top of page

Privacy Policy

Please find the Privacy Policy for Community Tech Hub below.

 

Alternatively, download the agreement by clicking on the PDF icon.

Community Tech Hub CIC Privacy Policy – Plain and simple version

 

Community Tech Hub CIC exists to help people with technology, not to profit from their personal information. This summary explains in straightforward terms what we do with your details and why.  The full, legally required version is included after this.

 

What information we hold about you and why

When you become a member, book onto a course or event, or ask us for technical help, we need some basic details about you: your name, contact details, and information about what you've asked us to do. We use this purely to provide the service you've asked for, in the same way a doctor's surgery keeps your details to manage your appointments and treatment.

If you pay for membership, events, courses or support requests, we keep the financial records for six years because HMRC and company law require us to, just as any business or charity would.

We do not sell your data

We do not sell, rent, or pass your personal information to anyone for commercial purposes.

Who does see your information

A small number of trusted officers and any necessary volunteers within Community Tech Hub may see your details when they need to.  e.g. to confirm your membership or set up a course booking. We use a small number of well-known technology companies to run our system: Microsoft for email and our office systems, Wix and Squarespace for our website, Wix, Squarespace and SquareUp for card payments, Mailchimp for email newsletters and communications and Intuit QuickBooks for our accounts. These companies are legally bound to handle your data only on our instructions and to keep it secure.

Photographs and social media

We sometimes take photos or videos at events and courses. We will always ask your permission before taking or using any photo or video in which you are identifiable. If you say no, that is fine and will not affect your membership or participation in any way. You can also ask us to remove a photo at any time.

We also use social media, but we don’t share your details with these organisations unless you choose to use them yourself.

 

Emails and communications from us

If you are a member, we will contact you about events, courses, support requests and news that are part of your membership. This is part of what you signed up for. If you sign up for our newsletter, you can unsubscribe at any time. We will never bombard you with irrelevant messages.

 

Keeping your data safe

We only keep your information for as long as we genuinely need it. Most personal details are deleted two years after your last contact with us. Financial records are kept for six years as the law requires. We do not keep anything longer than necessary.

You are in control

You have the right to ask us what information we hold about you, to correct anything that is wrong, or to ask us to delete it. You can also ask us to stop using your information for marketing at any time. Just email privacy@communitytechhub.org and we will deal with your request promptly and usually within a month.

What if something goes wrong?

If you are ever unhappy about how we have handled your information, please contact us first and we will do our best to put it right. If you are still not satisfied, you can complain to the Information Commissioner's Office, which is the independent government body that makes sure organisations like ours handle personal data fairly and lawfully.

The bottom line

We are a small community organisation run by people who care about helping others with technology. We collect only what we need, keep it only as long as necessary, and never use it for anything other than helping you. Your trust matters to us far more than your data.

Community Tech Hub CIC  Privacy Policy – Full legal version

 

This privacy policy tells you what to expect us to do with your personal information.

 

For the purposes of the General Data Protection Regulation and UK data protection laws, the data controller is Community Tech Hub CIC, C/O DeVines, Bellefield House, 104 New London Road, Chelmsford, Essex, CM2 ORG and is a Community Interest Company registered with Companies House, Registered Company Number 15611691

Community Tech Hub CIC is registered with the Information Commissioner's Office under registration number ZB686830.  You can contact us at privacy@communitytechhub.org for any data protection queries.

 

Last updated

This Privacy Policy was updated on 30 June 2026.  We may update this Privacy Policy from time to time and encourage you to periodically review this for the latest version.

Contact details

Email: privacy@communitytechhub.org

What information we collect, use, and why

 

We collect or use the following information to provide the services and/or goods you have requested and/or your participation in our member’s council:

 

  • Names, phone numbers, addresses, email addresses and other contact details including of joint members

  • Information and details relating to memberships, enquiries, event and course bookings

  • Membership, event, course and other bookings or purchases and related history

  • Financial transaction information and invoices, bank information for transfers

    • Card payments are processed securely by trusted third parties Wix, SquareUp, and Squarespace on our behalf. We do not store your full payment card details. We retain transaction records linked to you to administer your membership and for accounting and legal purposes.  Where you pay by bank transfer, your name and bank account details may be visible to us via our bank statements. We retain these records for accounting and legal purposes only.

  • Social media interactions (Facebook, Instagram)

  • Communication history

  • Technical or other computer issues you are having, details of your computer system, internet provider and other relevant technical information needed to support you

  • Details of steps and actions performed to resolve computer issues

  • User consents and agreements

  • Information relating to compliments or complaints

  • Learning progress

 

We collect or use the following information to prevent crime, prosecute offenders, or defend against legal action:

  • All of the information listed to provide services and goods, including delivery

  • Website and related technical information and logs including information about your computer, operating system, user journeys, IP addresses, cookies (https://communitytechhub.org/cookie-policy), web beacons.  Non-essential cookies are blocked until consent is provided.

  • Criminal offence data (including Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks).  We maintain an Appropriate Policy Document as required by the Data Protection Act 2018 in relation to our processing of criminal offence data

 

We collect or use the following information for service updates, service improvement and research and analytics or marketing purposes:

 

  • All of the information listed to provide services and goods, including delivery

  • Website and related technical information including user journeys, IP addresses, cookies (https://communitytechhub.org/cookie-policy), web beacons.  Non-essential cookies are blocked until consent is provided.

  • User surveys and feedback on events and courses

  • Photographs or video recordings during events, courses and meetings

 

We collect or use the following information to comply with legal requirements:

 

  • All of the information listed to provide services and goods, including delivery

  • Website and related technical information including user journeys, IP addresses, cookies (https://communitytechhub.org/cookie-policy), web beacons.  Non-essential cookies are blocked until consent is provided.

  • Criminal offence data (including Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks).  We maintain an Appropriate Policy Document as required by the Data Protection Act 2018 in relation to our processing of criminal offence data

 

Lawful bases

 

Our lawful bases for collecting or using personal information to provide services and goods are:
 

  • Contract – to carry out the orders and requests you make of Community Tech Hub including your membership and benefits, access to the member’s area of the website, attending events and courses and delivering technical support

 

Our lawful bases for collecting or using personal information to prevent crime, prosecute offenders or defend against legal action are:

 

  • Legal obligation – We carry out DBS checks for staff and volunteers working in people's homes to comply with statutory safeguarding duties. We process this data under DPA 2018 Schedule 1, Part 2, para 18 (safeguarding of children and individuals at risk). Individuals are informed before checks are submitted as required by the DBS process.

  • Legitimate interest - Protect our interests – ensuring we have a record of the actions we have taken to support members

 

Our lawful bases for collecting or using personal information for service updates and queries, being part of our member’s council or marketing purposes are:

 

  • Consent – including subscribing to newsletters, being part of our member’s council where you explicitly provide your email address to us on a newsletter signup form or request to become part of our member’s council or explicitly agree to a request to use information for these purposes.  Photos and videos identifying individuals will require your explicit written consent.  You can remove this consent at any time by emailing us privacy@communitytechhub.org.

  • For existing members, we may rely on the PECR soft opt-in exemption for direct marketing about similar services, unless you opt out. For all other marketing, we rely on explicit consent.

 

Our lawful bases for collecting or using personal information for service improvement, research and analytics are:

 

  • Legitimate interest - To understand our user’s requirements to provide better services to existing and future members and users of our services

 

Our lawful bases for collecting or using personal information for legal requirements are:

 

  • Legal obligation – maintaining accurate financial records, DBS checks for staff and volunteers working with or volunteering for Community Tech Hub

 

Where we get personal information from

 

  • People directly

  • From our website

  • Emails

  • Phone conversations

  • Recorded images

  • Councils and other public sector organisations

  • Third parties:

    • Wix

    • Squarespace

    • Intuit QuickBooks

    • SquareUp

    • Google

    • Meta including Facebook, Instagram and WhatsApp, Messenger

    • DBS service

    • Learn My Way from the Good Things Foundation

 

How long we keep information

 

  • Non-financial member or event attendee details – 6 years after last membership ends or last booking or contact for contractual & tax audit purposes and to ensure records are kept for UK Law (Limitation Act 1980)

  • Emails, compliments and complaints, support records and other data –  2 years after membership ends or last booking or contact for contractual & tax audit purposes

  • Website logs and IP addresses, social media interaction data – 2 years

  • Photographs & videos – for as long as they remain relevant to the organisation's public communications, subject to annual review, and will be deleted upon request

  • Member/attendee financial records, payment details, invoices – 6 years after last booking or contact for UK Companies Act 2006 & HMRC requirements

  • Cookies – Various durations as noted in our Cookie Policy (https://communitytechhub.org/cookie-policy)

  • DBS data is retained only while the individual holds the role and for a maximum of 6 months after the relationship ends, to allow for dispute resolution, after which it is deleted.
     

Who we share information with

 

Necessary information is shared with officers and volunteers of the Community Tech Hub CIC when undertaking administration of events, courses, memberships or support requests.

 

Data processors

 

Wix

 

This data processor does the following activities for us: Provides website and payment services on the wix.com platform allowing us to describe and promote Community Tech Hub CIC and its services including hosting membership content, providing useful information to members of the public, allowing memberships, events and courses to be purchased or booked.  The website also allows people to contact us, signup for newsletters and allows us to understand user interactions (“user journeys”) and implements various cookies as per our cookie policy. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications.  See our data processing agreement with WIX (https://www.wix.com/about/privacy-dpa-users)

 

SquareUp                    

 

This data processor does the following activities for us: Provides payment services including use of SquareUp terminals used in person to pay for memberships, support requests, events and courses.  See our data processing agreement with SquareUp (https://squareup.com/gb/en/legal/general/data-processing-terms)

Microsoft

 

This data processor does the following activities for us: Provides email, data management, office applications and other related services.  We use these to contact you, internally discuss and record membership details, event and course bookings, track support requests and other matters relating to the operation and management of the Community Tech Hub. The processing of personal data is governed by the latest Microsoft Products and Services Data Protection Addendum (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=1)

 

Intuit QuickBooks
 

This data processor does the following activities for us: Online accountancy services.  We use this to track invoices and payments for memberships, events, courses and support requests. The processing of personal data in their capacity as our processor is covered by the Intuit QuickBooks Data Processing Addendum (https://quickbooks.intuit.com/uk/gdpr/).
 

Intuit also processes certain data as an independent data controller for their own purposes, including fraud prevention, security, and product improvement. For information about this processing please see Intuit's privacy statement at https://www.intuit.com/privacy/statement/

 

Mailchimp
 

This data processor does the following activities for us: Provides email sending services.  We use this to send membership newsletters and track engagement with our newsletters. The processing of personal data is governed by the latest Mailchimp Data Protection Addendum (https://mailchimp.com/legal/data-processing-addendum/).

 

Squarespace
 

This data processor does the following activities for us: Provides website and payment services on the Squarespace platform allowing us to describe and promote Community Tech Hub CIC and its services including hosting membership content, providing useful information to members of the public, allowing memberships, events and courses to be purchased or booked.  As we migrate to Wix.com personal data will be removed and the need for this processor will be removed.  The processing of your personal data is governed by the Data Processing Addendum at: https://www.squarespace.com/dpa
 

Third-party Controllers/Joint Controllers

 

If you choose to interact with the Learn My Way system from the Good Things Foundation your data may be shared with us as per your consent on that platform and in accordance with their privacy policy at: https://www.learnmyway.com/privacy

When you interact with our social media pages or use analytics-enabled features, Meta and Google process your data under their own privacy policies. Where we embed these features or you choose to use these platforms to interact with us, the relevant platform may collect data about your visit. We do not control their subsequent processing of that data.

 

For Google more information can be found at https://policies.google.com/terms, https://maps.google.com/help/terms_maps.html and the Google Privacy Policy (https://www.google.com/policies/privacy/).  To opt out from and prevent your data from being used by Google Analytics across all websites, check out the following instructions: https://tools.google.com/dlpage/gaoptout
 

For Meta please see the privacy policy at https://www.facebook.com/privacy/policy and terms at https://www.facebook.com/terms

Others we may share personal information with

 

  • Financial institutions

  • Insurance companies

  • Organisations we need to share with for safeguarding reasons

  • Relevant regulatory authorities

  • External accountants and auditors or inspectors

  • Organisations we’re legally obliged to

  • Publicly on our website, social media or other marketing and information media (where appropriate) such as photos of events and activities

 

Sharing information outside the UK

 

Where necessary, we or our data processors may transfer personal information outside of the UK. Where data is transferred outside the UK, we rely on UK International Data Transfer Agreements (UK IDTAs), UK Addendum (UK ADD), or adequacy decisions as required by Chapter 5 of the UK GDPR.


For Wix, we rely on the UK Government's adequacy regulations for EEA transfers (SI 2021/1772), the retained adequacy decision for Israel, and the UK Addendum to Standard Contractual Clauses as provided in Wix's Data Processing Agreement for any other international transfers.


For Microsoft, SquareUp, Squarespace, MailChimp and Intuit QuickBooks we rely on the UK Extension to the EU-US Data Privacy Framework and/or UK Addendum to Standard Contractual Clauses as provided by each processor’s Data Processing Agreement or Terms.

 

Other important information
 

You have an absolute right to object to your data being used for direct marketing at any time.
 

We do not use fully automated decision-making or profiling that produces legal or similarly significant effects
 

We do not knowingly collect data from individuals under 16 as none of our members or event or course attendees are under 16.
 

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
 

Your data protection rights

 

Under data protection law, you have rights including:

 

  • Your right of access - You have the right to ask us for copies of your personal data.  To protect your privacy, we may ask for reasonable verification of your identity before fulfilling a data request. 

  • Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.

  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

  • Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

 

You don’t usually need to pay a fee to exercise your rights.  If you make a request, we have one month to respond. If your request is complex or you have made multiple requests, we may extend this by up to two months (total 3 months). We will inform you of any extension within the first month.

 

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

 

How to complain

 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

 

The ICO’s address:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF
 

Helpline number: 0303 123 1113
 

Website: https://ico.org.uk/make-a-complaint

bottom of page