FRS Personal Data Protection Statement
Last Updated 20th May 2018
- Our Commitment
Finchley Reform Synagogue (FRS) is committed to safeguarding the privacy of our members, website users and other individuals about whom we may collect personal data.
We understand the importance of maintaining individuals’ privacy, keeping personal information secure and complying with all applicable data protection laws.
FRS collects personal data only for identified and lawful purposes. We endeavour to limit data collection to what is necessary for the purpose for which the personal data is collected.
- Personal Data – Definition
Personal data, or personal information, is defined as ‘any information relating to an identified or identifiable natural person’.
- Data Controller
Finchley Reform Synagogue is the data controller of any personal information you provide to us, registered address: 101 Fallow Court Avenue, North Finchley, London, N12 0BE
We are registered with the Information Commissioner’s Office (Registration Number: ZA292324)
If you are not satisfied with our use of your personal information, our response to any exercise of your rights, or if you believe us to be in breach of our data protection obligations, please contact our Council member with responsibility for Data Protection at firstname.lastname@example.org.
You also have the right to complain to the Information Commissioner’s Office https://ico.org.uk/concerns/.
- Data Protection Statement
In this statement we explain how we handle personal data.
Personal Data held by FRS
- Data Subjects
We collect and process personal data relating to:
- Current and former FRS members;
- Families with children attending Kindergarten;
- FRS employees and contractors;
- FRS volunteers;
- Individuals who attend FRS events and High Holy Day services;
- Users of the FRS website including viewers of the live stream;
- Individuals who enquire about FRS membership;
- Members of the public who have contact with FRS;
- Individuals who hire our venue;
- Suppliers and third parties;
- Individuals captured by CCTV images;
- Individual shown on the service live streaming function;
- Complainants and enquirers; and
- Advisers and professional experts.
- When we collect personal information
We collect personal data in a variety of ways, including if you:
- apply for membership of FRS;
- register for an event or activity;
- ask to be part of a mailing list or marketing campaign;
- telephone us or visit in person with a specific query; or
- use our website.
- Types of Personal Data
FRS collects and processes the following types of personal data:
- Basic contact details – such as name, address, email address, telephone numbers;
- Personal and family details including data of birth, family members, yarzheit details;
- Payment details;
- Education related details – including Kindergarten records, B-nei Mitzvot progress, information and attendance records needed for schemes and residential courses;
- Employment details;
- Recruitment data such as CVs;
- Visual images via CCTV or photographs;
- Participation in rotas;
- Information contained in emails or other correspondence from you and records of telephone calls or meetings with you;
- Information that you share with us for the purposes of engaging in religious, spiritual or other learning, pastoral guidance, or lifecycle events;
- Sensitive (‘Special Category’) information that may include physical or mental health details; religious beliefs and the records from DBS checks; and
- Membership of and payments made to the Jewish Joint Burial Society
- Purposes of processing personal data
We process personal information to enable us to deliver our functions to our members and to fulfil our charitable objectives.
The categories of processing of personal data that we undertake include:
|Purpose of Processing||Lawful Basis|
|· managing our membership records;||Legitimate Interest|
|· on-going development of community cohesion through initiatives and opportunities which allow members to build relationships and to work together for common purposes and goals||Legitimate Interest|
|· processing payments||Legal obligation|
|· internal record keeping||Legitimate Interest
|· providing education||Legitimate Interest|
|· administration and management of FRS Kindergarten||Legitimate Interest
|· providing pastoral care||Legitimate Interest|
|· managing our staff||Contractual obligation|
|· managing and supporting our volunteers||Legitimate Interest|
|· maintaining our own accounts and records||Legal obligation|
|· distribution of newsletters, information about events, education and activities||Legitimate Interest|
|· supporting the administration and operations of the synagogue e.g. wardens list for yahrzeit purposes, security rota to promote the safety of FRS members, Kiddush rota;||Legitimate Interest|
|· understanding usage of the FRS website to identify ways to improve it further||Legitimate Interest|
|· using CCTV systems for crime prevention purposes||Legitimate Interest|
|· direct fundraising appeals||Consent|
- Data Retention
FRS will retain personal data in accordance with our retention schedule:
|Type of data||Timescale|
|Hiring and applicant data||6 months|
|Data relating to PAYE, maternity pay or SMP (statutory mandatory pay), employee leave and sickness absences, tax code notices, taxable expenses or benefits||3 years from the end of the relevant tax year after an employee leaves|
|Employees’ personnel records, performance appraisals, employment contracts, etc.||6 years after an employee leaves|
|Membership data||1 year after termination of membership|
|Accounting records – (e.g. cash books, invoices, receipts, Gift Aid records etc.)||6 years|
|CCTV images||3 months|
|Volunteering records||1 year after termination of membership|
|Pastoral information||1 year after termination of membership|
Who do we share your data with
As FRS is a member of the Movement for Reform Judaism (MRJ): where we have your consent, we share your data with them for the purposes of demographic and statistical information, as well as to ensure that you are aware of their key events and news. You have the right to opt out by informing FRS at email@example.com or by opting out at the FRS e-Mail Preference Centre.
In respect of fees paid to the Joint Jewish Burial Society (JJBS), your membership information is shared with them to allow them to carry out their official duties.
We may share personal data with companies that we contract with to perform services for us, such as assisting us with our mailing campaigns or other data processing, where they need your personal data to perform the service for us. These companies are not authorised to keep or use your personal data for any other purpose.
Organisations that we share personal data with, or that process personal data on our behalf are:
- Mailchimp (The Rocket Science Group)
- KBSP Partners LLP, our payroll provider
- SIMI membership database
- Eventbrite event booking service
- CloudGenius, our website provider
- The Disclosure and Barring Service
- London Borough of Barnet
- Specialist professionals such as Speech and Language therapists
- Primary schools (where required for Kindergarten pupils)
- Securteam Limited
- Tapestry (The Foundation Stage Forum Ltd)
- JJBS (Joint Jewish Burial Society)
- Nyman Libson Paul, Chartered Accountants, Statutory Auditors
- RustyBrick Inc (provider of the ShulCloud membership database service)
We will not share or disclose your personal information with any other organisations without your consent, unless required or permitted to do so by law.
We may process data about your use of our website (“usage data”). The usage data includes
- Your IP address;
- Associated information such as geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths,
- Information about the timing, frequency and pattern of your service use; and
- Your name and email address when registering to watch the live stream.
The legal basis for this processing is our legitimate interests: namely monitoring and improving our website.
We may obtain information about your general internet usage by using a cookie which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
- Third Party Websites
FRS’s website may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
- The Right to Access your personal information
Subject to any relevant exemptions, you are entitled to see a copy of the personal information we hold about you and to request details of how we use your personal information including any disclosures made.
To exercise your rights to access your personal information, please contact us at firstname.lastname@example.org.
- The Right to rectification
We take reasonable steps to ensure that the personal information we hold about you is reliable and as accurate and complete as is necessary for its intended use but you are entitled to ask us to update or amend any inaccuracies in the personal information that we hold about you.
To request us to update or amend any personal information we hold about you, please contact us.
- The Right to Object
You are entitled to object to receiving marketing material from us at any time. You can exercise this right by clicking ‘update your preferences’ or ‘unsubscribe’ on any marketing email you receive from us or by contacting us.
- Other rights
Under certain conditions, you may also have the right to require us to:
- delete any personal information that we no longer have a legal ground to rely on;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- object to any processing based on the legal ground of legitimate interests unless our reason for undertaking that processing outweighs any prejudice to your data protection rights;
- provide you or another provider with a copy of your personal information that you provided us with; and
- restrict how we use your personal information whilst a complaint is being investigated.
If you contact us to exercise any of these rights we will confirm your right to do so and respond where possible within 1 month.
For any issues relating to how we hold and process your personal data, please contact us at email@example.com.
We aim to ensure that your Personal Information is secure.
In order to prevent unauthorised access or disclosure, we have put in place appropriate physical, technical and organisational measures to safeguard and secure the personal data we collect and process.
Please keep in mind that, however, that no internet transmission is 100% secure. Some email sent to or from our Website may not be secure. Please consider this when sending information to us by email.
The information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) e.g. through the use of website servers which may be based outside of the EEA – this is generally the nature of data stored in ‘the Cloud’.
If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy statement and in accordance with the General Data Protection Regulation.
We share personal data with RustyBrick Inc which is based in the US. RustyBrick Inc complies with the EU-US Privacy Shield Framework as set out by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
A data breach is an incident that may lead to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or, or access to personal data.
In the case of a personal data breach that is likely to result in a risk to people’s rights and freedoms, FRS will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours after becoming aware of the breach.
High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage.