Who we are

Introduction

Covent Garden Dragon Hall Trust is a charity (Charity Number 1087268). We are contracted by Islington Council to manage SoapBox Islington Youth Centre. SoapBox provides youth services to young people age 13+ who live or go to school in Islington. We partner with other organisations in the delivery of activities and services and also hire out space in the building on a commercial basis. The money raised from hiring is invested back into the youth services.

We collect and process personal information to enable us to provide youth services and run our commercial operation. Looking after the personal information you provide and respecting your rights to privacy are very important to us. We will make sure that your personal information is secure and guard it against unauthorised access and loss.

This policy details what we collect, why we collect it, your rights and other important information.

Our website address is: https://soapboxislington.org.uk/

What personal data we collect and why we collect it

Purpose

• Enquiring about our organisation and its work
• Subscribing to email updates about our work
• Making a donation
• Signing up as a member
• Website functionality

Data (key elements)

• Name, email, message
• Name, email
• Name, email, address, payment information
• Name, email
• Website activity collected through cookies

Basis

• Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect.
• Consent – you have given your active consent.
• Legitimate interests – this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message.
• Contract – by paying your membership fees you have entered into a contractual relationship with us as set out in our membership terms and conditions.
• Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.

How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table at the top of this policy.
For example, we may use your personal information to:

• reply to enquiries you send to us
• handle donations or other transactions that you initiate, this includes room booking payments made online. We do not collect credit/debit card information, when making a payment you are directed to a secure server run by WorldPay to make your payment
• where you have specifically agreed to this, send you marketing communications by email relating to our work which we think may be of interest to you

When we share your data

We will only pass your data to third parties in the following circumstances:

• you have provided your explicit consent for us to pass data to a named third party
• we are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfills our legal obligations in relation to the use of third party data processors
• we are required by law to share your data

In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

How long we keep your data

We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required.
Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.

Rights you have over your data

You have a range of rights over your data, which include the following:

• Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails).
• You have the right to ask for rectification and/or deletion of your information.
• You have the right of access to your information.
• You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed.

A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us.
Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.

In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

What personal data we may collect online when you visit our website and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.