This privacy policy applies to any personal data collected by Maroon Solis CIC, whether through our website, www.maroonsolis.co.uk, or by other means, such as in person, via email, telephone, social media, or through forms you may complete. Maroon Solis CIC, whose registered address is The Pavilion, Farm Road, Morden, Surrey, SM4 6RA (“We”), is committed to protecting and preserving your privacy.

This policy explains how we process personal data, how it is collected, and your rights in relation to it. We are committed to keeping your information secure and will comply fully with applicable UK data protection legislation and regulations, including the General Data Protection Regulation (GDPR). Please read this policy carefully to understand how we treat personal data. By engaging with Maroon Solis CIC, whether via our website or through any other communication, you accept and consent to the practices described here.

Types of Information We May Collect

We may collect, store, and use the following kinds of personal information from individuals:

– Information You Provide to Us: This includes data you provide by filling in forms on our website or offline forms (e.g., event sign-up forms), by telephone, email, or in person. The information may include your name, address, email address, phone number and other contact details.

– Information Our Website Automatically Collects: For each of your visits to our site, we may automatically collect technical information, such as a truncated and anonymised version of your IP address, browser type, operating system, platform and details about your visit (e.g., pages visited, time spent on site, how you arrived at the site).

Sensitive DataIn some cases, we may collect sensitive personal data, such as information related to your health or racial/ethnic origin, especially for programmes involving children or special needs. We will only collect this information with your explicit consent and process it in accordance with GDPR’s strict requirements for sensitive data.

Employee and Volunteer Data

We collect and process personal data from employees, volunteers, and other representatives in accordance with GDPR. This data is necessary for operational purposes, including payroll, health and safety, and management. The data will be handled in the same secure manner outlined in this policy.

Lawful Basis for Processing Data

We will process your data based on the following lawful grounds:

– Consent: When you have provided clear consent for us to process your data for a specific purpose, such as sending marketing communications.

– Contract: Where the processing is necessary to fulfil a contract you have with us, such as when you sign up for a programme or event.

– Legal Obligation: Where the processing is necessary to comply with the law.

– Legitimate Interests: When processing is necessary for our legitimate interests (e.g., improving our services) and where those interests are not overridden by your rights.

How We Use Your Information

We use the data in the following ways:

– Information You Provide to Us: We will use this information to contact you via telephone, email, SMS, or social media (e.g., WhatsApp) to provide you with further details about our programmes and services.

– Information We Automatically Collect: This information helps us administer and improve our website and ensure it is presented effectively for your device. It also assists with site security and debugging. The data is collected anonymously and is not linked to any information identifying you as an individual.

Sharing of Your Information

We may share your information with third parties, including our funders or sponsors, but only when required to fulfil our contractual obligations or when it is necessary for the performance of specific programmes. Any data shared will be in full compliance with UK data protection laws (GDPR). We ensure that any third-party processors, including funders or sponsors, are also GDPR-compliant and protect your data in accordance with legal standards.

We will not disclose your personal data to regional or national institutions unless required by law or other regulatory obligations.

Third-Party Service Providers

We work with third-party service providers to help us operate more effectively and deliver our services, such as payment processors, IT support, and event management platforms. Any personal data shared with these providers is done in accordance with GDPR and they are required to follow strict confidentiality and data protection requirements.

Data Security

We are committed to ensuring the security of your personal data. We use secure servers and trusted third-party providers to manage various aspects of our operations, including website hosting, email services and data storage. Each of these providers meets high data protection standards and follows our instructions on processing data in line with GDPR. Below is a breakdown of our third-party services:

• Website Hosting: Our website is hosted by Hostinger, which follows stringent security measures to protect your data.
• Email Services: We use Hostinger and Google Workspace for our email communications. This provider adheres to GDPR requirements and ensures that your email data is stored securely.
• Data Storage: We store personal data using Connecteam, Google, Microsoft and DropBox, secure cloud-based storage providers, which comply with GDPR to safeguard your information.

While we work diligently to protect your data, the transmission of information over the internet is not entirely secure, and any transmission is at your own risk. Once we receive your data, we follow strict security measures to prevent unauthorised access.

Data Minimisation and Accuracy

We only collect personal data that is necessary. We also take reasonable steps to ensure that the personal data we hold is accurate and kept up to date. If any of your information changes, please inform us so that we can update our records.

Data Retention Policy

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or for up to 6 years, depending on the nature of the data and any legal obligations. After that period, we will securely delete or anonymise the data.

International Data Transfers

If we transfer your personal data outside the UK, we ensure that it is protected by appropriate safeguards, such as standard contractual clauses approved by the UK government, or ensuring that the country has adequate data protection laws in place.

Data Breach Procedures

We have implemented procedures to deal with any suspected data breach. If a data breach occurs that may pose a risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) within the timeframes required by law.

Your Rights – Access to Your Personal Data

Under GDPR, you have the right to:

– Request access to the personal data we hold about you.

– Request rectification of incorrect or incomplete data.

– Request erasure of your data under certain conditions.

– Restrict the processing of your data.

– Object to the processing of your data, particularly in cases of direct marketing.

– Request the transfer of your data to another organisation (data portability).

If you have provided consent for any data processing, you can withdraw this consent at any time, and we will stop processing your data unless there are legitimate grounds to continue. To exercise any of these rights, please contact us at www.ico.org.uk.

Cookies

Our website uses cookies to improve your browsing experience and to distinguish you from other users. For more details, refer to our Cookie Policy.

Changes to Our Privacy Policy

We may update this privacy policy occasionally. Any changes will be posted on this page and, where appropriate, communicated via email. Please revisit this page regularly to stay informed of updates.

Contact

If you have any questions, comments, or requests regarding this privacy policy, please contact info@maroonsolis.co.uk or write to us at: The Pavilion, Farm Road, Morden, Surrey, SM4 6RA

Last Updated: December 2024