The Wimbledon Synagogue Privacy Notice
- 1. Introduction
At The Wimbledon Synagogue we recognise the importance of keeping personal information secure and confidential. We take care to comply with the requirements of UK data protection law, including the General Data Protection Regulation (GDPR), in the way that we handle information relating to members, staff, visitors and anyone else with whom we interact (“you”). We are required to provide you with certain information about this, which is the purpose of this notice.
For the purposes of the law the “controller” (meaning the party legally responsible for complying with data protection law) is Wimbledon and District Synagogue (“WDS” or the “Synagogue”). If you have a query or concern about this topic or if you wish to exercise any of your rights over your personal data (see section 4 below), please contact us as follows:
Address: 1 Queensmere Road, London, SW19 5QD
Telephone: 020 8946 4836
Please also get in touch promptly to let us know if your contact details change. This will help us maintain the accuracy and security of your information.
- Your Personal Data
2.1 What types of information might WDS hold about you and where does it get it?
The types of information WDS will hold about you will naturally depend on the nature of your relationship with the Synagogue. In general this information comes directly from you or is created by the Synagogue in the course of your involvement with its activities. (Note that there is no legal obligation on you to provide the Synagogue with your personal data. There will be some situations, however, where if you choose to withhold relevant information about yourself the Synagogue may be restricted in assisting you, such as in the context of its pastoral work or if you are a job applicant with unexplained gaps in your CV.)
WDS may also hold information about you which it obtains in other ways, such as from recruitment agencies or referees (for job applicants and employees), other WDS members, relatives, carers, community organisations, your employer (if you are providing services to WDS) or occasionally from the internet (such as information about visiting speakers).
Commonly held types of data include name and contact details and, depending on your situation, information regarding (for employees) your employment and education history, related references and all HR administration matters, and (for members) subscription and other payments and Gift Aid-related tax status; details of family members; social circumstances; health-related information; religious beliefs and Jewish status; participation in Synagogue and broader community activities; and photographs and videos (e.g. of your involvement in Synagogue activities, or CCTV images from security cameras on WDS premises).
2.2 What are the various purposes for which WDS uses your personal data?
WDS uses personal data for administrative and operational purposes as a company, an employer and a charity, particularly in connection with its religious, pastoral, educational, cultural, social and community activities and services, including associated security arrangements.
These general purposes include, for example, notifying members about community news, events, and other information that may be of interest, whether relating to the Synagogue or communal life more broadly. From time to time such communications may include requests for fundraising support, such as at the time of requesting annual membership renewals. The Synagogue may contact you by post, email or telephone, as may be appropriate to the circumstances. Members are welcome to contact WDS if they wish to be removed from particular circulation lists.
2.3 Who might WDS share your personal data with?
WDS will only disclose information about you to others insofar as is appropriate for the above purposes. Depending on your circumstances, such recipients may include, for example: Synagogue management, members, volunteers and visitors; Religion School (Cheder) staff; healthcare, social and welfare organisations like Nightingale Hammerson; Apples & Honey Nursery; Mosaic Jewish Primary School; professional advisers and companies providing services to WDS; HM Revenue and Customs and other public authorities; and (in the case of WDS management) the Charities Commission and Companies House.
As WDS is a constituent member of Reform Judaism (previously the Movement for Reform Judaism) we pay a levy based on our membership fees to Reform Judaism and this entitles our members to services that we alone cannot offer (such as the rabbinical law court (Beit Din), summer camps (e.g. RSY-Netzer) and educational events). We also share statistical membership data with them for the purposes of their demographic monitoring of, and planning for, the community, as well as our member contact details so they can provide information about their services, news and events direct to our members, including by email. Their website is at https://www.reformjudaism.org.uk. If you prefer not to hear from Reform Judaism about their activities you can let them or us know.
In respect of fees you pay through your membership to the Joint Jewish Burial Society (JJBS), your membership information is also shared with them.
2.4 What is the lawful basis for WDS to use data in the ways described?
The law specifies limited grounds on which it is permissible for an organisation to collect, use and disclose personal data, and it requires organisations to indicate which are relevant to their activities. Mostly, the following legal grounds justify the Synagogue’s handling of personal data:
- it is necessary for the performance of a contract (i.e. the membership or employment contract with you), e.g.:
- recording members’ contact information and subscription payment records;
- providing member data to JJBS;
- it is necessary for compliance with a legal obligation, e.g.:
- providing names of Trustees to the Charities Commission;
- it is necessary for a legitimate interest of the Synagogue (such as managing its activities) or a third party, as long as these interests are not outweighed by considerations of your privacy, e.g.:
- for the wardens to have access to a yahrzeit list and to telephone members to ask if they would like to participate in a service at the relevant period;
- to circulate a security duty rota with names and email addresses so that people on it can arrange swaps;
- to publish newsletters containing news of members at Synagogue events;
- consent, e.g.:
- WDS will endeavour to obtain your consent where appropriate and practicable, for example before publishing a photograph of you on its website or social media pages;
- where members provide their email or telephone contact details to WDS, this amounts to consent for WDS to communicate with them by email, telephone or text message regarding Synagogue news and events or broader communal matters;
- becoming a member of the Synagogue incorporates consent for it to share members’ details with its umbrella organisation, Reform Judaism.
Special category data
The law deems some types of personal data as inherently sensitive and puts more restrictions around its handling. Religious beliefs, ethnic origin and health information all fall into this “special category” of data. However, there are various bases which permit WDS to handle such information, including:
- where this is necessary in connection with employment or to obtain legal advice;
- where this is necessary for substantial public interest reasons;
- where the information has been made public by the individual;
- where the information relates to current or former members or other key contacts, is being used for the legitimate activities of WDS (being a not-for-profit body with a religious aim), is protected by appropriate safeguards, and the data is not disclosed to other bodies without consent; or
- where the individual has given explicit consent.
Please note that where the Synagogue collects, uses or discloses your data on the basis of your consent you have the right to notify it at any time that you withdraw that consent. This will not make the Synagogue’s previous use of your data unlawful. Also, WDS may have other legal grounds on the basis of which it can nevertheless lawfully continue to process the relevant data.
- How Long Do We Keep Information About You?
WDS retains personal data for as long as such information is needed for the purposes for which it is used. This will include any mandatory or appropriate record-keeping period that might be necessary for legal or accounting purposes, etc. For example, we will retain relevant personal information for at least 7 years to meet Charity Commission and HM Revenue and Customs (HMRC) requirements. Employee-related data will be retained in general for 7 years after the termination of employment.
Most membership data is retained for a period of two years after their membership expires. However, as a communal institution, the Synagogue also maintains a historic archive of its activities, including a register of past members. Council and AGM agendas and minutes are also retained permanently.
- Your Rights Regarding Personal Data
Subject to certain limitations, by law you have the right to ask WDS to:
- give you a copy of your personal data (subject to the privacy rights of other people);
- correct or complete any personal data it holds that is incorrect or incomplete;
- stop using your details for direct marketing;
- stop using your personal data in a particular respect where WDS does so in reliance on its legitimate interests or on the public interest or on your consent (see section 2 above);
- stop handling your data in a particular way pending the outcome of an objection you have raised to its doing so;
- delete your personal data where there is no lawful justification for WDS to retain it; and
- transfer your personal data to you or another organisation (e.g. another synagogue) in a commonly used electronic format (this is known as the “right to data portability”).
Where you make one of the above requests, the response will generally be provided without charge and within one month if not sooner. Should an extension of up to two months be required to deal with complex cases we will inform you within the first month. A charge can be made, or the request refused, if it is clearly unfounded or excessive.
If at any time you think that the Synagogue’s handling of your personal data breaches data protection law you also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office (see their website at https://ico.org.uk or telephone them on 0303 123 1113).
- Internet Websites: Cookies, etc.
We may use “cookies” on our website and social media pages to give you a better experience and to monitor how visitors use the website, as this will help us make improvements for the future. These cookies do not enable us to identify website visitors by name, however, and simply provide us with anonymous statistics.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies, but if you do so, parts of the website may not work correctly. For more information about cookies you may wish to consult the Information Commissioner’s Office website (see: https://ico.org.uk/your-data-matters/online/cookies/).
5.2 Security and Links
The WDS website uses security processes that protect your information from unauthorised use and we have procedures and security features in place to keep your data secure once we receive it. However, as no data transmissions over the Internet can be guaranteed to be 100% secure, we cannot take responsibility for any unauthorised access or loss of personal information that is beyond our control, e.g. whilst in transit.
- What if your data is affected by a security breach?
WDS has technical and administrative measures in place that ensure an appropriate level of security for your information and protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage.
In the unfortunate event of an incident occurring, such as hacking, which resulted in the confidentiality of information held by WDS potentially being compromised, rest assured that we would promptly investigate and take action to limit any adverse consequences and have the source of the problem fixed. We would also comply with the legal requirements to notify the Information Commissioner and those affected, which depend on the type of information in question and the level of risk to individuals’ privacy.
- Changes to this Privacy Notice
Our Privacy Notice may change from time to time to reflect changes in our practices or in the law. In this case, the amended version will be published on the WDS website. Where appropriate we will draw members’ attention to any material changes.
Last Updated: 15 June 2018