General Data Protection Regulation (GDPR) 2016 Privacy Notice
Overview: What you need to know in brief
https://www.naseby.com/ is the website of the Naseby Battlefield Project (NBP). This means that Naseby Battlefield Project are the “Data Controllers” of this website. We operate this website to communicate with our members and raise the profile of the Naseby Battlefield. We use the lawful basis of consent, legitimate interests and compliance with a legal obligation for processing personal data. We use a limited amount of third parties that process personal data either directly on our website or indirectly through external lines to the service providers own webpage.
Preservation of your privacy is important to the Naseby Battlefield Project and we are committed to letting you know how we use your personal information, keeping personal data safe and secure and to making only responsible use of your data. We ask you to read this Privacy Notice and Cookie Notice in full prior to your engagement and if you have any questions or concerns to contact us at email@example.com
This notice may be updated from time to time: Last updated August 2023
1.Who we are
https://www.naseby.com/ is the website of the Naseby Battlefield Project (NBP). This means that Naseby Battlefield Project are the “Data Controllers” of this website. References to “we”, “us”, “you” or “our” in this privacy statement are references to the Naseby Battlefield Project.
NBP is a charitable company limited by guarantee registered in England and Wales, registered company number: 05910579; and a charity registered in England and Wales, registered charity number: 1119178.
This statement relates to the various contact types associated with the Naseby Battlefield Project, including members, individual contacts of members, supporters, volunteers and patrons.
2. Why we have a website
We have two main purposes for operating this website: Communication and Awareness Raising
We use this website to communicate information about our organisation, services, events and about information that may be of interest to our members and the wider public. We also operate this website to enable our users to communicate with us. In addition, we maintain a presence on social media platforms such as Facebook.
We use this website to further our mission in providing information about the battlefield at Naseby.
3.What personal data we collect
In order to operate our services and this website, we must process personal data. In all instances, we endeavour to collect the minimal amount of information necessary to achieve our purposes. We use the lawful basis of consent, legitimate interests and compliance with a legal obligation for processing personal data.
The Naseby Battlefield Trust is a membership and volunteering organisation with supporters, and as a result, we collect details about individuals when they register as a members, volunteers, supporters and visitors to the battlefield tours.
We ask for some basic personal information from you as an individual, in the following situations:
- As a member of the NBP.
- If you sign up as a supporter of the NBP.
- If you sign up as a volunteer with the NBP.
- If you sign up for a tour with NBP.
- If you make a donation to NBP.
This information will include your full name, email address and phone number. We also may ask for some non-personal data (e.g. how you heard about the NBP or the services -tours & events- you are interested in). You are responsible for making sure you give us accurate and up to date information.
Please note: If you provide information on behalf of another person, you will need to tell them how to find this privacy statement and make sure they agree to us using their information for the purposes set out in it.
Services & Donations
We will also collect personal data when you access the services we offer. Depending on the service you use, the way we collect data is including but not limited to the following:
- Tours – name, email address, organisation, location, photograph consent for all events and payment details for paid events only.
- Events – name, email address, organisation, location, photograph consent for all events and payment details for paid events only.
- Donations – name, email address, organisation, location and payment details
- Support area of website – name, email address, organisation, and query details.
- Academic & education sign-up – name, email address, job title, organisation and query details.
- Online feedback or research surveys – name, organisation and email address.
In all instances where we collect personal data from individuals it is to deliver our charitable services.
4. How we use your personal data
We use your personal information to manage your membership account on our customer relationship management system and/or to provide the services you have requested from us.
Marketing our events and services is important for our work. When you become a member, supporter or volunteer, and at other times, you are invited to opt-in to our marketing communications. You can unsubscribe at any time from these communications without affecting your membership status (see section 5 below). If in any case, your specific, unambiguous consent is not received, we will not send you marketing information.
Our email marketing (which includes some but not all member communications) may be trackable at an individual level, allowing us to determine, for example, opens and link clicks. This information is generally used to help assess the effectiveness of communications so that – for example – we can send you more of what you like.
We never share your information with third parties for marketing purposes without asking for specific, unambiguous consent. For example, some of our events are delivered alongside a relevant partner (e.g. community voluntary service organisations). On some occasions, we might ask you if we can share those details with the partner. This will be very clear on the event sign up form. If in any case, this consent is not received then your data will not be shared.
From time-to-time, we may use your feedback and attribute it to you (e.g. by quoting a name and organisation alongside the feedback). We take this information from the surveys you are asked to complete and we do so to talk about our services publicly or demonstrate the impact of the charity to key stakeholders e.g. funders. We never share your information without asking for specific, unambiguous consent. This will be very clear on the relevant forms you complete. If in any case, this consent is not received then your data will not be shared.
As a member, supporter or volunteer of the NBP, you will receive regular, relevant communications from us (e.g. a monthly digest and an events bulletin). Signing up as a member, supporter or volunteer includes automatic subscription to these communication channels. From time to time, we may also contact you to ask you to engage with various initiatives we run on behalf of NBP.
You have the right to withdraw your consent from receiving our communications at any time. For more information, see section 5 below. You can unsubscribe from communication channels without affecting your membership status with the NBP.
Sharing personal data
We never share your information with third parties, unless it is necessary to deliver the service you have requested from us. Primary examples of this include, but are not limited, to:
- Sharing data with our event venues for security and safety purposes, or to ensure our accessibility obligations are met.
- Sharing data with our external event staff or volunteers, including our trainers.
- Sharing data with your event organiser if you have signed up for the event.
- Sharing your data with an expert academic or educationalist if you have contacted our support area of the website.
5. Your Data Subject Rights
NBP as an organisation is committed to ensuring the rights and freedoms of our website users and members are respected and that you as a data subject are enabled to exercise your rights. Under data protection law, you have specific rights including
To update your data
If you wish to access or rectify personal data that has been collected (see section 3 for examples) or if you wish to receive any personal data we hold on you, please contact firstname.lastname@example.org and we will respond to your request within one calendar month.
To delete your data
If you wish to have your data removed entirely from our records, please contact email@example.com and we will respond to your request within one calendar month.
Please note that for legal reasons we are required to keep financial/transactional records for a minimum period of six years from the end of the financial year in which the transaction was made.
To move your data
If you wish to have your data transferred from the NBP to another organisation, please contact firstname.lastname@example.org and we will respond to your request within one calendar month.
To withdraw your consent
If you wish to withdraw your consent from receiving our email communications, contact email@example.com and we will respond to your request within one calendar month.
To object to, or restrict data processing
If you object to the processing of your personal data, or wish to restrict the way in which it is processed by us, please contact firstname.lastname@example.org we will respond as soon as possible. Please note that this may affect our ability to deliver our services to you.
6. How long we retain your data
We retain your personal data for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation, typically 6 years). In addition, personal data may be securely archived with restricted access (and other appropriate safeguards) where there is a need to continue to retain it.
We will ask you on a regular basis to update your membership details with the NBP.
Financial records, including those of event payments and refunds, will be retained for a minimum period of six years from the end of the financial year in which the booking was made in order to comply with statutory obligations.
7. How we keep personal data safe
The Naseby.com website processes a small amount of personal data. However, we take our duty to protect this data very seriously and have in place safeguards to do this through our contract with our website and other service providers.
To the best of our ability, we will keep any personal data safe. However, no system or transmission over the Internet is 100% secure. This means that we are unable to absolutely guarantee the security of personal data.
If you become aware of something that gives your concern about the security of your personal data, please contact email@example.com.
8. Use of Third Parties
As an organisation NBP use a small number of third-party service operators to host our website, for our CRM and to enhance the experience of our website. The table below provides information about the service, why we are using it, additional information and links to their Privacy and Cookie notices. Please be aware that when you click these links, you are leaving our website and we have no control over these third-party websites use of personal data or cookies.
|Name of Service
|Reason we use it
|If I don’t want this service what can I do?
|This service enables you to book events & programmes with us
|Contact us by email
|This service enables you to subscribe to our newsletter
|Contact us by email
|This service provide our billing and receipt of donations services
|Contact us by email
|This service hosts our website and CRM allowing us to manage our membership, supporter and volunteer data
|This service provides a core function and you are not able to opt out without affecting your membership status
|This service maintains our website
|This service provides a core function and you are not able to opt out without affecting your membership status
Please note: Some of these companies may transfer data outside the EU/EEA. In such cases additional safeguards such as Standard Contractual Clauses and Data Processor Addendums are in place.
This service enables you to book events and programmes with us
You can contact us directly by email.
This service enables you to subscribe to our newsletter
You can access our newsletter on our website.
We have opted out of Mailchimp’s Data Analytics Project. You can too at https://mailchimp.com/dsar-requests/
This is the service that hosts our website and our CRM system to enable us to properly manage our membership data
This service provides a core function and you are not able to opt out without affecting your membership status.
9. Our Social Media Presence
We have a presence on social media platforms such as Facebook and Twitter (X). These accounts are used to post information such as notices about our events and to promote the activities of our members by reposting appropriate content. Occasionally, we may run a competition or promotion through these channels.
Please be aware that any responses to our content on these platforms is done through your own choice, at your own risk and without expectation of privacy. We say this because we are not able to control how other users on these platforms may act. We are also not able to control how these platforms may use your personal data nor do we endorse how these services use personal data.
The table below lists our social media account platforms with links to their privacy and cookie notices. We advise you to read these policies in advance of using their services. Please be aware that when you click these links, you are leaving our website and we have no control over no do we endorse these third-party websites use of personal data or cookies.
Social Media Platforms
Links to Policies
10. Questions or complaints
If you have questions or a complaint about the way your personal data has been processed by the Small Charities Coalition, please email contact firstname.lastname@example.org and we will look in to this for you as a matter of priority.
If you wish to take your complaint further, you can contact the Information Commissioner’s Office (ICO), which is the independent regulatory authority who exist to uphold information rights in the UK. For more information, visit their website or call their helpline on 0303 123 1113.
The key terms that we use throughout this privacy notice are defined below, for ease:
Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.
Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email marketing service that facilitates mass distribution of marketing material to a Data Controller’s customer-base.)
Personal Information: in this privacy notice we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information which has been anonymised.
Special Information – certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.
How you can get involved
There are numerous ways that you can help us continue the valuable work of
educating and inspiring as many as possible about the enduring importance of what happened over 2 hours at Naseby. you can
also continue to expand your understanding of the battle and its ongoing consequences by sharing our latest findings and news.