Privacy Policy

Queer Norfolk (“us”, “we”) respect the privacy of every person who visits or subscribes to our websites and online publications (“you”) and are committed to ensuring a safe online experience. This privacy statement outlines the personal data we may collect about you and how we may process it, as well as how our service providers might do the same. This privacy statement also tells you about your rights to control this data.

Responsibility for your data

Queer Norfolk is subject to the General Data Protection Regulation and the Data Protection Act 2018.  

This Privacy Policy also outlines why Queer Norfolk collects personal data, how we use it, keep it safe and the rights of those whose data we hold in connection with other microsites which might be administered by Queer Norfolk from time to time.

Personal data we hold

We hold the following categories of personal data:

• Personal data you provide (when donating, volunteering or registering for events and mailing)

How we use your personal data

General Use

We only ever use your personal data with your consent, or where it’s necessary in order to:

• enter into, or perform, a contract with you
• comply with a legal duty
• protect your vital interests

Marketing

We use your personal data to communicate with you in order to promote our activities and events and to help with fundraising. This includes keeping you up to date with our news, blogs, events and merchandise. 

Third-parties

We’ll never sell your personal data. 

From time to time, we make use of plugins and software from third parties (e.g. Google Forms or eHive). This privacy statement does not cover the activities of such third parties. You should consult those third party sites’ privacy policies for information on how your data is used by them. 

Website cookies and similar technologies

We use cookies to improve the performance of the site. 

Public forums, message boards and blogs

Our site uses message boards on blogs and users can participate in these facilities. Any information that is disclosed in these areas becomes public information and you should always be careful when deciding to disclose your personal information.

Our legal process for processing personal data

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal bases we use for processing data are:

• Legitimate interests for the purposes of fulfilling our activities and the provision of our services.
• Consent when people opt into our mailing lists.

Collection of personal data

Our primary goal in collecting personal data from you is to give you an enjoyable customised experience whilst allowing us to provide services and features that most likely meet your needs. We only collect personal data from you through data inputted through enquiry forms (if submitted), newsletter subscriptions (if joined) and site usage data. We do give you the option to access our sites’ homepages without subscribing or registering or disclosing your personal data. Please note that we do not intend to collect any personal data from children under thirteen years of age and no child under thirteen should submit any personal data to any of the sites. Should we discover that any such personal data has been delivered to any of the sites, we will remove that information as soon as possible.

Your rights

Under the GDPR and the Data Protection Act 2018, you have the following rights:

• Right to be informed. This Policy provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us.
• Right to object to the processing that is likely to cause you damage or distress. Where you challenge the accuracy or lawful processing of your information, we will consider this.
• Right to receive an electronic copy of any information you have consented to us holding. You can ask us to provide you with the personal data about you we hold, securely and in a machine-readable format, so it can be moved, copied or transferred to be used across different services or for you to give to another organisation. This is called a subject access request and we will need to verify your identity before giving such information.
• Right to object. We will ensure that we have the right consents in place for sending you information. You can unsubscribe from our mailings and remove your details at any time. If you wish to stop receiving communications from us, you will be able to do so by contacting our Data Protection Officer.
• Rights related to automated decision making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.

We will respond to a request within one month of receipt. 

Confidentiality and security of your personal data

We are committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features described above to try to prevent unauthorised access. We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:

• unauthorised access
• improper use or disclosure
• unauthorised modification
• unlawful destruction or accidental loss

All volunteers (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of your personal data, are obliged to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us in line with the standards set out in the GDPR.

Who we share data with

We share personal data with third parties who process our data for the purposes of providing services to you. Our chosen processors to help us do this include Google Analytics and eHive.

We will also share data with the appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. 

We do not sell or share data with any other third parties other than those listed above, covered under the trading data clause and where we use a third party to securely process our data on our behalf.

Privacy policy updates

This privacy policy is subject to occasional revision and we place any updates on this web page. If we make substantial changes to this privacy policy, we will notify you through the website interface, or, if you have provided your email address, by email. You are responsible at all times for keeping your email address up to date. Any changes to this privacy policy will be effective immediately and your continued use of our websites after such time shall constitute your acceptance of the amended policy.