Who we are

Blossom LGBT CIC Is a Community Interest Company operating in England and registered with Companies House England & Wales. Our website address is: https://blossom.lgbt. This Policy is designed to outline how we process, store, and protect the information and data that individuals share with us. We also explain how & when we share your data with third parties.

1. Introduction

Blossom LGBT CIC (“Blossom,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy & Data Protection Policy outlines how we collect, process, share, and protect your data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws in the United Kingdom. Please read this policy carefully to understand how we handle your personal information.

2. Data Processing Activities

We collect and process personal data for various purposes outlined below:

• Website Comments: Comments left on our website are displayed publicly until further notice.
• Contact Us Forms: Information submitted through our contact forms is stored on our website for 6 months and in our email provider (Google) for up to two years.
• Service Sign-up: Personal data provided during service sign-up is stored for up to 12 months from the last interaction with the service user, and up to four years if required for safeguarding or official reports. Data is stored on Google Drive.
• Donations/Purchases: Donations and purchases are processed by Stripe and/or PayPal and stored on QuickBooks for up to six years due to government regulations. Data is also stored on our website for 12 months from the last donation/purchase.
• Phone Calls: Phone call logs are stored on our Cloud phone service provider for 12 months. Email records of calls may be stored for up to 12 months.
• Diversity and Inclusion Data: Anonymous diversity and inclusion data is collected for funding reports and monitoring our commitment to being intersectional. Data is stored for up to six years without identifiable features.
• Case Studies & Testimonials: Case studies and testimonials are stored on Google Drive and shared anonymously with grant funders and sponsors. Data is stored for at least 24 months and often for the duration of the relevant project.
• Cookies: We use cookies on our website to enhance user experience.
• Third-Party Meeting Scheduling: Calendly stores scheduling data for up to 6 months, with an additional 12 months on Google Drive.
• CRM Management & Case software: We use Monday.com to store contact details of our service users and notes regarding their engagement with our services. We aim to remove all identifiable data of an individual 6 to 12 months of their last engagement with our service, however, we may store non-identifiable information for the duration of a project if a funding partner requires.

Wherever possible Blossom LGBT CIC makes a significant effort to reduce the data we record on individuals, especially, sensitive information and do our upmost to actively reduce and remove data stored on individuals at the earliest possible opportunity.

3. Risk Mitigation Measures

To ensure the security and privacy of your data, we implement the following measures:

• Documents are private by default and shared internally with Blossom LGBT colleagues only, unless CEO permission is granted.
• All data storage locations require individual logins with 2-step authentication enabled where possible.
• Comprehensive data protection impact assessments are conducted for all projects and data collection methods.
• All third-party providers are carefully selected for GDPR compliance.
• Staff members undergo annual data protection training.
• No paper copies of documents are stored at any time.

4. Rights of Individuals

As an individual whose data we process, you have certain rights:

• Right to Access: You can request access to your personal data held by us.
  You can do this by emailing our Data Protection Officer with a formal DSAR request.
• Right to Rectification: You can request corrections to inaccurate or incomplete data.
  You can contact our Data Protection Officer to update your information at any time, likewise, our service leaders make an active effort to consistently update & correct data as per ongoing working agreements with yourself if you are a service user.
• Right to Erasure: You can request the deletion of your personal data under certain circumstances.
  You can do this by emailing our Data Protection Officer at any time.
• Right to Restriction: You can request a restriction on the processing of your data.
  You can do this by emailing our Data Protection Officer at any time.
• Right to Object: You can object to the processing of your data for certain purposes.
  You can do this by choosing not to accept cookies on our website. You can also voice this right at any point an individual at Blossom LGBT CIC asks for your data.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data rights have been violated.

5. Contact Us

If you have any questions, concerns, or requests related to your data, privacy, or this policy, please contact our Data Protection Officer at Oscar@Blossom.lgbt

6. Changes to this Policy

We may update this Privacy & Data Protection Policy from time to time. Any changes will be posted on our website, and the effective date will be updated accordingly.

7. Data Controller

Blossom LGBT CIC is the data controller for the personal data collected and processed in accordance with this policy.

By using our services or providing your personal data to Blossom LGBT CIC, you consent to the practices described in this Privacy & Data Protection Policy.