Watford & Three Rivers Trust operates under the General Data Protection Regulation. Your privacy is important to us and this statement sets out information you might need about why we collect data, how we use that data and what rights you have over your data. 

We hold information about individuals EITHER because we have their consent OR to fulfil our contractual obligations to them OR to fulfil our legal obligations OR because we have a legitimate interest in doing so to ensure that we can deliver the best possible community services. 

Information we hold 

Contact information 

Where we collect and hold personal information, this will include names and addresses and may also include (where relevant) email addresses (work or personal), telephone numbers (home, work or mobile) and social media details. 
Stakeholders, supporters, partners, CVS members, business contacts 

Where W3RT has a business relationship with you, we may keep additional information about your professional or voluntary role(s) and about our mutual interests, communications and exchanges. 
W3RT staff and volunteers 

We will hold information about your recruitment, induction, performance, management, absences, training, and (where appropriate) DBS checks. 
Service users 

We keep information about the services you request or use, and we keep information about your needs and preferences so that we can provide you with a better service. To safeguard your interests, we may also hold information about others including your family and GP. This will always be information that you provide to us, or that you authorise us to access. 
Financial information 

Where we have financial transactions with you, we will record these and we may need to hold your bank details. 

Sharing information

We will share your information with funders where we are required to do so. We will share your information with regulators or statutory agencies where we are legally required to do so. Where we deliver services in partnership with other organisations, we may share your data with these organisations to ensure that you receive the services you expect or request. 

Data retention policy 

We must keep certain financial and employment records for a period of time set down in law: usually six – twelve years. Other records may need to be retained because of the requirements of funders (to audit data) or insurers (to manage their risks). Except where legally or reasonably required to retain data longer, we will never hold personal data longer than is necessary for us to fulfil our purpose in holding it. 


Some of our websites may use cookies to record user data. These are separately identified on our websites and users must consent separately on each site. 

Our security arrangements 


All data is held on servers within the UK or EU and your data is not exported and does not cross regulatory boundaries. 

Anti-virus software 

All servers and PCs are protected by user passwords. We also use firewall and anti-virus software and these are regularly updated; but no-one can guarantee that these are 100% effective against all threats. 


Communications may be sent by e-mail. E-mail unless encrypted is not a fully secure means of communication. For ease of use and compatibility, email communications to you are not encrypted unless you require it and provide the certification to enable us to communicate with you in that way. 

Your rights

You have the following rights in relation to your data: 

  • The right to be informed - This statement informs you in general terms about what data we hold, why data is being collected, the lawful basis for the collection, how the data will be used, and our retention and sharing policies, and your rights. 
  • The right of access - You have the right to see the information we hold about you. 
  • The right to rectification - You have the right to have inaccurate personal data corrected and incomplete information completed. 
  • The right to erasure - Under certain circumstances, you have right to have your personal data erased (also known as the “right to be forgotten") but this right is not absolute and may not apply in certain circumstances. 
  • The right to restrict processing - People have the right to restrict or suppress the processing of their data but this is not absolute and may not apply in certain circumstances. 
  • The right to data portability - This right allows you to obtain and reuse your personal data for your own purposes. 
  • The right to object - You have the right to raise objections to us and seek clarifications from us. 
  • Rights in relation to automated decision making and profiling - You have the right to stop your data being included in any automatic processing where this processing might have legal or other consequence for you. 

How to raise queries or make requests 

To help you raise queries or make requests, W3RT has appointed a Data Protection Officer and you can contact this person via email at [email protected] or by calling 01923 216950 and asking to speak with the Data Protection Officer. 

Contact us 

If you have any questions or concerns about the data we hold on you, or if you would like to correct any errors or access any of your rights (see above), please contact our Data Protection Officer on [email protected] or call by calling 01923 216050.