The Lord’s Taverners Limited (“the Charity”), which includes the Lady Taverners, Lord’s Taverners Kit
Recycling Limited, Brian Johnston Memorial Trust and Lord’s Taverners Enterprises Limited regards
the protection and respect of personal information as one of its fundamental commitments.
The purpose of this Privacy Policy (together with other documents that may be published from time
to time such as Terms and Conditions and other policies referred to herein) is to set out the basis on
which any personal data that we either receive from you, or we receive in respect of you from a third
party, is managed by the Lord’s Taverners Limited.


Queries and Who to contact
The Data Controller, the organisation that is ultimately responsible for managing the personal data
held by the Charity (which includes the Lord’s Taverners, the Lady Taverners, Lord’s Taverners Kit
Recycling, Brian Johnston Memorial Trust and Lord’s Taverners Enterprises Limited) is the Lord’s Taverners Limited (Company Number 582579) of 90 Chancery Lane, London, WC2A 1EU.
The Lord’s Taverners appoint a Data Protection Officer who is responsible for overseeing questions
relating to this Privacy Policy and how it is implemented. If you have any questions or concerns arising
from the Policy, or wish to exercise your rights in relation to data protection then this would be your
first point of contact:
Tim Berg, Chief Operating Officer
Lord’s Taverners
90 Chancery Lane, London WC2A 1EU
tim.berg@lordstaverners.org


Changes to this Privacy Policy
We review the Privacy Policy from time to time in the light of current legislation, practices and
guidelines and any updates to this policy will be reflected on this page and, where relevant, may also
be emailed to you. We would recommend that you refer to this policy periodically to see any changes
or updates to the policy.
Date last updated: 24th May 2018


Introduction
The Lord’s Taverners hold personal data in relation to a wide range of individuals and more detailed
information on some of those categories (Members, Beneficiaries, and Supporters) is available to you
at the end of this document. There are some fundamental principles that we apply to every category
of individual and these are set out as follows.


What is Personal data?
Personal data is defined as any information relating to an identifiable person who can be directly or
indirectly identified in particular reference to an identifier. It includes digital, paper, and image based
data.
Indirect identification refers to the fact that if personal information that we hold, when matched with
other information held, can then lead to the individual being identified then it is personal data.
Information that we may hold about you is dependent upon the purpose for which such information
is held, and broadly would fall into one of the following categories:

  • Identification – name, date of birth, gender, identification number (such as customer number or Membership number)
  • Contact – address, email, telephone, and mobile numbers
  • Financial – bank or other information to be able to process financial transactions as required
  • Activity - being transactions undertaken, events attended, and other interactions with us
  • Profile – interests, history of support for the Charity, and survey responses
  • Communications – how you would like marketing and other information provided to you.


Processing of personal data
We do not process personal data against third party databases for the purposes of profiling, gathering
additional personal data, or other similar purposes. We may from time to time perform ad-hoc
activities, for example to verify the existence of postal addresses against the anonymous Royal Mail
database where posted information has been returned as undeliverable, or to review the Honours list
to see whether we identify supporters who have been recognised.


Sharing personal data
We do not share personal data with third parties for commercial purposes. In particular we do not
share your personal data with our programme partners or our event sponsors unless we gain your
specific consent so to do.


We do share your personal data for administrative purposes and fulfil our commitments to you.
Further details are included in each of the categories of individual, however in general this sharing will
be with mailing houses, our bank (to facilitate payments for example), Electoral Reform Services (for
mailing and also administration of Annual General Meetings), and other similar organisations.

Any organisation with whom we share your personal data is required to have a written agreement
with us confirming their compliance with current legislation relating to the management of personal
data including the General Data Protection Regulations (“GDPR”) 2018.


Keeping your personal data
We will only retain your personal data for as long as is necessary for us to fulfil the purposes for which
it was collected. How long that period of retention should be is a matter of judgment, and in
considering this period we take into account a number of factors:
• The nature and sensitivity of the data we hold;
• The risk of harm from unauthorised use or disclosure;
• The purposes for which we gathered your data;
• Applicable law;
• Our obligations to maintain its accuracy.


Where the data is related to financial transactions there is an obligation under law to retain certain
identifiable information for at least six years currently.


We may anonymise your data (for example where we wish to aggregate historic data for statistical
purposes), at which point it is no longer personal data as it cannot be attributed to an individual.


Sensitive Personal Data
We may request from you Sensitive Personal Data (which may include information about Health,
Religion, Political Beliefs, Ethnicity, etc) which could be, for example, to note dietary requirements, or
provide more focussed information in relation to the impact of our charitable activities. We will always
gain your specific consent to retain this sensitive personal data on our systems, which will be
maintained securely.


Data Security
We take data security seriously and have in place a series of controls to prevent wherever possible
the unauthorised use, access or disclosure of your personal data, or its accidental loss.
We also restrict access to your personal data to those employees, officials, agents, contractors, and
third parties who have a requirement to know in order to fulfil their obligations within the
organisation. Where they have such access they do so under an agreement of confidentiality and also
based on instructions that we may provide either within a contract with those third parties or by direct
instruction.


Your personal data is stored on secure servers, either held by us or with third parties within a cloud
environment, with rotating password protection. Payment information (such as via banks) has highly
restricted access and credit card information, where transactions are processed by the Charity, is not
retained by us.


Where you make use of our webshop or other online services, which may involve you creating your
own password, you are responsible for keeping that password secure and confidential.

Your rights
As an individual you have a number of rights in relation to the personal data that we hold. The principle
rights are as follows:

  • To request correction of the personal data we hold about you. This enables you to have any
    incomplete or inaccurate data we hold about you corrected.
  • To request erasure of your personal data. This allows you to ask us to delete some or all of
    the personal data held by us about you where there is not a good reason for us continuing to
    hold that data. Such reasons could include legal requirements or contractual responsibilities.
  • To withdraw consent at any time to us using your personal data for the purposes for which it
    was originally passed to us. You should be aware that any use of your personal data prior to
    the date of withdrawal of consent remains a valid use and that subsequently you may not
    receive information about the organisation.
  • To access your personal data (known as a “data subject access request”). This enables you to
    receive a copy of the personal data we hold about you and check that we are lawfully
    processing it. Any such request should be directed to the Data Protection Officer. A basic
    request will not result in a fee unless your request is unfounded, repetitive or excessive. We
    may seek to verify your identity to ensure it corresponds with data we hold as a security
    measure, and generally we would look to respond within one month.


You have other rights to restrict or object to processing of personal data (which we do not undertake
other than for administrative purposes), and request the transfer of your data in a suitable format to
a third party (applies only to automated information).


Third Party links on our websites
Our websites enable individual users to click on links that take them to the website of third parties
such as sponsors, programme partners, affiliated organisations, and others. You should be aware that
that once you do this you will be subject to the privacy polices of those third party organisations and
we do not take any responsibility or liability for those policies. We therefore advise that you make
yourself familiar with those policies before you provide third party information to them.


Cookies and URLs (Unique Resource Locators)
We use cookies, URLs, and other similar user information for the purposes of providing statistical data
on the usage of our web and other digital channels. This data is quantitative and may include
geographic and other limited demographic information.
We do not use cookies or URL information for the purposes of identifying individual users, or for
providing a basis for a tailored experience to you.

Specific User Groups
Members
What information do we hold?
We will hold your contact information, name, address, email, telephone, and Membership number and status.
If you provide it we will also hold other information such as date of birth, interests, membership of our golf and
bridge societies, and other similar information.
Why do we hold it?
We hold your information under a contractual relationship – in return for membership of the Lord’s Taverners
and Lady Taverners you expect to receive information about the Charity, the events we run, charitable activities
that you can attend, and other similar information. In addition individuals who are Members of either the Lord’s
Taverners or the Lady Taverners are entitled, based on their membership category, to receive information about
AGMs / General Meetings, amendments to articles and Bye-laws, elections for Trustees or to Council, and other
matters of a governance nature.
Do we share information?
We only share your data with organisations for the purposes of undertaking the administrative functions that
go with the purposes outlined above. For example with Electoral Reform Services who manage our election
processes and mailing relating to the AGM, Trio who undertake events mailings, and Mailchimp who manage
our emails. Each organisation would have an agreement with us which sets out the basis on which information
is passed to them and limits their ability to use that data to administration only.

We also have traditionally shared our Member data with other Members – via the printed Members Handbook.
Individuals have opted out of having certain of their information included in the handbook.
In the light of GDPR we will be introducing a Members area to the website later in 2018, and it is within this
environment that Members will be able to securely look for contact details of Members.

We do not as a rule share personal data with any of our commercial partners. We may, for example, allow a
commercial partner to run a business card draw at an event and this would be clearly notified to those present
that in entering they would be passing their data to a third party.

Data Processing
We do not process your information against databases for the purposes of gaining additional demographic or
other information (for example in relation to wealth assessments, or at the database level to identify alternate
contact information). If we, or a mailing house, have difficulty with an address we may verify it against
anonymous Royal Mail or similar databases to establish that the address we hold it is in a recognisable form, or
that a postcode exists.

Although we would not process our databases against third party databases of company or trusts, if we become
aware that a Member may be connected to an organisation we have identified as being potentially interested
in our work, we may contact the Member for further information and/or guidance.

Sensitive Personal Data
Should we request information from you which would be classified as sensitive personal data (for example if
you have particular dietary requirements, or have issues around access to buildings) then we would seek your
express permission to retain that information on our system.

Beneficiaries
What information do we hold?
We will hold your name, date of birth, and contact information. In addition we will maintain information about
your attendances, survey results, participation, and information about your progress.

Why do we hold it?

We hold your information primarily for the purposes of evaluating how our charitable activity helps you develop
as an individual, the opportunities we are able to provide for you, and the way in which our activity may impact
upon your life and the lives of those around you.

This we regard as a legitimate interest in order to provide us with the relevant information to be able to
demonstrate the impact that our programmes have, and also to be able to refine and improve them to help
more current and potential beneficiaries.

We may also capture images of you participating in one of our programmes or benefitting from one of our
grants. Where we do so we do obtain either the consent of the school or organisation that we have participated,
or we obtain your direct consent to be able to retain and use those images.

If we look to create a case study, or have more prominent images of you that we wish to use as part of our
marketing and communications (either in paper or through digital channels) then we would obtain your express
written consent to the use of those images.

A number of our beneficiaries are defined as “children” under relevant legislation and where this is the case we
would seek consent wherever possible from parents, guardians or other close responsible adults where we
considered consent to be appropriate.

Do we share information?
Beneficiary personal data is shared with coaches who are involved in our programmes and are generally held
within programme management databases to enable us to retain and aggregate data about the impact that our
charitable activity has. These sorts of arrangements are under contracts which respect the confidentiality of
such data and do not permit the third party organisations to use the personal data for other purposes.
Unless we have specific consent (as in the event of, for example, a case study) we do not share personal data
regarding individual beneficiaries with third parties.

Data Processing

We do not process your information against databases for the purposes of gaining additional demographic or
other information in a manner whereby your data is identified. In evaluating the impact of our programmes we
may process anonymised data against third party databases in order to provide insight as to the impact our
charitable activity is having against general demographic background trends.

Sensitive Personal Data
A number of our programmes are designed to reach disadvantaged and disabled young people. As a
consequence we gather data on a regular basis in relation to you which would be regarded as sensitive – health,
background, religion, and other similar characteristics. This we do on the basis of our legitimate interest in
assessing the impact we have on the lives of those beneficiaries we support.

We pay particular attention to the security aspects of sensitive personal data within our overall attitude to
personal data.

Supporters and Donors (other than Members)
What information do we hold?
We will hold your contact information, name, address, email, telephone, and preferences to the extent we have
been given that information by you. This information would be passed to us (with the relevant consent) via a
range of means including, but not limited to, raffle tickets, business card draws, certain social media, business
cards, our websites, sponsorship of individuals participating in our challenge events, online donations, or other
similar activities.

Why do we hold it?
We hold your information for the purposes of communicating with you about our events and activities, about
our charitable programmes and to provide you with other news that we would consider relevant to the consent
that you have provided.

Do we share information?
We only share your data with organisations for the purposes of undertaking the administrative functions that
go with the purposes outlined above. For example Trio who undertake events mailings or Mailchimp who
manage our emails. Each organisation would have an agreement with us which sets out the basis on which
information is passed to them and limits their ability to use that data to administration only.

We do not as a rule share personal data with any of our commercial partners. We may, for example, allow a
commercial partner to run a business card draw at an event and this would be clearly notified to those present
that in entering they would be passing their data to a third party.

Data Processing
We do not process your information against databases for the purposes of gaining additional demographic or
other information (for example in relation to wealth assessments, or at the database level to identify alternate
contact information). If we, or a mailing house, have difficulty with an address we may verify it against
anonymous Royal Mail or similar databases to establish that the address we hold it is in a recognisable form, or
that a postcode exists.

Although we would not process our databases against third party databases of company or trusts, if we become
aware that you are connected to an organisation we have identified as being potentially interested in our work,
we may contact you for further information and/or guidance.

Sensitive Personal Data
Should we request information from you which would be classified as sensitive personal data (for example if
you have particular dietary requirements, or have issues around access to buildings) then we would seek your
express permission to retain that information on our system.

 

 

Cookies and URLs (Unique Resource Locators). We use cookies, URLs, and other similar user information for the purposes of providing statistical data on the usage of our web and other digital channels. This data is quantitative and may include geographic and other limited demographic information. We do not use cookies or URL information for the purposes of identifying individual users, or for providing a basis for a tailored experience to you.