Data Protection – GDPR Policy

Data Protection – GDPR Policy

The Trustees of the Priory of Our Lady of Peace CIO, Turvey Abbey, are the data controller. They gather certain personal data in order to process bookings for retreats, quiet days and spiritual direction.

This data privacy policy ensures that the Trustees of the Priory of Our Lady of Peace CIO, Turvey Abbey comply with data protection law (the General Data Protection Regulations 2016 [GDPR]) and follow good practice.

Personal data

Personal data relates to a living individual who can be identified from that data. This policy explains how the data controller uses any personal data collected in order for the processing of bookings.

Types of data processed

  • Names and titles
  • Addresses
  • Email addresses
  • Land and mobile telephone numbers
  • Special needs in relation to a visit to Turvey Abbey (e.g. dietary requirements).

Legal basis for processing personal data

Processing for the legitimate interests of the Trustees of the Priory of Our Lady of Peace CIO, Turvey Abbey, in order to administer bookings for retreats, quiet days and spiritual direction, and in the case of residential visits, to ensure that the individual has dietary and mobility needs met as far as possible.

CCTV

The CIO uses CCTV in various locations around the Abbey site to ensure it remains safe.
The CIO is committed to adhere to the ICO code of practice for the use of CCTV.
Security cameras are clearly visible and accompanied by prominent signs explaining that CCTV is in use.
Any enquiries about the CCTV system should be directed by email to Sister Benedict Brown:–
CCTV@turveyabbey.org.uk

Data Storage

When the data is stored electronically:

  • It is password protected from unauthorised access
  • When stored on removable media, these are kept locked away securely when not being used
  • All computers containing data are protected by reputable security software and a firewall.

When the data is stored on paper:

  • It is kept in a locked filing cabinet when not in use
  • The paper is shredded when no longer required.

Personal data is destroyed at the end of the financial year during which the booking occurs except in so far as data is included in accounting records, when it is retained for seven years.

Subject access requests

All individuals who are the subject of personal data held by the Trustees of the Priory of Our Lady of Peace CIO, Turvey Abbey, are entitled to:

  • Request a copy of any data held about the subject
  • Request correction of any inaccurate or out-of-date data
  • Request that personal data is erased when it is no longer necessary for the legitimate purposes of the data controller

Subject access requests, or general queries about this policy should be made in the first instance by email to bursar@turveyabbey.org.uk or by post to: The Bursar, Turvey Abbey, Turvey, Bedfordshire MK43 8DE

Information Commissioner’s Office, ICO

https://ico.org.uk

Helpline: 0303 123 1113

Comments are closed.