Data protection policy

Thames Explorer Trust takes the protection of data very seriously. Where possible we try to use information which is already in the public domain and freely available on the internet. We only collect personal data when this is necessary to ensure the safe and smooth running of our activities or where explicit permission has been given for other purposes.

Data policy 2018

We teach people about the River Thames so that everyone can take part in planning a healthy future for the river. We want to give people from all parts of the community opportunities to enjoy the river – on the towpath, on the foreshore and on boats. We operate across the tidal Thames from 11 partners’ sites and employ a range of staff to deliver our educational activities.

How we collect personal data

Schools and universities
When you complete a booking request form
When you email us with an enquiry
When you call us on the telephone and give us your details
When you sign up to receive our termly newsletter or other special email notices

The general public
When you make an online booking through Eventbrite to take part in one of our activities
When you email us to enquire about our activities

Other data
We also compile databases for marketing purposes from sources such as websites which are in the public domain.

Why we collect personal data

General data

Thames Explorer does not store data without a legitimate purpose. Most of the data we collect does not identify an individual and refers to an organisation or general position within that organisation ie office@willimanspartners.zl We collect this data for several purposes:

  • To enable us to fulfil our contractual obligations for instance when processing a school booking or when taking part in one of our family or adult education sessions.
  • To enable us to fulfil our obligations to charitable funders. Usually this will be in the form of collated data which does not identify an individual.
  • To comply with the record keeping requirements of government organisations including Companies House and the Charities Commission.
  • To enable us to satisfy the requirements of our financial inspection at the end of each year.
  • To enable us to pursue our legitimate interest ie inform relevant organisations of our activities by email or through postal advertising.

Personal data

Thames Explorer only stores personal data where it is necessary for the following purposes:

  • To enable us to fulfil our contractual obligations for instance the lead teacher’s name and mobile number to ensure a school trip runs smoothly or the contact details of the person who has booked places on one of our family or adult education sessions.
  • To enable us to fulfil our obligations to charitable funders. Permission to share personal data will be obtained from the individual concerned.

Information sharing

Thames Explorer never shares personal information with other parties for the purpose of advertising or promotion. Thames Explorer may use third-party data processors to store information on servers in different parts of the world i.e. cloud drives or event booking services. Where this is the case we have agreements to ensure your data is safe and secure and not shared with other organisations. Where personal information needs to be shared by us it is expressly for the following reasons:

  • To ensure that our teaching staff are fully aware of the needs of individuals
    To ensure our staff can make provision for and carry out their responsibilities safely
  • Where our third-party partners require this information for the safe running of our activities under their operation eg The Museum of London, The London Museum of Water and Steam etc
  • To comply with any legal requirements.

Retention of data

Thames explorer retains data only as long as is necessary or if express permission has been granted to retain it longer for instance if somebody wants to keep in touch with us via our newsletters. We retain:

  • Publicly accessible data such as the address and telephone number of a school or other organisation for up to 7 years in order to comply with HMRC requirements.
  • Personal information i.e. where a named person has supplied a personal mobile telephone number or personal email address or provided personal details for instance information regarding disabilities etc will be stored only for as long as necessary to carry out our contractual obligations. In the case of school visits or family or adult education trips, personal data will be destroyed within one month of the trip taking place and once full payment for services has been received.
  • Names and email addresses of individuals will be retained for up to 2 years if consent is given in writing to Thames Explorer by for instance opting into our newsletter bulletins or by giving written permission for us to keep in contact.

Methods of data storage

Thames Explorer may store data in several ways:

Paper records:

  • Records relating to financial transactions will be stored for up to 7 years to comply with HMRC regulations.
  • Paper records containing generally accessible information i.e. information which is in the public domain may be stored for up to 7 years again to comply with HMRC regulations.
  • Paper records with personal information i.e. name, address, telephone number etc will be shredded within 30 days of their intended collection purpose.

Electronic records:

  • Records relating to financial transactions will be stored for up to 7 years to comply with HMRC regulations.
  • Electronic records not relating to financial transactions and which contain personal information will be removed from our servers within 30 days of their intended collection purpose.
  • Electronic databases of email addresses which we use to keep in touch with schools and individuals will be encrypted and stored on our own and/or on remote servers.
  • Thames Explorer has agreements with third-party operators not to share personal data and that any data provided by users is stored in a safe and secure fashion. For details of Eventbrite security procedures please visit: www.eventbrite.co.uk

Right to access, remove or correct personal information

You have the right to request a copy of the information we hold about you. Requests should be made in writing by emailing: info@thames-explorer.org.uk and will be responded to as soon as possible and at latest within 30 days of receipt.

You can ask to have your details removed from our databases at any time by:

  • contacting us via email to info@thames-explorer.org.uk
  • by using the opt out buttons on our newsletters and promotional emails
  • by telephone request to our office (020) 8742 0057

We will remove your details within two weeks of receipt of your request.

Data breach

In the event that we believe our security has been breached we will do the following:

  • The data protection officer will assess the nature and extent of the breach.
  • If the breach is deemed to be significant the trustees will be informed and if necessary an emergency meeting held.
  • If the breach is deemed to put individuals at risk the people affected will be informed.
  • If the breach is deemed to put individuals at significant risk the ICO will be informed through their reporting process and the individuals will be contacted.
  • A report will be complied outlining how the breach happened along with recommendations for the future.

Organisations recommended by us

If we refer you to another organisation we recommend that you read their privacy and security policies to ensure that they meet your requirements as they may differ from ours.

Contact details

Data protection officer: Simon Clarke simon@thames-explorer.org.uk

Register of Systems: Processes and asset register located at our head office In Chiswick.