from other devices ensure that your information is as secure as it can reasonably be.
No data transmission over the internet can be guaranteed to be 100% secure, so while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
access to your information
Other than staff employed by The Bridge, the Charity may share information with third party organisations that provide specific services on our behalf which enhance our products and your experience with us. These organisations act as a Data Processor under our instructions. We select our third party service providers with care and only provide them with the information that is necessary to deliver the service. There is a contract in place with each third party which includes strict terms and conditions to protect your privacy. These are:
- Third parties who provide mailing services for us, for example Mail Chimp, who we use to send out group emails on our behalf.
- Third parties if we run an event, service or programme in conjunction with them. We will let you know how your data is used when you register for any event.
- If you are making a payment through the website, the transaction is undertaken by PayPal, with whom we have a legal agreement. When you checkout, you will be automatically redirected to a secure server managed by PayPal, and we will not see, store or use any of the details that you enter into that site.
- Payments made by credit or debit cards are processed by Cardnet and we will not see, store or use any of the details that you enter. However we do hold the supplier receipts but these are kept securely to fulfil our legal requirements.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
keeping your information up to date
We really appreciate it when you let us know that your contact details have changed. To do this contact us at email@example.com.
how long we keep your information
We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations. Where data is not needed for legal or statutory purposes we will delete this information if you request. See the contacts section to request your data to be deleted.
If you ask us to stop contacting you, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
You have the right to request details of the information that we hold about you and the uses to which it is put - this is known as a Subject Access Request. Such requests have to be made in writing. To make a request, please contact us at firstname.lastname@example.org or at the address given above.
You also have the following rights which will be introduced in the UK under the GDPR in May 2018:
- the right to request rectification of information that is inaccurate or out of date;
- the right to erasure of your information (known as the “right to be forgotten”);
- the right to restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact email@example.com.
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found at https://ico.org.uk/concerns.
Last updated 09 May 2018
If you have any questions or queries about any aspect of our privacy policies or procedures, please contact us using the above contact details.