36 Forestreet, Totnes
office@themansiontotnes.org
Book a Space
Get Involved

Events:

View All

KING EDWARD VI COLLEGE SITE FOUNDATION

GDPR & Data Protection Policy 

The policy below is written to support the King Edward VI College Site Foundation (KEVICSF) in delivering its charitable object as outlined in its constitution;

To ensure that the premises of the King Edward VI School Site Foundation are used as a centre for the provision of facilities for the promotion of further education of the inhabitants of Totnes and subject thereto for the meetings, lectures, classes, physical exercise and other forms of recreation and other leisure time occupation in the interests of social welfare with the object of improving the conditions of life for the said inhabitants.

1. Introduction

The Mansion in Totnes is committed to protecting the rights and privacy of individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy sets out how we collect, store, use and protect personal data. It applies to all staff, trustees, volunteers, tenants, tutors, and anyone else whose personal data we hold.

2. Who We Are

King Edward VI College Site Foundation, located at The Mansion in Totnes, is a Charitable Incorporated Organisation (CIO) that provides community spaces and activities. We act as a Data Controller for the personal data we collect and use.

3. What Personal Data We Collect

We collect and process the following personal data:

  • Names 
  • Email addresses 
  • Phone numbers 
  • Postal addresses 
  • Invoices (including bank details) 
  • Public liability insurance documents (if applicable) 
  • Additional information for employees and trustees, depending on role and legal requirements
4. Whose Data We Collect

We collect data from:

  • Tenants (who rent rooms or spaces) 
  • Tutors and workshop leaders (room hirers) 
  • Volunteers 
  • Employees 
  • Trustees
  • Contractors 
  • Mailing list subscribers
5. How We Collect Data

Personal data may be collected through:

  • Website forms 
  • Email communication 
  • Phone calls 
  • In-person contact 
  • Google Forms 
  • Paper forms (occasionally)
6. How We Store Data

Most personal data is stored securely in our Google Drive system, which has restricted access. Some data may also be stored in:

  • Google Forms 
  • Email accounts (temporarily) 
  • Paper format (rarely and securely stored) 

We use accounting software that holds relevant financial data and is accessed only by authorised personnel, including our external accountants.

7. Lawful Bases for Processing Data

We process personal data under the following lawful bases, as defined in Article 6 of the UK GDPR:

  • Consent – for inclusion in mailing lists, sharing photos, or publishing contact details 
  • Contract – where we have a rental or employment agreement in place 
  • Legal obligation – for employment, financial or trustee-related data we must hold 
  • Legitimate interests – for communication and administration necessary to operate our charity
8. Data Sharing

We do not sell or share personal data with third parties for marketing purposes. However, we may share data with:

  • Our external accountants (for financial processing) 
  • Our website, newsletter or social media (with explicit consent) 
  • Legal or regulatory bodies, if required by law
9. Photos and Videos

We sometimes take photos and videos at events for use on our website and social media. We always inform participants beforehand and seek consent where needed. Individuals can opt out of appearing in promotional materials at any time.

10. Mailing List

We run a mailing list for those who have opted in to receive updates about The Mansion. You can unsubscribe at any time using the link in our emails or by contacting us directly.

11. How We Protect Your Data

We take data security seriously. Measures include:

  • Password-protected and access-controlled Google Drive 
  • Limited sharing of documents 
  • Paper documents stored securely 
  • Data minimisation (only collecting what is necessary) 
  • Regular reviews of what data we hold and why
12. Data Retention

We keep personal data only as long as necessary:

  • Financial data: 6–7 years (required by law) 
  • Employee and trustee records: up to 7 years after leaving 
  • Tenant and tutor records: up to 2 years after final contact 
  • Mailing list: until you unsubscribe 
  • Photos/videos: until they are no longer relevant or you withdraw consent 

Data no longer needed is deleted or securely destroyed.

13. Your Rights

Under data protection law, individuals have the right to:

  • Access their personal data 
  • Request correction of inaccurate data 
  • Request deletion of data (in certain cases) 
  • Object to processing 
  • Withdraw consent at any time (where applicable) 
  • Lodge a complaint with the Information Commissioner’s Office (ICO) 

To exercise any of these rights, please contact us (details below).

14. Data Breaches

If a data breach occurs that risks individuals’ rights or freedoms, we will report it to the ICO within 72 hours and inform affected individuals where appropriate.

15. Who is Responsible for Data Protection?

A trustee will be assigned as the lead for data protection compliance. Day-to-day responsibility is shared by staff and volunteers handling personal data. All are expected to follow this policy and report any concerns promptly.

16. Contact Us

If you have any questions about this policy or your personal data, you can contact us at:

The Mansion, 36 Fore Street, Totnes, Devon
Email: office@themansiontotnes.org