1.1. We take the privacy of our Synagogue member’s personal information very seriously and we take reasonable care to comply with the requirements of the UK Data Protection Act 1998 (‘the Act’) and the 2018 General Data Protection Regulations. This relates to the personal information you (our members) supply to the Synagogue in order to be a member of Alyth.
1.2. This policy also relates to what we save on our database and in regard to what we use on our website, Facebook page and other social network and communication websites.
1.3. The legal basis for processing your personal data is that we have a legitimate interest in doing so. The legitimate interest being pursued is that as a community and membership organisation we need to hold a certain amount of personal data relating to our members so that we can manage membership and communicate with them appropriately about the Synagogue.
1.4. We are aware that religious beliefs are considered sensitive personal data. It follows that all of the data that we hold on our Jewish members is sensitive as it is an indication of their religious beliefs.
1.5. For the purpose of the Act, the Data Controller is the Community Director. The current main Data Processors are the Administrators of Alyth. The address of the Synagogue is Alyth Gardens, NW11 7EN.
2. Your Personal Data
2.1. The information we gather from you will include your name, address, email address, phone numbers, dates of birth, subscription rates, pastoral information, arrears and any other personal information you submit to Alyth on joining and over time.
2.2. We require this information in order that we can identify who you are, where you live, how we can contact you and other information that is required for membership i.e. proof of Jewishness or conversion.
2.3. We also include information about your children under the age of 18 years old which we need to hold in order to deliver the objectives of Alyth e.g. the advancement of Judaism through educational activities, B’nei Mizvot and future potential membership of the Synagogue.
2.4. As part of your membership you will be on our mailing list and we will send you weekly and monthly newsletters, calendars and announcements by email (using MailChimp) or post from time to time. From September, if you do not wish to receive such emails please update your subscription preferences on ShulCloud, the Synagogues database.
2.5. We might also use your personal data for the following purposes:
2.5.1. To ask you to take part in community activities for which you have volunteered (such as Kiddush, High Holy Days planning, security rotas etc) or to invite you to volunteer.
2.5.2. To meet pastoral and welfare needs, and to invite you to engage in community initiatives.
2.5.3. To inform you of fundraising activities or new initiatives that the Synagogue is organising.
2.6. Some data is shared with our lay leaders in order for them to perform tasks related to the running of the Synagogue. On leaving their post they are required to delete and destroy any contact information and data on members from their mobile phones, computers and tablets etc.
2.6.1. We will use the Information we hold to draw up and circulate lists of names towards the fulfilment of the key objectives of Alyth to practice and develop Judaism, e.g. wardens list for yahrzeit purposes and to promote the safety of Alyth members, e.g. the security rota. Should you wish for your name not to be disclosed on these lists, please contact the Data Processor at firstname.lastname@example.org.
2.7. We will not sell, distribute or disclose your Information without your consent, or unless required or permitted to do so, by law. Required sensitive personal information will be held by the Administrator, the Rabbi and other Officers as required. This information is kept secure by those who are in possession of it.
2.8. We keep backups of member’s data on a number of secure hard drives. One at the Synagogue and the other in the Cloud via our IT support contractors.
2.9. In order to help us communicate with you and to store data cost-efficiently, we use various third-party solutions, some of which store the data using cloud-based technologies. That means that personal data may be stored outside of the European Economic Area (EEA).
2.9.1. If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA by transferring to countries with privacy laws that give the same protection as the EEA.
2.10. We use Tass, Sage and Microsoft products for accounting purposes. We hold all of our member’s subscription history, addresses etc.
2.11. Where a member has submitted a Gift Aid form to the Synagogue we divulge information to Her Majesty’s Revenue Collectors about membership fees and donations paid to the Synagogue.
2.12. We do not retain member’s bank details on our database apart from the day of the month that the payments are made. Sage is used for storing account details. This information is passed onto the bank for the purpose of Direct Debit.
2.13. In respect of fees we pay to the Jewish Joint Burial Society on your behalf, your membership information (names, dates of birth, address, names and details of children under the age of 21 years old) is shared with them to allow them to carry out their duties.
2.14. We share your anonymised data with Reform Judaism for the purposes of demographic and statistical information. You have the option to share your personal and contact details with Reform Judaism so that they can communicate with you about their youth programmes and other major events. You have the right to opt in to this sharing of information (with Reform Judaism) at any time. From September you will be able to update your subscription preferences on ShulCloud, the Synagogues database. Before September please notify email@example.com. Click here to see the Movement for Reform Judaism’s
Information Sharing Policy.
3. Updating your Information and Retention
3.1. We regularly ask members via our newsletters to revise the information we hold on them in order that the information we hold is accurate. Should members not keep us informed of changes to addresses, phone numbers, new births, divorce or separation etc. we cannot be held responsible for acting on old data.
3.2. If you feel that any of your information is inaccurate or if it changes, from September, please update it on ShulCloud (the Synagogues database) or notify us by email at firstname.lastname@example.org. This includes addresses, phone numbers, email addresses, divorce, and separation, new births etc.
3.3. We will retain personal information for the legally required period, e.g. 7 years for Charity Commission requirements and HM Revenue and Customs (HMRC).
3.4. The Synagogues policy is to file and hold secure all membership papers and documents for members on the Server indefinitely unless requested otherwise. Details will also be kept on the Database.
3.4.1. A member that has terminated their membership can request to have these documents destroyed and to be removed from the database by contacting the Data Processor at email@example.com. Should this be requested it might present problems should you wish to consider re-joining the Synagogue or another Reform Synagogue sometime in the future.
3.4.2. Any information held by the Synagogue regarding arrears will be retained and passed on to another Synagogue if they request it with your membership documentation.
3.4.3. We keep the membership records of all members who die in a secure archive on the Server.
3.4.4. We keep a record of 18-year olds that do not join the Synagogue on reaching the age of 18 years unless requested otherwise.
4. Access to personal data
4.1. You have the right to obtain confirmation that your data is being processed and access to your personal data and to information corresponding to that in this privacy notice.
4.2. This information will be provided free of charge except where excessive, repeated or duplicate requests are made. In such a case a fee of £10.00 per hour to cover the costs of administration will be made. Such information will generally be provided electronically or by mail within one month of the request.
5. Internet and CCTV
5.1. Please remember that methods of Internet communication, such as emails and messages sent via a website, are not secure, unless they are encrypted. We take no responsibility for any unauthorised access or loss of personal information that is beyond our control.
5.2. We may provide links to other websites however we do not place personal data on our website other than names of new members and announcements of weddings, births and deaths. We do also include photographs and information regarding family events etc. We do not accept responsibility for the protection of any data included on our website and on social media sites.
5.3.1. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into the secure database, use a shopping cart or make use of e-billing services.
5.3.2. Analytical/performance cookies and third party cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
5.4. The Synagogue has a CCTV system which records activity on our grounds and in the Synagogue building. The purpose of the CCTV is for security and to help with any accidents and crime prevention.
5.4.1. The CCTV is primarily accessed by the Security, Caretaking and Reception teams to aid in their ability to carry out their daily tasks. The Synagogues Security Officer and Community Director have remote access to the CCTV system. The Community Security Trust have access to our CCTV system so that they can monitor and provide 24-hour security support.
5.4.2. The secure hard drive on the CCTV system is overwritten every 15 days.
6. Complaints about a data breach
6.1. When we receive a complaint from a person we will make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
6.2. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
6.3. We will keep personal information contained in complaint files in line with our Grievance Policy. Information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
7. Registering a data breach
7.1. In case of a personal data breach that is likely to result in a risk to people’s rights and freedoms, Alyth will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours.
7.2. High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. You will need to notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.
7.3. A breach notification must contain the nature of the personal data breach including, where possible:
7.3.1. The categories and approximate number of individuals concerned.
7.3.2. The categories and approximate number of personal data records concerned.
7.3.3. The name and contact details of the data protection officer or other contact points where more information can be obtained.
7.3.4. A description of the likely consequences of the personal data breach.
7.3.5. A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
Further information about the new GDPR can be found on the ICO’s website or through the link:
Last Updated: May 2018