This privacy policy applies to any personal data collected by Maroon Solis CIC, whether through our website, www.maroonsolis.co.uk, or by other means, such as in person, via email, telephone, social media, or through forms you may complete. Maroon Solis CIC, whose registered address is The Pavilion, Farm Road, Morden, Surrey, SM4 6RA ("We"), is committed to protecting and preserving your privacy.
This policy explains how we process personal data, how it is collected, and your rights in relation to it. We are committed to keeping your information secure and will comply fully with applicable UK data protection legislation and regulations, including the General Data Protection Regulation (GDPR). Please read this policy carefully to understand how we treat personal data. By engaging with Maroon Solis CIC, whether via our website or through any other communication, you accept and consent to the practices described here.
Types of Information We May Collect
We may collect, store, and use the following kinds of personal information from individuals:
- Information You Provide to Us: This includes data you provide by filling in forms on our website or offline forms (e.g., event sign-up forms), by telephone, email, or in person. The information may include your name, address, email address, phone number, and other contact details.
- Information Our Website Automatically Collects: For each of your visits to our site, we may automatically collect technical information, such as a truncated and anonymised version of your IP address, browser type, operating system, platform, and details about your visit (e.g., pages visited, time spent on site, how you arrived at the site).
Sensitive DataIn some cases, we may collect sensitive personal data, such as information related to your health or racial/ethnic origin, especially for programmes involving children or special needs. We will only collect this information with your explicit consent and process it in accordance with GDPR's strict requirements for sensitive data.
Employee and Volunteer Data
We collect and process personal data from employees, volunteers, and other representatives in accordance with GDPR. This data is necessary for operational purposes, including payroll, health and safety, and management. The data will be handled in the same secure manner outlined in this policy.
Lawful Basis for Processing Data
We will process your data based on the following lawful grounds:
- Consent: When you have provided clear consent for us to process your data for a specific purpose, such as sending marketing communications.
- Contract: Where the processing is necessary to fulfil a contract you have with us, such as when you sign up for a programme or event.
- Legal Obligation: Where the processing is necessary to comply with the law.
- Legitimate Interests: When processing is necessary for our legitimate interests (e.g., improving our services) and where those interests are not overridden by your rights.
How We Use Your Information
We use the data in the following ways:
- Information You Provide to Us: We will use this information to contact you via telephone, email, SMS, or social media (e.g., WhatsApp) to provide you with further details about our programmes and services.
- Information We Automatically Collect: This information helps us administer and improve our website and ensure it is presented effectively for your device. It also assists with site security and debugging. The data is collected anonymously and is not linked to any information identifying you as an individual.
Sharing of Your Information
We may share your information with third parties, including our funders or sponsors, but only when required to fulfil our contractual obligations or when it is necessary for the performance of specific programmes. Any data shared will be in full compliance with UK data protection laws (GDPR). We ensure that any third-party processors, including funders or sponsors, are also GDPR-compliant and protect your data in accordance with legal standards.
We will not disclose your personal data to regional or national institutions unless required by law or other regulatory obligations.
Third-Party Service Providers
We work with third-party service providers to help us operate more effectively and deliver our services, such as payment processors, IT support, and event management platforms. Any personal data shared with these providers is done in accordance with GDPR and they are required to follow strict confidentiality and data protection requirements.
Data Security
We are committed to ensuring the security of your personal data. We use secure servers and trusted third-party providers to manage various aspects of our operations, including website hosting, email services and data storage. Each of these providers meets high data protection standards and follows our instructions on processing data in line with GDPR. Below is a breakdown of our third-party services:
- Website Hosting: Our website is hosted by GoDaddy, which follows stringent security measures to protect your data.
- Email Services: We use Microsoft for our email communications. This provider adheres to GDPR requirements and ensures that your email data is stored securely.
- Data Storage: We store personal data using Google, Microsoft and DropBox, secure cloud-based storage providers, which comply with GDPR to safeguard your information.
While we work diligently to protect your data, the transmission of information over the internet is not entirely secure, and any transmission is at your own risk. Once we receive your data, we follow strict security measures to prevent unauthorised access.
Data Minimisation and Accuracy
We only collect personal data that is necessary. We also take reasonable steps to ensure that the personal data we hold is accurate and kept up to date. If any of your information changes, please inform us so that we can update our records.
Data Retention Policy
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or for up to 6 years, depending on the nature of the data and any legal obligations. After that period, we will securely delete or anonymise the data.
International Data Transfers
If we transfer your personal data outside the UK, we ensure that it is protected by appropriate safeguards, such as standard contractual clauses approved by the UK government, or ensuring that the country has adequate data protection laws in place.
Data Breach Procedures
We have implemented procedures to deal with any suspected data breach. If a data breach occurs that may pose a risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) within the timeframes required by law.
Your Rights – Access to Your Personal Data
Under GDPR, you have the right to:
- Request access to the personal data we hold about you.
- Request rectification of incorrect or incomplete data.
- Request erasure of your data under certain conditions.
- Restrict the processing of your data.
- Object to the processing of your data, particularly in cases of direct marketing.
- Request the transfer of your data to another organisation (data portability).
If you have provided consent for any data processing, you can withdraw this consent at any time, and we will stop processing your data unless there are legitimate grounds to continue. To exercise any of these rights, please contact us at [email protected]. We will respond within the statutory time frames. If you are unhappy with how we handle your data, you may also lodge a complaint with the Information Commissioner’s Office (ICO).
Automated Decision Making and Profiling
We may use artificial intelligence (AI) or automated decision-making processes to help us analyse data, improve our services, or offer personalised recommendations. Where this is the case, we ensure that any use of AI complies with GDPR, and we will inform you of any significant automated decision-making that could affect your rights or interests.
You have the right to:
- Request human intervention.
- Express your point of view.
- Challenge any decisions made solely based on automated processing, including profiling.
Children’s Data
We do not knowingly collect or process personal data from children under the age of 18 without appropriate parental consent. If we become aware that we have collected such data, we will delete it.
Opt-out Procedure
You have the right to opt out of any communications from us at any time. If you wish to opt out of receiving emails, phone calls, SMS, or social media messages, please contact us at [email protected]. You can opt out here too!
Supervisory Authority
If you are not satisfied with how we handle your data, you can file a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO), at www.ico.org.uk.
Cookies
Our website uses cookies to improve your browsing experience and to distinguish you from other users. For more details, refer to our Cookie Policy.
Changes to Our Privacy Policy
We may update this privacy policy occasionally. Any changes will be posted on this page and, where appropriate, communicated via email. Please revisit this page regularly to stay informed of updates.
Contact
If you have any questions, comments, or requests regarding this privacy policy, please contact [email protected] or write to us at: The Pavilion, Farm Road, Morden, Surrey, SM4 6RA
Last Updated: October 2024