top of page
Olive Green and White Botanic Restaurant Logo (4)_edited.png

The Hub @ Toothill
Privacy Policy

Document Title: Privacy Policy
Author: Joanne Vertannes
Reviewed by: The Board of Directors
Date of Issue: 23 September 2025
Version: 1.1

1. Introduction

The Hub @ Toothill is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information, in line with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By providing your name, email, or any personal information to us, including through surveys, service registration, or other communications, you consent to the practices described in this policy.

2. Scope

This Privacy Policy applies to:

  • All users of our services, including survey respondents and service users.

  • All staff, volunteers, and contractors handling personal data.

  • All personal data held digitally or in paper form, including data processed by third-party providers on our behalf.

3. Personal Data We Collect

Service Users:

  • Name / Organisation name

  • Contact information (email & phone)

  • Billing address

Survey Respondents:

  • Sex / Gender

  • Age or age group

  • Other relevant personal or demographic information

Purpose of Collection:

  • Provide services and support

  • Communicate updates and information

  • Improve services through surveys and feedback

  • Manage billing and compliance

Sensitive Data:
Sensitive personal data (e.g., health information, safeguarding data) is only collected when necessary and is stored securely.

4. How We Use Your Personal Data

We use your personal data for:

  • Delivering services and support

  • Responding to enquiries and survey feedback

  • Administrative purposes, including billing and reporting

  • Improving our services

We only process personal data when we have a lawful basis, such as your consent, contractual obligations, legal obligations, or legitimate interests.

5. How We Share Your Data

We do not sell or share your personal information for marketing purposes. Personal data may be shared only when necessary:

  • Safeguarding & Child Protection: With Swindon Borough Council or statutory safeguarding bodies to ensure safety and welfare.

  • Service Delivery: With trusted contractors or suppliers to provide services or manage payments.

  • Community Engagement & Surveys: Aggregated or anonymised information may be shared with partners to support surveys, research, or community projects.

All data sharing is done securely and in compliance with GDPR.

6. How We Store and Protect Your Data

Your personal data is stored securely:

  • Digital Records: Encrypted and held on trusted platforms (Microsoft 365, G-Suite, Wix, Capsule CRM).

  • Paper Records: Stored in locked storage and shredded when no longer needed.

  • Access is restricted to authorised personnel.

  • Regular security measures, backups, and reviews are in place to prevent unauthorised access, loss, or breaches.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined or to comply with legal obligations. Example retention periods:

Data TypePurposeRetention PeriodNotes

Service User Name & Contact InfoCommunication & service provision6 years after last contactAccounting/contract compliance

Billing Information / InvoicesFinancial records7 yearsHMRC compliance

Survey Responses (non-identifiable)Research & service improvement5 yearsAnonymised where possible

Survey Responses (identifiable)Service improvement / reporting3 yearsStored securely

Staff / Volunteer RecordsHR, payroll, compliance6 years after leavingIncludes DBS checks & references

Health / Sensitive DataService-specific needsDuration of service + 3 yearsStored securely

Data beyond retention periods will be securely deleted or anonymised.

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion (“right to be forgotten”) subject to legal obligations

  • Restrict processing temporarily

  • Receive data in a portable format

  • Object to certain processing, including direct marketing

  • Challenge automated decisions (not currently used)

Requests should be sent to: contact@toothillhub.co.uk. We will respond within 28 days.

If you believe your data has been mishandled, you also have the right to complain to the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk/
Phone: 0303 123 1113

9. Children’s Data

We only collect personal data from children under 13 (or local equivalent) with parental or guardian consent.

10. Online Data and Cookies

Personal data collected through online forms, surveys, or newsletters is handled in accordance with this Privacy Policy. Cookies may be used to improve your experience; details are provided on our website.

11. Data Security and Breaches

We implement measures to protect personal data from unauthorised access, loss, or damage.
Any suspected breach will be reported to the Data Protection Lead immediately, investigated, and, if necessary, reported to the ICO within 72 hours. Affected individuals will be informed if their rights or freedoms are at risk.

12. Changes to This Policy

This Privacy Policy will be reviewed at least annually or when significant changes to processing activities or legislation occur.

Contact Us:
For questions, concerns, or to exercise your data rights, please contact:
Email: contact@toothillhub.co.uk

Olive Green and White Botanic Restaurant Logo (1)_edited_edited.png

SUBSCRIBE TO OUR NEWSLETTER

bottom of page