Data Protection Policy 

Organisation Details 

Name: Stoke Hill Community Association.

Address: St Katherine’s Priory,

St Katherine’s Road,


EX4 7JY.


Email Address:

Website: St Katherines Priory

Stoke Hill Community Association

Registered Charity No: 283907


Stoke Hill Community Association (hereafter SHCA) manages St Katherine’s  Priory, St Katherine’s Road, Exeter, EX4 7JY as a multi-use, multi generational community centre that is widely used by the people of Stoke  Hill and surrounding areas.

Our constitution identifies our object as:

To promote the benefit of the inhabitants of Stoke Hill and the  neighbourhood without distinction.

To advance education and provide facilities in the interests of social  welfare for recreation and leisure-time occupation with the object of  improving the conditions of life for said inhabitants.

To this end we organise SHCA events and also hire out our facilities to a  range of organisations, and in doing this we necessarily collect and hold  information.

We recognise our responsibility in complying with current General Data  Protection Regulation (GDPR) and any associated legislation.


Data Protection Statement 

  1. SHCA is committed to the current General Data Protection Regulations.
  2. SHCA will ensure that all personal data that it holds will be:  • processed lawfully, fairly and in a transparent manner; • collected for specified, explicit and legitimate purposes and not

further processed in a manner that is incompatible with those  purposes;

  • adequate, relevant and limited to what is necessary;
  • accurate and kept up to date;
  • kept in a form which permits identification of data subjects for no  longer than is necessary;
  • processed in a manner that ensures appropriate security of the  personal data, including protection against unauthorised or unlawful  processing and against accidental loss, destruction or damage.
  1. SHCA has therefore adopted the procedures set out in this Data  Protection Policy in accordance with statutory guidance.
  2. SHCA is committed to:
  • Building a data protection culture where staff, volunteers, members and facility users know how they are expected to treat personal  information;
  • Implementing a procedure for dealing with concerns regarding data  protection.
  1. SHCA is not responsible for the protection of personal information  gathered by non-SHCA users of SHCA facilities.


Systems, Purposes and Processing  

SHCA will obtain, hold and process personal data in accordance with current GDPR for the following lawful purposes:

  • Trustees, Council members and Executive Committee members. (name, contact details, emergency contact details).
  • Membership

(name, contact details, date of birth).

  • Volunteers

(name, contact details, emergency contact details).

  • Hirers

(name, contact details).

  • Individuals are not obliged to provide any personal details, though failure  to do so may affect ability to access all services.
  • We will manage information solely for the purpose(s) that it has been  collected, providing individuals with information about SHCA activities and maintaining health and safety.
  • Information will be held securely and only accessed by the appropriate  Executive Committee member. The Chair and Secretary will have access  alongside Membership, Bookings and specific activities Lead Persons.
  • We may disclose information if required by law or to enforce our legal  rights.
  • Information will be reviewed annually in line with membership renewal  and AGM cycles, at a change in individual circumstances or at the  request of the particular individual. Personal information will be deleted  when no longer required for a specified, explicit and legitimate purpose.
  • Individuals will have reasonable access to the personal information that  they have provided. This can be accessed through contacting the SHCA  Secretary, in writing/email.
  • At any time should an individual want to have their personal information  removed this can be done through contacting the SHCA Secretary, in  writing/email.
  • If an individual feels that their right to privacy has been infringed this  can be addressed through contacting the SHCA Secretary, in  writing/email. Individuals also have a right to lodge a complaint with the  data protection authority, the ICO.



All staff and volunteers have a responsibility to follow the guidance laid  out in this policy and related policies, and to pass on any related concerns  using the required procedures.

We expect all staff and volunteers to promote good practice by being an  excellent role model, contribute to discussions about data protection and to  positively involve people in developing safe practices.

Additional specific responsibilities 

Trustees have responsibility to ensure compliance with current Data  Protection legislation and associated government guidance.

The Designated Data Protection Lead is the SHCA Secretary. This person will  lead the SHCA response to any allegation of a breach of GDPR.

Communicating the Data Protection Policy 

SHCA will make staff, volunteers, members and facility users aware of the  Data Protection Policy through the SHCA website, on-site in the Policies and  Procedures file and through letting agreements.



This policy will be reviewed annually, and more often if required if there are  changes in circumstances or legal requirements.

This policy will be reviewed by the Data Protection Lead and presented to  the full Executive Committee and Trustees meeting for agreement.

This policy was last reviewed on: 14th April 2021

Signed: Tim Payne (Interim Chair)

(SHCA Secretary) 

Date: 14/04/2021


Hire our venue for your party or event.