Last updated: May 2018

This Privacy Policy sets out how Prior’s Court collects, handles, stores and protects any personal information that you provide when you use this website.

Prior’s Court is committed to ensuring that your privacy is protected and respected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this Privacy Policy.

Prior’s Court may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

A Data Controller is an individual or organisation that determines the purposes and means of processing personal data. Our Data Controller is Prior’s Court Foundation and the Data Protection Officer is Neil Atherton, Director of Finance.

Contact details for the Data Controller and Data Protection Officer:

Information Requests
Prior’s Court Foundation
Hermitage
Thatcham
Berkshire
RG18 9NU

Email: [email protected]

What information do we collect, how do we collect it and how do we use it?

  • When you visit our website we may gather usage information to help us improve our website experience for our visitors. This information may include your IP address, geographical location, browser type and version, operating system, how you found our website, the length of time you spent on our site, which pages you visited and website navigation paths. We use cookies to help us track these activities, but wherever possible use aggregated or anonymous data that does not identify individuals. We will ask you to consent to our use of cookies when you first visit our website. For more information about the cookies we use or how to opt-out of tracking, please visit our Cookies Policy. Usage information is processed through Google Analytics and is processed for the purposes of analysing the use of the website. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website. 
     
  • We collect personal information when you submit a form, register with our website, make a donation, complete a job application or otherwise provide us with personal information, such as your name, address, telephone number and email address. We only collect this information if you have given your consent for us to do so and will only use it for the purposes stated at the point of collection, for example, processing your job application or donation, or booking your place on a training course.

  • We may also receive personal information about you from third parties, for example when you sign up to fundraise for us using a site such as JustGiving. We will only use this information for the purpose it has been given.

Who has access to your information and where is it stored?

  • The information you submit will be passed to the relevant department at Prior’s Court, based on the nature of your enquiry. For example, donations will be passed to Fundraising, job applications to Recruitment and training course bookings to the Training department. Electronic data stored at Prior’s Court is stored in line with our General Data Protection Policy: protected by a strong password, only on a designated server which is sited in a secure location. Data on these servers is backed up regularly and all servers and computers are protected by approved security software and a firewall. Prior’s Court’s full General Data Protection Policy outlining in detail how data must be stored at Prior’s Court is available on request from the Data Controller. Prior’s Court is located within the United Kingdom.

  • Financial transactions relating to our website will be handled by our payment services providers, Stripe and GoCardless. We will share transaction data with our payment services providers only for the purposes of processing your payments, refunding payments and dealing with queries or complaints relating to payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://stripe.com/gb/privacy and https://gocardless.com/legal/privacy/

  • Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

    1. Your data will be made available to our website provider
    2. The data that may be available to them include any of the data we collect as described in this policy.
    3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
    4. They will store your data for a maximum of 7 years.
    5. This processing does not affect your rights as detailed in this privacy policy.
  • Your data is processed by and will be available to our website provider, RaisingIT. The hosting facilities for our website are situated in Ireland and Amsterdam. Transfers to each of these countries will be protected by appropriate safeguards, namely adherence to the GDPR. 

  • If you sign up to receive our newsletter or to receive emails about training courses, your data will be stored with our email service provider, MailChimp. Data stored with MailChimp is stored outside of the EU in the United States. MailChimp certifies to the Privacy Shield framework, and as such can lawfully receive EU data. Your data will be deleted from MailChimp if you have not opened an email within the last 3 years.

  • We will not share your personal information with any third party not listed within this privacy policy without your consent, unless we are required to do so by law.

Withdrawing consent or changing your information

You can change or withdraw your consent for us to hold or to use your personal data for the purposes at any time by emailing [email protected] 

We try to ensure that any changes to your personal data are enacted as soon as possible, which is usually within five working days.

You can change your profile details for your website account by logging into your account and selecting “My details” at the top, left hand side of the website.

You may opt to update your details or unsubscribe from any newsletter or training mailing lists you have previously subscribed to by clicking the link which in included within all emails we send.

Please be aware that if you withdraw your consent, we may still send you administrative communications if necessary, for example, to provide you with information about a booking you have made on a training course.

Subject access requests

You have the right to ask for a copy of any information we hold about you and to have any incorrect information in your personal details updated. You can request that we remove your records from our database or ask us to stop using your information for a specific purpose.

Subject Access Requests should be made in writing by emailing the Data Controller at [email protected] We will aim to provide the relevant data within 30 working days. The Data Controller will always verify the identity of anyone making a Subject Access Request before handing over any information.