Data Protection Policy for the Chisholme Institute, updated May 2018
At the Chisholme Institute, we are committed to protecting and respecting any personal information you share with us. Here you’ll find information on what kind of data that we hold, how we use it, how we share it with others and how you can manage the information we hold on you.

1. What data do we hold?
a. Details of individuals:
Individuals who have visited or had direct contact with the Institute, such as: Course or event participants, volunteers, members of staff (past and present), directors, advisors, contractors and others connected with the Institute
Data held: Details depend on the person and the reason for their association with the Chisholme Institute, but typically include name, address, phone number, email address, d.o.b., gender, email exchanges, course attendance details, feedback forms and other engagements with the work of the Institute for the purposes of administering attendance on courses and supporting continued engagement with the work and education of the Institute.
Legal basis for processing data: Legitimate interest related to relationship with the Institute.
Storage: Data is held in a password protected database accessed only by authorised members of the Institute.
Email addresses are also held on our Mailchimp account to enable us to circulate newsletter to contacts.

We will continue to send you the monthly email Newsletter and other emails mentioning information that may be of interest to you, as a way of supporting your continued engagement with the Chisholme Institute. You can unsubscribe to mailings at any time by clicking the unsubscribe link at the bottom of our newsletters.

b. Mailing list subscribers:
In addition to the above, anyone who has subscribed to our Newsletter will receive this and other occasional mailings about relevant events or projects.
Data held: Email address and any additional information that was provided at the time of signing up to our mailing list subscription.
Legal basis for processing data: Consent.
Storage: Data is held in a password protected database accessed only by authorised members of the Institute.
Email addresses are also held on our Mailchimp account to enable us to circulate the newsletter to contacts.

Your details will be kept on this mailing list until you request amendment or deletion. You can unsubscribe any time by following the link at the bottom of each mailing.

c. Contracted workers and suppliers
We are required to use data to enter into contract with a company or individual, and to remunerate those who do paid work or supply goods.
Data held: Name, address, phone number, email, and other relevant details.
Legal basis for processing data: Contract or commercial relationship.

2. Who do we share your personal information with?
Personal data will not be shared with third parties, other than if strictly required for specific and necessary purposes. We take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.
Examples of sharing data with a third party :
– Course facilitators or event organisers living away from Chisholme might receive details of people who have applied to a course or event they are responsible for.
– Lloyds Bank might receive information regarding financial transactions, as they securely process payment transactions on behalf of the Chisholme Institute.
– Email communication: Mailchimp stores email addresses in order to distribute our Newsletter and other email communications. Their servers are based in the US and they uphold the EU Privacy Shield to certify their data security.

3. Keeping your data safe:
Every effort will be made to protect personal data against un-authorised or unlawful processing. We use appropriate technical, organisational and administrative security measures to protect any information we hold from loss, misuse, unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.
Care will be taken to prevent virus attacks by ensuring computers have virus protection software and undergo regular software updates and care is taken when opening email attachments and when visiting new websites.

4. Retention of data:
We will only retain personal data for specified and lawful purposes, and will not further process this data in any manner incompatible with that purpose or those purposes.
Personal data shall be accurate, adequate, relevant, up to date and not excessive in relation to the purpose or purposes for which they are processed.
We update or delete your data on request.
It is important that the personal data we hold about you is accurate and up to date.
Please keep us informed if your personal data changes during your relationship with us.

5. Deletion of data
We will not keep personal data longer than is necessary for the purpose or purposes for which they were originally obtained.
Paper records will be destroyed by shredding or burning. You can request that your records be deleted by contacting secretary@chisholme.org Email subscription records will be deleted, where an individual has opted out of email communication.
What choices do you have?
You have rights under data protection laws in relation to the personal information we hold and are using about you. This includes asking for a copy of the information we hold about you, having any inaccurate information we hold about you corrected, to request that we stop using your personal information in a particular way or to ask us to delete your data.

You can always opt not to disclose information to us. You can opt-out of receiving communications from us at any time by unsubscribing to the email communication we send, or by contacting the Chisholme Institute via secretary@chisholme.org