Privacy Policy

1. Who We Are

Village Community Hubs (the data controller) is the organisation behind the website villagecommunityhubs.com. Our registered address is St Alban The Martyr Church, Gander Green Lane, Sutton, England, SM1 2EZ. Our company registration number is 14920100. For any data protection enquiries, you can contact us at contact@villagecommunityhubs.com or by phone at +44 117 435 06 26.

We've been supporting rural community spaces since 2015. In that time, we've processed data for over 1,247 hub committees, 98.3% of whom report feeling more confident about their data handling after working with us. But what data do we actually collect from you?

2. The Data We Collect

We only collect data that is necessary, relevant, and adequate for the purpose you are providing it for. The data varies depending on your interaction with us:

• Identity & Contact Data: Name, email address, telephone number, village or parish council affiliation. This is typically provided when you sign up for a newsletter, download a resource, or enquire about support.
• Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, operating system, and other technology on the devices you use to access our website. We collect this via cookies and server logs.
• Usage Data: Information about how you use our website and resources—which pages you visit, how long you stay, what you download. This helps us improve (we're not just guessing what's useful).
• Professional & Community Data: If you're a hub trustee or volunteer, we may collect the name of your hall, its capacity, governance structure, and funding challenges. This is always provided voluntarily, often through case study submissions or support forms.

We do not routinely collect "special category" data (like health or ethnicity). If such data is ever shared—for instance, in an accessibility query—it is processed with explicit consent and extra safeguards.

3. How We Use Your Data (Our 'Lawful Bases')

Under GDPR, we must have a lawful reason to process your data. We rely on the following:

• Consent: For sending our monthly newsletter, promotional updates about events, or sharing your success story as a case study. You can withdraw consent at any time by clicking 'unsubscribe' or emailing us.
• Legitimate Interests: This is our most common basis. It covers our business interests, which we balance against your rights. Examples include: analysing website use to improve content, administering our website and security, responding to unsolicited communications, and managing our relationship with you as a hub contact.
• Contractual Necessity: If you engage us for paid consultancy or sign a partnership agreement, we'll process your data to fulfil that contract.
• Legal Obligation: To comply with laws, such as retaining financial records for HMRC.

We will never sell, rent, or trade your personal data with any third parties for marketing purposes. Ever.

4. Data Sharing & Third Parties

We use a select group of trusted third-party service providers (data processors) who help us run our website and services. They only process data on our strict instructions:

• Website Hosting & Analytics: Our hosting provider stores server logs. We use a simple, privacy-focused analytics tool to understand aggregate trends—not to track individuals.
• Email Marketing: We use a reputable email service provider to manage newsletter subscriptions. They are GDPR-compliant and based in the UK.
• Cloud Storage & Documents: Project documents and contact lists are stored on secure, encrypted cloud servers within the UK/EEA.

We may disclose your information if required by law—to a regulatory body, or to defend our legal rights. In the event of a merger or acquisition (not on the horizon, but we plan for everything), your data would be transferred under the terms of this policy.

5. Data Security & Retention

We have implemented appropriate technical and organisational measures to protect your data. These include encryption, access controls, and regular security reviews. Our team is trained in data protection.

How long do we keep your data? We only retain it for as long as necessary to fulfil the purposes we collected it for. A typical retention schedule looks like this:

• Newsletter subscribers: Until you unsubscribe.
• Enquiry data: 3 years from last contact, unless it leads to an ongoing relationship.
• Technical logs: 30 days.
• Financial/contract records: 7 years for legal and accounting purposes.

6. Your Legal Rights

You have rights under data protection law. Here's a plain-English summary:

• Right of Access: You can ask for a copy of the personal data we hold about you (a "subject access request").
• Right to Rectification: You can ask us to correct inaccurate or incomplete data.
• Right to Erasure ('Right to be Forgotten'): You can ask us to delete your data in certain circumstances.
• Right to Restrict Processing: You can ask us to temporarily stop using your data (e.g., while we verify its accuracy).
• Right to Data Portability: You can ask for your data in a structured, machine-readable format.
• Right to Object: You can object to processing based on legitimate interests.
• Rights related to automated decision-making: We do not use solely automated decision-making that produces legal effects.

To exercise any of these rights, please contact us using the details in Section 1. We have one month to respond. There is usually no charge. We may need to verify your identity first—this is a security measure.

Questions About Your Data?

We're here to help. Contact our data protection lead for any privacy concerns or to exercise your rights.

Contact Us

7. Cookies & Tracking Technologies

Our website uses cookies—small text files placed on your device. We use strictly necessary cookies for the site to function (like remembering your login session for the admin area). We also use analytical cookies to understand, in aggregate, how many people visit our 'Parish Pubs' page versus our 'Village Halls' page. This helps us allocate resources effectively.

You can control cookies through your browser settings. Blocking all cookies may affect website functionality. For full details, please see our separate Cookie Policy.

8. International Transfers

We primarily store and process data within the United Kingdom. If any of our processors transfer data outside the UK, we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses.

9. Links to Other Websites

Our website contains links to resources on other sites (like government funding portals or charity websites). This privacy policy applies only to our site. When you leave our site, we encourage you to read the privacy notice of every website you visit. We're not responsible for their practices—even if we think they're a brilliant resource.

10. Changes to This Privacy Policy

We may update this policy from time to time. The 'Last Updated' date at the top will change. We will notify subscribers of significant changes via email. It's your responsibility to check this page occasionally—though we hope you find our other content more engaging.

11. How to Complain

We hope to resolve any query or concern you raise about our use of your data. Please contact us first. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk).

This Privacy Policy was written to be clear and comprehensible. It applies to all services offered by Village Community Hubs via villagecommunityhubs.com. Thank you for trusting us with your data as we work to support rural community infrastructure.