CoderDojo Ham, an unincorporated association usually meeting in facilities provided by Kingston University on the Penrhyn Road Campus ("we", “us” or “our”) is committed to protecting and respecting your privacy.
For the purpose of data protection legislation in the UK, we are the controller of personal data.
The categories and source of personal data we process, and our purposes for doing so
We process the following categories of personal data for the following purposes:
Event Registrations: Information that you provide to us when registering to attend an event organised by us (“Event”) includes your name and email address (“Event Registration Information”). You may also provide us with your child’s gender indirectly by registering to attend a female-only Events, and we store this data in line with our data retention policy set out below. We need your Event Registration Information to administer requests by you to attend events organised by us and your participation at such events and to communicate with you should we need to about your attendance at such events, and we have a legitimate interest to process this personal data for the purposes of providing the Services to you.
Direct Marketing: We may also use your Event Registration Information to send direct marketing to you to keep you informed of events, programmes and online materials made available from us and by the wider CoderDojo movement from time to time (which is a network of Dojos offering coding clubs and coding-related products and services) where we are legally permitted to do so or where you have consented to receiving direct marketing from us. Where we process your information for direct marketing, we are relying on your consent as a means to process your information where legally required to do so.
Event Photographs and Video Footage: We may take photographs and/or video footage of those attending one of the Events. We do this to promote us, the Dojos and the Events. We will only take photographs and/or video footage containing your image if we have your consent, which we seek to obtain from you when you register to attend the Event. In these circumstances, we are relying on your consent as a means to process your information where legally required to do so.
Correspondence: If you contact us, we may keep a record of this correspondence for the purposes of processing any request, comment or complaint that we may receive from you. We have a legitimate interest to process this personal data in order to respond to such request, comment or complaint.
Website Access and Cookies: We use “cookies” to monitor site user traffic patterns and site usage (such as how a user accesses our website, including individual pages of our website, and any requests made through our website by a user). This helps us to understand how you use our website so that we can develop and improve the design, layout and functionality of the site. We may be able to identify an individual device and therefore an individual from this information. A cookie is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website. You can normally alter the settings of your browser to prevent acceptance of cookies. If you do not want us to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a web site tries to put a cookie on your computer. However, rejecting cookies may affect your ability to use some of the functionality of our website.
We are required to comply with certain legal and regulatory requirements when providing our Services and we may process personal data in order to comply with those requirements, which may include reporting and monitoring obligations. We may process your personal data where necessary to comply with such legal or regulatory obligations, to which we or regulators or law enforcement agencies are subject.
Who we may share personal data with (recipients or categories of recipients of the personal data)
We do not sell mailing lists to third parties for their marketing purposes.
Where required or permitted by law, information may be provided to others, such as regulators and law enforcement agencies.
Cross border transfers of personal data
We will not transfer your personal data outside of the UK, except to our third parties that we have instructed to help us provide the Services to you, including in particular that we use our Google drive account to store your data, which may be in any one of its geographically distributed data centres as part of its cloud platform. In the case of these transfers, we will use reasonable efforts to put in place appropriate safeguards to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission, or where applicable, relying on a Privacy Shield certification where the transfer contains a US entity. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the Privacy Shield for US companies.
If there are any other circumstances which would require us to transfer your personal data outside of the UK, we will seek your consent to transfer your personal data outside of the UK. In the event of such a transfer, where applicable, we will put appropriate safeguards in place to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission, or where applicable, relying on a Privacy Shield certification where the transfer contains a US entity.
The period for which the personal data will be stored or the criteria used to determine that period
We store personal data in line with legal, regulatory and best-practice requirements.
We keep your personal data, including information and correspondence collected by us or provided to us for a period of 6 months after you register to join our email list or after you attend one of our Events.
As a result of us processing your information, you have a right to:
to access personal data held about you;
to request us to make any changes to your personal data if it is inaccurate or incomplete;
to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;
to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your request prior to entering into a contract with us and the processing is carried out by automated means;
to object to, or restrict, our processing of your personal data in certain circumstances;
to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
to lodge a complaint with a data protection supervisory body, which at present, is the Information Commissioner’s Office.
To exercise any of your rights set out above, including to withdraw your consent where we have stated we are processing your personal data based on your consent, please contact us at firstname.lastname@example.org