Data Privacy Statement



Data Privacy Statement for Supporters


Personal data

This Data Privacy Statement is for groups and organisations who support the CVO. In this Data Privacy Statement, the word “supporter” means someone who receives our monthly e-bulletin or similar updates from us. There are separate Data Privacy Statements for clients, volunteers and referral agencies. If you are in one of these groups, please also ask for its Data Privacy Statement, if you would like to see it.


What personal data do we hold?

If you are a supporter, we will hold your name, the name of your organisation and email address.


How is your personal data kept safe?

Your details are held in a spreadsheet. This file is password-protected and kept on a password-protected computer. Your details are also transferred to and stored on Mailchimp (our marketing platform) and Milo (our data managing and reporting platform), both of which are GDPR compliant.


What is your data used for?

Your data that is stored on Mailchimp is only used to send you our monthly e-bulletin and other similar updates. This may include information about training or events.

Your data that is stored on Milo is used to determine and analyse our interaction with organisations, for example, how many people attend our training courses over the year.


Does the CVO have a right to your data?

Under Data Protection legislation, the CVO needs to have a “lawful basis” for keeping your data, and for using it. There are several types of “lawful basis”. One of them is called “legitimate interest”. If you are a supporter of the CVO then it is reasonable (“legitimate”) for us to keep your data and send you monthly e-bulletins or similar updates and/or manage your data on Milo.

We will not send you newsletters or any other information unless you have agreed to be added to a mailing list. We will ask you clearly if you are happy to be added to a mailing list. You can say yes or no, or not reply. If you say yes, you will have given “consent” and we will record your details on the mailing list. The lawful basis for us to hold your data is then called “consent”.

We will not record your details on the mailing list unless you give consent.


Who can see your data?

The only people who have access to your data are the CVO Chief Executive, our Third Sector Coordinator and our Community Worker. We are as careful as possible to make sure no one else has access to your data.


How long will your data be kept?

Your details will be kept for as long as you are happy to receive information from us. At any time you can tell us that you are withdrawing consent. If you do that, we will take your details off the mailing list. We may keep enough of your details to make sure we don’t send you any information by mistake.


Who can you speak to if you have questions?

If you have questions about your data, and what we do with it, you should contact the CVO Chief Executive:

Fiona Fawdry, Chief Executive
Phone: 01563 574000


What rights do you have?

You have a number of rights under Data Protection legislation:

  1. The right to be know what data we hold:
    You have a right to know what personal data we hold about you. This Data Privacy Statement describes the data that we will hold. You can ask if we have any other data about you which is not covered by this Data Privacy Statement.
  2. The right to have a copy of the data we hold:
    You can ask for a copy of the data we hold about you. This is called a “subject access request.” If you make a “subject access request”, we will give you a copy of all the data we hold about you. We will do this within one month. If it helps, we will give you the data in a computer file.
  3. The right to object:
    You can object if you think we are using your data in the wrong way. You can also object if you think we don’t have “lawful grounds” for using your data. We will give you a statement explaining why we use your data and explaining the “lawful grounds.” If you are still not happy, you can complain to the Information Commissioner’s Office. If we find we are using your data in the wrong way, we will stop immediately and stop it happening again.
  4. The right to have your data corrected:
    If you think there is a mistake in your data, please tell us. You have a right to have it corrected. We may need to check what is the correct data, but will put right any mistakes as soon as possible.
  5. The right to be forgotten:
    We promise to remove your data after six years. You have a right for this to happen, because we don’t need to keep your data any longer than six years.


Finally, if anything happened to your data that could be a risk to you, we will do our best to tell you.