Data Protection Policy


(Charity No. 274464)

Englefield Road, Theale, Reading RG7 5AS


Policy information



Scope of policy

Theale Village Hall, address as above.

Policy operational date

25th May 2018

Policy prepared by

Mrs Susan Haines, Secretary

Date approved by Board/ Management Committee

23rd July 2018

Policy review date

23rd July 2021




Purpose of policy


The purpose of this policy is to comply with the law and follows good practice.  This policy protects hirers’, members of staff, the trustees and the organisation.


Policy statement


We commit to comply with both the law and good practice and respect individuals’ rights.  We will be open and honest with individuals whose data is held.


Our Secretary has attended training for GDPR and will support and inform trustees in this matter.


Key risks


Names, addresses and contact details of hirers are kept by the Secretary only.


Contact details of hirers are kept in a locked cabinet which is accessed by the Secretary only.


List of hirers data retained


Name and address of private hirer, organisation, company or individual/leader of any group,


Email address of individuals, organisation, company or leader of a group.


Telephone/mobile numbers for individuals, organisations, companies or leaders of groups.


If bank details are provided by hirers, for the purpose of refunding deposits, these are deleted after the Secretary has completed the transaction.






The trustees have overall responsibility for ensuring that the organisation complies with its legal obligations.


Staff & volunteers


The Secretary is responsible for keeping contact details of hirers, suppliers and trustees.


Staff, volunteers and trustees should be required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.



Understanding of confidentiality


The Secretary is the only person who has access to the contact details of hirers.  This information is not shared with the trustees or any other third party.


Communication with other parties


Hirer’s names and the reason for hire are the only details shared with another staff member.

Contact details of hirers who book the bar service, provided by Theale Club for their event, will give their permission for contact details to be passed to Theale Club by signing a Data Protection Agreement slip as well as completing the Bar Hire Form provided by Theale Village Hall on behalf of Theale Club.





Security measures


The Secretary holds the passwords for access to the Village Hall email address, website and the Charity Commission.

Copies of the hall booking forms and contact details for the trustees are kept in a locked cabinet.


Business continuity

Specific risks


The Secretary works from home and all contact details provided by hirers are kept in a file in a locked cabinet.

Any personal information, such as addresses and bank details sent by email to the Secretary are deleted from the computer after use.  The only data held and backed up are copies of Invoices to regular hirers.  Some regular hirers are companies and some are individuals.  Permission has been obtained from our regular hirers to allow us to retain their contact details.


Personal safety


We have one member of staff who works alone on the premises.  They are provided with a personal alarm for use in emergencies, they also carry their own mobile phone.




Data recording and storage



Contact details are sometimes taken over the telephone. Any details written down are shredded when dealt with.




Any information that we are required to retain is stored in files either in a locked filing cabinet or a locked cupboard.


Retention periods


We are required to keep all booking forms for 12 months after the hire date.  Invoices are retained for 6 years and then shredded.  Emails are deleted after the hire date or when enquiries have been answered, if no longer required.





The Secretary holds a list of business contacts who carry out work on the Village Hall or assist with the running of the hall.


We will not share any personal information/contact details with any third parties.





Underlying principles


We will obtain written consent from individuals/organisations who hire the hall on a regular or one-off basis.


Forms of consent


All hirers will be given an Agreement Slip to sign.  Agreement slips from one-off hirers will be destroyed (shredded) with their booking form, 12 months after the hire date.

Regular hirer’s Agreement slips will be retained for as long as the individuals or organisations hire the hall.  The only personal data on the Agreement slip is a signature.





Policy review


Trustees and the Secretary.


The Policy review will be discussed at the April 2021 meeting.