New Wine is fully committed to compliance with the requirements of the General Data Protection Regulation and will therefore follow procedures which aim to ensure that all employees and volunteers or others serving New Wine who need to have access (see Data Sharing below) to any personal data held by or on behalf of New Wine are fully aware of and abide by their duties under the General Data Protection Regulation.
We rely on Legitimate Interest as the lawful basis for processing personal data. The data we process is freely provided by the data subject at the point of account registration (with the exception of family/group bookings, see below). We request the minimum amount of data to carry out the processes requested by the data subject, and do not share this data outside of our organisation (exceptions outlined under Data Sharing below). We also process data for the purpose of direct marketing of events and products that we believe are of interest and benefit to the individual, and always provide a clear and simple option to unsubscribe from such communications.
New Wine needs to collect and use information about employees, delegates, volunteers and referees (for volunteer applications) in order to operate and carry out its functions. New Wine may also be required by law to collect and use information. New Wine regards the lawful and appropriate treatment of personal information vital to successful operations and in maintaining confidence between New Wine and those with whom it carries out business.
On visiting our website, New Wine receives and records information from your browser, including your IP address and cookies (see Cookies below). We also use Google Analytics to monitor how visitors use our website. These forms of data collection are to enable us to make our user experience useful and relevant.
New Wine may also collect and store information about your financial transactions with us. This is needed to keep a record of income, for tax purposes and to process payments and Gift Aid. We do not have access to your credit card details if you have paid online and we do not retain your credit card details provided by any other means once your payment has been cleared (e.g., for donations to our event offerings). All online payments are processed via a GDPR-compliant third party (Sage).
New Wine allows 13-18 year-olds to create personal accounts for the purpose of Team (volunteer) applications. Personal details relating to Team applications for United will only be shared with authorised Team Leaders.
The information we ask you to provide when creating a New Wine account will be used to create your user profile, which can be accessed and used by New Wine to offer administrative support; in relation to any further action you may take relating to your account (e.g., booking for an event); and to contact you about products and services that may be of interest (we always provide an opportunity to opt out of receiving further communications at the time you are contacted).
If you have a Facebook account linked to your email address, we may let you know about New Wine products and services that may be of interest to you via Facebook.
New Wine will, through management and use of appropriate controls, monitoring and review:
- Use personal data in the most efficient and effective way to deliver its services.
- Strive to collect and process only the data or information which is needed.
- Use personal data for such purposes as are described at the point of collection, or for purposes which are legally permitted.
- Strive to ensure information is accurate.
- Not keep information for longer than is necessary.
- Securely destroy data which is no longer needed.
- Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data).
- Ensure that information is not transferred abroad without suitable safeguards.
- Ensure that there is general information made available to the public of their rights to access information.
- Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation. These rights include:
- The right to be informed
• The right of access to personal information
• The right to request rectification
• The right to request erasure
• The right to restrict processing in certain circumstances
• The right to data portability
• The right to object to processing