Privacy Policy

Effective Date: December 2025

The Community Table CIC (Company Number: 16911657) is committed to protecting the privacy and security of your personal data. This policy explains how we collect, use, and protect your information when you interact with our hub in Mablethorpe, our website, or our services.

1. Data We Collect

We may collect and process the following information:

  • Identity Data: Name, date of birth, and gender (primarily for Youth Sanctuary safeguarding).

  • Contact Data: Email address, phone number, and home address.

  • Financial Data: Payment details for Social Supermarket memberships and purchases (processed via WorldPay, which are PCI-DSS Level 1 certified.).

  • Professional Data: CVs, qualifications, and employment history for those applying for Volunteer or Non-Executive Director roles.

    • Professional data will be deleted after 3 months unless hired.

  • Sensitive Data: With your explicit consent, we may record information regarding health conditions or disabilities to ensure we provide the correct support through our partnerships.

  • Crisis Referral Data: Information regarding your current circumstances and needs, provided by you or a referring agency, to facilitate emergency support.

  • Parental Consent: For those under 16, we collect data only with the explicit consent of a parent or legal guardian.

1.1 Data Retention Periods

We retain your personal data for as long as necessary to provide our services. When you cancel your membership, we retain your data for 30 days to complete any outstanding transactions or fulfill legal requirements.

After 30 days from membership cancellation, we delete your personal data.

You can also request deletion of your data at any time by emailing info@thecommunitytablecic.com with subject "Data Deletion Request".

We retain payment transaction records for 7 years as required by UK tax law, though we do not retain your payment card details.

2. How We Use Your Data

We use your data to:

  • Manage your Social Supermarket membership and provide food dignity services.

  • Ensure the safety and safeguarding of participants in our Youth Sanctuary project.

  • Process donations and provide updates on our fundraising activities.

  • Communicate with volunteers and partners regarding our operations in Mablethorpe and East Lindsey.

  • Comply with legal and regulatory obligations as a Community Interest Company.

  • Facilitate "Warm Referrals" to partner agencies (NHS, Councils, etc.) at your request.

  • Provide Anonymised Impact Reporting to our funders to prove the social value we are creating in Mablethorpe.

We also collect data automatically when you use our site, such as:

  • IP address

  • Browser type and version

  • Pages visited and time spent

  • Device identifiers

  • Referral URLs

Cookies

Cookies help us improve your browsing experience and collect anonymous analytical data. Cookies are small files stored on your device to:

  • Track site usage and improve performance

  • Remember preferences

  • Help us analyse website traffic

You can control cookie settings via your browser or learn more at www.allaboutcookies.org.

2. How We Use Your Data

We also collect data automatically when you use our site, such as:

  • IP address

  • Browser type and version

  • Pages visited and time spent

  •  Device identifiers

  • Referral URLs

  • This data is collected via:

  • Google Analytics - tracks website usage; data anonymized where possible

  • Squarespace website analytics - tracks page views, visitor counts

  • Cookies - small files that remember your preferences and track usage

Cookies & Consent:

Cookies help us improve your browsing experience and collect analytics data. 

Our website uses a cookie consent banner on first visit.

3. Legal Basis for Processing

We process your data under the following legal bases:

  • Consent: Where you have given us clear permission (e.g., signing up for a newsletter).

  • Contract: Where we need to fulfill an agreement (e.g., your Social Supermarket membership).

  • Legal Obligation: Where we must comply with the law (e.g., safeguarding or financial reporting).

  • Legitimate Interests: To improve our services and ensure the sustainability of our hub.

  • Vital Interests: In emergency situations, we may process your data to protect your immediate safety or wellbeing (e.g., emergency food provision or medical incidents).

4. Data Sharing

We do not sell your data. We only share information with:

  • Service Providers: We use carefully selected third-party services to process payments, host our website, send emails, and track analytics. All are contractually bound to protect your data. We have Data Processing Agreements in place with all processors.

  • Questions about our service providers?

  • Partner Agencies: We will only share specific details with local health, social care, or housing providers through a documented referral process which you have authorised.

  • Regulatory bodies, if required by law.

4.1 Data Sharing

Some of our processors may be based outside the UK. When data is transferred internationally, we use:

Standard Contractual Clauses (SCCs) - Legal agreements that ensure your data receives UK-level protection even outside the UK.

UK Adequacy Decisions - Where applicable, data transfers to countries deemed adequate by UK law.

All international transfers comply with UK GDPR Article 46 requirements.

5. Data Security

As a professional organisation led by an experienced Operations and HR leader, we take security seriously. We use administrative, technical, and physical measures to protect your data against unauthorised access, loss, or misuse.

Appropriate technical and organisational measures to secure your data, include:

  • Secure hosting and encrypted connections (SSL)

  • Restricted access to personal information

  • Undertaking training on data protection

5.1 Data Breach Response

If we discover a breach of your personal data, we will take the following steps: 

  • Investigate immediately to understand what happened,

  • Notify the ICO within 72 hours (as required by UK GDPR), 

  • Notify you within 72 hours if there is a high risk to your rights,

  • Explain what data was affected and what steps you should take to protect yourself 

You have the right to lodge a complaint with the Information Commissioner's Office if you believe your data has been mishandled: www.ico.org.uk 

6. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.

  • Request the correction of inaccurate data.

  • Request the deletion of your data (the "right to be forgotten").

  • Withdraw consent at any time.

6.1 Right of Access (Subject Access Request - SAR)

You can request a copy of all data we hold on you.

  • How to request: Email info@thecommunitytablecic.com with subject line "Data Access Request".

  • What to include: Your full name, membership number (if you have one), email address, and any details to help us identify you.

  • Proof of Identity: If we don't know you personally, you may need to provide ID.

  • Timeline: We will respond within 30 calendar days (or 60 more days if your request is complex)

  • Cost: Free (unless your request is clearly unfounded or excessive)

 What you will receive:

  •  Copy of all data we hold on you

  •  Why we hold it (legal basis)

  •  Who we share it with

  •  How long we keep it

  •  Your rights regarding it

6.2 Right to Rectification (Correction)

You can ask us to correct inaccurate data:

  • How to request: Email info@thecommunitytablecic.com with "Data Correction Request"

  • Example: "You have my birthday wrong - it's 15 March 1990, not 15 May 1990. Please correct this."

  • Timeline: We will correct within 30 days and confirm in writing  

  • Cost: Free

6.3 Right to Erasure ("Right to be Forgotten")

You can ask us to delete your data (with some exceptions):

Exceptions - we cannot delete if:

  • You still have an active membership (we need your data to provide services)

  • You have outstanding payments (we must keep records for 7 years for tax law)

  • We're required by law to keep records (e.g., safeguarding concerns)

  • We need it for legal claims (e.g., dispute resolution)

6.4 Automated Decision-Making Rights

We do not use automated decision-making or algorithmic profiling that significantly affects you.

We do not use algorithms or AI to decide:

  • Your membership eligibility

  • Your pricing

  • Your access to services

  •  Whether to refer you to partner agencies

All decisions about your membership and services are made by The Community Table CIC staff.

7. Third-Party Links

Our website may include links to third-party websites. Please be aware we are not responsible for their privacy practices. We recommend reviewing the privacy policies of any external sites you visit.

8. Contact Us

We are registered with the Information Commissioner’s Office (ICO). Our registration number is ZC072511. You also have the right to lodge a complaint with the ICO if you are unhappy with how we use your data.

If you have any questions about this policy or how we handle your data, please contact our Data Lead:

  • Name: Liam Grimes

  • Address: Mablethorpe Business Centre, Enterprise Road, Mablethorpe, LN12 1NB

  • Email: liam@thecommunitytablecic.comcollect