Watford & Three Rivers Trust operates under the General Data Protection Regulation. Your privacy is important to us and this statement sets out information you might need about why we collect data, how we use that data and what rights you have over your data.

1) How and when we collect information

There are several ways in which we collect information:

  • through correspondence over the phone and via email
  • when you register as a member
  • when you register as a volunteer for us
  • when you request or use one of our services
  • when you subscribe to one of our networks, mailing lists or newsletters
  • when you use or register on third party websites that we administer to support volunteers and organisations
  • when you submit an enquiry or request using one of our website forms, via email, via the telephone, in person atone of our venues or elsewhere
  • when you apply for work or volunteering vacancies
  • when you engage with us on social media
  • when you complete any W3RT survey
  • when you visit one of our sites which have CCTV systems operating for the security of members, visitors, and staff
  • when you visit one of our sites that may have photography, recording or filming taking place that may be used to promote our activities
  • when you support our work by making a donation
  • when you fundraise on our behalf
  • when you register for an event
  • when you tell us your story
  • when you submit an enquiry
  • when you give us feedback
  • when you make a complaint
  • when you enter a contract with us

2) Why we collect information

We hold information about individuals EITHER because we have their consent OR to fulfil our contractual obligations to them OR to fulfil our legal obligations OR because we have a legitimate interest in doing so to ensure that we can deliver the best possible community services.

3) What information we use and why we use it

3.1) Contact information 

Where we collect and hold personal information, this may include names and addresses and may also include (where relevant) email addresses (work or personal), telephone numbers (home, work or mobile) and social media details.

3.2)Stakeholders, supporters, partners, CVS members, business contacts

Where W3RT has a business relationship with you, we may keep additional information about your professional or voluntary role(s) and about our mutual interests, communications and exchanges.

3.3) Financial information

Where we have financial transactions with you, we will record these and we may need to hold your bank details.

3.4) W3RT staff and volunteers 

We will hold information about your recruitment, induction, performance, management, absences, training, and (where appropriate) DBS checks.

3.5) Service users

We keep information about the services you request or use, and we keep information about your needs and preferences so that we can provide you with a better service. To safeguard your interests, we may also hold information about others including your family and GP. This will always be information that you provide to us, or that you authorise us to access.

3.6) Cookies

Some of our websites may use cookies to record user data. These are separately identified on our websites and users must consent separately on each site.

4) Our security arrangements

4.1) Servers

All data is held on servers within the UK or EU and your data is not exported and does not cross regulatory boundaries.

4.2) Staff training

All W3RT staff (and volunteers) are required to undertaken training in privacy, confidentiality and the General Data Protection Regulation.

4.3) Anti-virus software

All W3RT servers and PCs are protected by user passwords. We also use firewall and anti-virus software, and these are regularly updated; but no-one can guarantee that these are 100% effective against all threats.

4.4) Communications

Communications may be sent by email. Unless encrypted, email is not a secure means of communication. For ease of use and compatibility, email communications to you are not encrypted unless you require it and provide the certification to enable us to communicate with you in that way.

5) Your rights

Under the General Data Protection Regulation, you have specific rights in relation to your data:

  • The right to be informed - This statement informs you in general terms about what data we hold, why data is being collected, the lawful basis for the collection, how the data will be used, and our retention and sharing policies, and your rights.
  • The right of access - You have the right to see the information we hold about you.
  • The right to rectification - You have the right to have inaccurate personal data corrected and incomplete information completed.
  • The right to erasure - Under certain circumstances, you have right to have your personal data erased (also known as the “right to be forgotten") but this right is not absolute and may not apply in certain circumstances.
  • The right to restrict processing - People have the right to restrict or suppress the processing of their data but this is not absolute and may not apply in certain circumstances.
  • The right to data portability - This right allows you to obtain and reuse your personal data for your own purposes.
  • The right to object - You have the right to raise objections and to seek clarifications from us.
  • Rights in relation to automated decision making and profiling - You have the right to stop your data being included in any automatic processing where this processing might have legal or other consequence for you.

6) Who we share information with

We will share your information with funders where we are required to do so. We will share your information with regulators or statutory agencies where we are legally required to do so. Where we deliver services in partnership with other organisations, we may share your data with these organisations to ensure that you receive the services you expect or request.

7) Data Retention Policy

We must keep certain financial and employment records for a period of time set down in law: usually six – twelve years. Other records may need to be retained because of the requirements of funders (to audit data) or insurers (to manage their risks). Except where legally or reasonably required to retain data longer, we will never hold personal data longer than is necessary for us to fulfil our purpose in holding it.

8) Contact us

If you have any questions or concerns about the data we hold on you, or if you would like to correct any errors or access any of your rights (see above), please contact our Data Protection Champion Officer on [email protected] or call by calling 01923 216950.

Watford & Three Rivers Trust
Holywell Community Centre
Chaffinch Lane, Watford, Herts
WD18 9QD

9) How to raise queries or make requests

To help you raise queries or make requests, W3RT has appointed a Data Protection Champion and you can contact this person via email at [email protected] or by calling 01923 216950 and asking to speak with the Data Protection Officer.