A) The Sir Martin Gilbert Learning Centre – Privacy Policy

The Sir Martin Gilbert Learning Centre (‘SMGLC’) takes the privacy and security of your personal information very seriously.

This privacy policy sets out how SMGLC processes personal data (that is, information by which an individual, or ‘data subject’, can be identified) collected by us in the course of our lawful activities, in accordance with the Data Protection Act 2018, the General Data Protection Regulation and any relevant subsequent legislation (‘Data Protections laws’). This policy has been put in place to protect your rights under the Data Protection laws, and it is important that you understand what we will do with your data and are happy with this. If you want to discuss any matter relating to how your data is used, please email us at info@smglc.org or write to us at Sir Martin Gilbert Learning Centre, 57 North Rd, Highgate, London N6 4BJ. In certain circumstances we may need you to submit a request for information in writing and to verify your identity first before responding to your request.

References to the processing of information includes the collection, use, storage and protection of data. SMGLC is the ‘data controller’ for the purposes of this policy, and the policy extends to its staff, trustees, volunteers and anyone else processing data on our behalf from time to time. Any personal data collected by SMGLC will only be processed in accordance with this privacy policy.

SMGLC is committed to ensuring that the privacy and security of data about everyone we engage with is protected. Children of any age have the same rights over the data processed about them as do adults, although we may adopt a different approach to how we deal with sensitive data of all types, depending on the circumstances.

Organisations are permitted to process data if they have a legal basis for doing so. SMGLC processes data on the basis that:

  • Express and informed consent has been given by the person whose data is being processed; and/or
  • SMGLC has a legitimate interest in processing data; and/or
  • It is necessary in relation to a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement; and/or
  • SMGLC has a legal obligation to process data, such as a need to retain information about a person’s tax status for Her Majesty’s Revenue and Customs.

Where SMGLC is relying on solely consent as the basis for processing data, we are required to obtain your explicit consent and you can modify or withdraw this consent at any time by notifying us in writing, although this may affect the extent to which SMGLC is able to provide services to or interact with you in future. Where consent is required from a child under the age of 16 years, that consent must be given by someone legally responsible for them.

SMGLC may change this policy from time to time and any such changes will be published on our website. Notwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.

This policy is effective from 25 May 2018.


B) What data do we collect?

We collect the data necessary for SMGLC to pursue its charitable objectives, including but not limited to advancing the education of the public, particularly by increasing the public’s knowledge about history, culture and community issues, together with fundraising and marketing, running events, keeping our supporters informed of our activities and the effective running of SMGLC as an operational and fundraising charity through its professional staff, trustees and volunteers. Data collected and processed may include, but not be limited to:

  • Names and contact information such as telephone numbers, email and postal addresses
  • Details relating to those participating in or attending educational projects, lectures, courses and events necessary for SMGLC to be able to run such activities and may include photographs of participants and attendees for promotional purposes or details of dietary needs or preferences
  • Stakeholder, donor and volunteer records and preferences, including, where necessary, bank or payment details and tax status in order to process payments from you and claim Gift Aid
  • Such other information that is relevant and necessary for SMGLC to carry out its activities, charitable purposes and legal obligations.

Such data may be collected, for example, when you provide it through our website, when you attend an event or participate in a course or activity, when you fill in your details on a payment page or Gift Aid form, when you tell us about yourself to subscribe for updates or to be added to our database or when you otherwise provide us with, or we obtain, personal data in some other way.

Where we receive data under the control of another organisation, in which case SMGLC is a ‘data processor’, we do so on the basis that the other organisations has the legal authority to share the data with us. We will only use such data for the purposes and the duration specified to us by the other party.


C) What we do with the data we process

SMGLC uses the data collected to maintain accurate internal records of our engagement with supporters, stakeholders, donors, event participants, volunteers, staff and others. These records facilitate our activities run in accordance with our charitable objects, including running educational projects, events and courses, working with volunteers and supporters and raising funds and awareness about our work through campaigns and events. We may use your personal information to send you other information about SMGLC and our activities which we think may be of interest to you.

Data may be processed and viewed by the relevant staff, trustees and volunteers in the course of SMGLC’s activities (all of whom work in accordance with this privacy policy) and sensitive data, for example payment information, will only be accessible to those who need to process such data in order to provide the relevant service or support to you, the data subject.

We will only share data with trusted third-parties where necessary for us to provide services to you or to communicate with you (such event partners and venues, mailing companies for postal communications or online platforms for secure backing up of data, or for email campaigns or newsletters), to process payments or as stated above, and only once we are satisfied that any such use of data by such third-parties will confirm to our privacy policy and high standards for data privacy and security. We will never sell your personal information and, except as stated above, will not share it with any other charities, businesses or marketing companies without your explicit consent.

Data will be retained only for as long as is permissible in law and is reasonable and necessary for us to engage with you as a participant or supporter, volunteer or member of staff. Accordingly, the length of time for which we will retain your data may vary depending on the purposes and legal basis for which we are or have been processing it.

You, as the data subject, may request deletion of your data at any time in writing, subject to any overriding legal requirement for its retention, such as the need, where appropriate, to retain Gift Aid records for Her Majesty’s Revenue and Customs, for example. We may keep a minimal amount of data on a suppression list so we do not inadvertently make contact with you after you have asked us not to.


D) Your rights in relation to your personal data

You may request details of personal information which we hold about you. Any such request must be submitted in writing and in order to protect the data we hold, we will need to be satisfied as to the identity of anyone seeking such information. We will provide this information within 30 days of receiving and verifying your written request. A small fee may be payable if an information request is particularly onerous.

You may choose to restrict the collection or use of your personal information, but this may inhibit or limit the way in which SMGLC is able to engage with you. You may, at any time, change your mind about what information we hold about you, or if we continue to hold it at all, subject to any legal obligation SMGLC has to retain the data.

You are responsible for the accuracy of data you have provided to SMGLC. If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect.

In the unlikely event that there is any kind of a breach of our duties and obligations under this policy or the Data Protections laws, we will take immediate steps to isolate and rectify the problem.  Should the breach be serious one (where there is a risk of, for example, discrimination, damage to reputation, financial loss or loss of confidential information) we have a duty to report that matter to the individuals affected and to the Office of the Information Commissioner.

You can obtain further information about Data Protection and privacy laws by visiting the Information Commissioner’s website at: https://ico.org.uk/for-thepublic.


E) Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Persons processing data on behalf of SMGLC do so in accordance with this policy and on the basis that SMGLC is satisfied that they can and will adhere to our high standards for data protection and security. These include enhanced policies and protocols for the processing of particularly sensitive data.

Any sensitive information that does not otherwise need to be retained (such as credit or debit card details) are redacted or destroyed once used.

Please note that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping any password you use for logging in to access services or our website (if applicable) confidential; we will not ask you for your password (except when you log in).


F) Web browsing and Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to users’ needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us. Most cookies only last for the duration of your visit to our website and are deleted when you close your browser, but some may continue beyond the session until your next visit to enhance your use of the website. These might include, where applicable:

  • The option to “Remember my username” if signing-in to the website;
  • The use of Google Analytics to allow us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. The cookie contains no personally-identifiable information, but it does use your computer’s IP address to determine where in the world you are accessing the site from, and to track your page visits within the site.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.

We may also collect and store information about your browsing device, including, where available, your IP address, operating system and browser type, together with certain anonymous statistical data about your browsing activities and patterns which does not contain any personal data.


G) Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.