JHERA’s Data Protection Policy and the Data Protection Procedure are as follows. Signed versions of the policy and procedure are available here.

Our Cookie Policy is here.

JHERA Data Protection Policy

1. Definitions

1.1. Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.

1.2. Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

2. Responsibility

2.1. Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld.

2.2. All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the group.

3. Overall policy statement

3.1. JHERA needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities.

3.2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.

3.3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.

3.4. We will only collect, store and use data for:

• purposes for which the individual has given explicit consent, or
• purposes that are in our group’s legitimate interests, or
• contracts with the individual whose data it is, or
• to comply with legal obligations, or
• to protect someone’s life, or
• to perform public tasks.

3.5. We will provide individuals with details of the data we have about them when requested by the relevant individual.

3.6. We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.

3.7. We will endeavour to keep personal data up-to-date and accurate.

3.8. We will store personal data securely.

3.9. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.

3.10. We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.

3.11. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.

3.12. To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.

Data protection procedures

1. Introduction

1.1. JHERA has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.

1.2. These procedures cover the main, regular ways we collect and use personal data.

We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.

2. General procedures

2.1. Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored online in a third party website (e.g. Google Drive) we will ensure the third party comply with the GDPR. When it is stored on paper it will be filed carefully in a locked filing cabinet.

2.2. When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.

2.3. We will keep records of consent given for us to collect, use and store data. These records will be stored securely.

3. Mailing list

3.1. We will maintain a mailing list. This will include the names and contact details of people who wish to receive information from JHERA.

3.2. When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give separate consent to receive publicity and fundraising messages, and will only send them messages which they have expressly consented to receive.

3.3. We will not use the mailing list in any way that the individuals on it have not explicitly consented to.

3.4. We will provide information about how to be removed from the list with every mailing.

3.5. We will use mailing list providers who store data within the EU.

4. Contacting volunteers

4.1. Local people volunteer for JHERA in a number of ways.

4.2. We will maintain a list of contact details of our recent volunteers. We will share volunteering opportunities and requests for help with the people on this list.

4.3. People will be removed from the list if they have not volunteered for the group for 12 months.

4.4. When contacting people on this list, we will provide a privacy notice which explains why we have their information, what we are using it for, how long we will keep it, and that they can ask to have it deleted or amended at any time by contacting us.

4.5. To allow volunteers to work together to organise for the group, it is sometimes necessary to share volunteer contact details with other volunteers. We will only do this with explicit consent.

5. Contacting committee members

5.1. The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met.

5.2. Committee contact details will be shared among the committee.

5.3. Committee members will not share each other’s contact details with anyone outside of the committee, or use them for anything other than JHERA business, without explicit consent.

Cookie Policy

Introduction

JHERA may use cookies, web beacons, tracking pixels, and other tracking technologies when you visit our website jhera.org, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the “Site”) to help customize the Site and improve your experience.

We reserve the right to make changes to this Cookie Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Cookie Policy. Any changes or modifications will be effective immediately upon posting the updated Cookie Policy on the Site, and you waive the right to receive specific notice of each such change or modification.

You are encouraged to periodically review this Cookie Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Cookie Policy by your continued use of the Site after the date such revised Cookie Policy is posted.

This Cookie Policy was created using Termly’s Cookie Consent Manager.

Use of cookies

A “cookie” is a string of information which assigns you a unique identifier that we store on your computer. Your browser then provides that unique identifier to use each time you submit a query to the Site. We use cookies on the Site to, among other things, keep track of services you have used, record registration information, record your user preferences, keep you logged into the Site, facilitate purchase procedures, and track the pages you visit. Cookies help us understand how the Site is being used and improve your user experience.

Types of cookies

The following types of cookies may be used when you visit the Site:

Advertising Cookies

Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you. These cookies allow advertisers and ad servers to gather information about your visits to the Site and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about you.

Analytics Cookies

Analytics cookies monitor how users reached the Site, and how they interact with and move around once on the Site. These cookies let us know what features on the Site are working the best and what features on the Site can be improved.

Our Cookies

Our cookies are “first-party cookies”, and can be either permanent or temporary. These are necessary cookies, without which the Site won’t work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, but may affect the functionality of the Site.

Personalization Cookies

Personalization cookies are used to recognize repeat visitors to the Site. We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Site.

Security Cookies

Security cookies help identify and prevent security risks. We use these cookies to authenticate users and protect user data from unauthorized parties.

Site Management Cookies

Site management cookies are used to maintain your identity or session on the Site so that you are not logged off unexpectedly, and any information you enter is retained from page to page. These cookies cannot be turned off individually, but you can disable all cookies in your browser.

Third-Party Cookies

Third-party cookies may be place on your computer when you visit the Site by companies that run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.

Control of Cookies

Most browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser’s settings. Please be aware that such action could affect the availability and functionality of the Site.

For more information on how to control cookies, check your browser or device’s settings for how you can control or reject cookies, or visit the following links:

• Apple Safari
• Google Chrome
• Microsoft Edge
• Microsoft Internet Explorer
• Mozilla Firefox
• Opera
• Android (Chrome)
• Blackberry
• iPhone or iPad (Chrome)
• iPhone or iPad (Safari)

In addition, you may opt-out of some third-party cookies through the Network Advertising Initiative’s Opt-Out Tool.

Other tracking technologies

In addition to cookies, we may use web beacons, pixel tags, and other tracking technologies on the Site to help customize the Site and improve your experience. A “web beacon” or “pixel tag” is tiny object or image embedded in a web page or email. They are used to track the number of users who have visited particular pages and viewed emails, and acquire other statistical data. They collect only a limited set of data, such as a cookie number, time and date of page or email view, and a description of the page or email on which they reside. Web beacons and pixel tags cannot be declined. However, you can limit their use by controlling the cookies that interact with them.