This privacy notice provides information on how Kingston LGBT Forum processes your personal data in regards to NHS Test and Trace.
Important information and who we are
Kingston LGBT Forum is the data processor who processes your personal data on behalf of NHS Test and Trace. NHS Test and Trace are responsible for your personal data.
Kingston LGBT Forum has appointed a data protection officer (“DPO”). If you have any questions about this privacy notice or our data protection practices please contact the DPO.
Our full details are:
Full name of legal entity: Kingston LGBT Forum
Name of DPO: Charlie Parker
Email address: firstname.lastname@example.org
Postal address: Kingston LGBT Forum, c/o Tudor Lodge, Oakhill Road, Surbiton, KT6 6EH
The data we collect about you
We may collect, use, store and transfer the following data about you:
- Your name;
- Your phone number;
- Your email address;
- The date you attended our event;
- The time you arrived at our event; and
- The time you left our event.
How we use your personal data
We will only use your personal data for the purpose for which we collected it. The purpose for which we collect your data is to send it to NHS Test and Trace where they request it from us. We process your data under the legal basis of having your consent to do so.
How we share your personal data
We may share your personal data with NHS Test and Trace. You can find more information about NHS Test and Trace here.
We may also share your data with Google LLC who provide the online software (Google Drive, Google Forms and Gmail) that we use to collect and store and share your data. We require Google LLC to respect the security of your personal data and to treat it in accordance with the law. We do not allow Google LLC to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Google LLC is based outside of the European Economic Area (“EEA”) and so their processing of your personal data will involve a transfer outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring we use a specific contract between us and Google LLC, approved by the European Commission, which gives personal data the same protection it has in Europe.
How long we keep your personal data
We will only keep your personal data for 21 days after the event that you attend, after which we shall erase your personal data. You can request that we erase your personal data sooner by contacting our DPO.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk).
Particularly, you have the right to:
- Request access to your personal data;
- Request that we correct your personal data;
- Request that we erase your personal data;
- Request that we restrict the processing of your personal data;
- Request that we transfer your personal data to you or to a third party; and
- Withdraw your consent to us processing your personal data, at any time.
If you wish to exercise any of these legal rights, please contact our DPO.