Who Are We?
Community Places is the only region-wide charity which provides advice and support on planning; community engagement and community planning services to individuals and communities. We are managed by a voluntary Board of Directors elected from our member groups and we currently employ six staff.
We are committed to protecting and respecting your privacy. This privacy notice explains why we collect information from people and how we use it. We are both a data controller and a data processor in the context of the General Data Protection Regulations which come into effect in May 2018. Our registered office address is 2 Downshire Place, Belfast, BT2 7JQ.
What Personal Information Do We Collect?
Personal information we collect may include: your name; address; telephone number; email address; and postcode. We may also collect the following for Board and staff members: date of birth and National Insurance number.
Bases and Purposes of Processing
We outline below the different bases upon which we process personal information collected from different categories of individuals and the purpose of the processing.
If you are a service user (and/or a member beneficiary of our advice and support; community engagement and community planning services) we will collect and process personal information from you on the basis of legitimate interest. We have identified our legitimate interest as providing you with the advice, support and related service you have requested and which is within our remit and function as a region-wide advice giving charity. We only collect the personal data of the people who have requested our service in order to provide it and we will use your personal data only as you might reasonably expect us to. This may include contacting you by letter; email; or telephone about your advice case and/or other planning and related matters. We will not share your personal data with any other organisation. We undertake ongoing research on the effectiveness of and demand for our advice services - we thus retain historical data on our casework, but your identifiable personal information does not feature in this, only the casework subject matter.
If you are member of our Board of Directors we will collect and process personal information from you on the basis of legal obligation. The purpose of this processing is charity governance and it is a regulatory requirement for us to provide some personal information to a range of bodies including HMRC; the Charity Commission NI and Companies House.
If you are an employee we will collect and process personal information from you on the basis of the contract of employment you have with us. The purpose of the processing will include training, payroll and other personnel functions. Recipients of employee personal data will include HMRC, pension providers and funders.
If you apply for a job with us (a job applicant) we will process the personal information you provide on the basis that you might soon enter into a contract with us as an employee. The purpose of the processing is to contact you about the vacancy, progress your application and to assess your suitability for the post. Only our staff and recruitment panel (upon which our Board of Directors is represented) will have access to this data and it will not be shared with anyone else. We will destroy all job applicants’ personal information and job applications six months after the recruitment exercise has ended.
We will retain personal information for as long as is required by law or for as long we consider it necessary for our legitimate business purposes.
Technical and Organisational Security Measures
Personal information we collect from you is stored either: (a) in hard copy or electronic format at our registered office or (b) in the cloud (via Microsoft Office 365 or Salesforce CRM).
Only Community Places’ staff have access to and are authorised to view and process your personal information. Access to all our cloud data is by named licenced user only and is password protected. Our data is protected by Secure Socket Layer (SSL) technology using both server authentication and data encryption and is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.