We take the privacy of your personal information very seriously and take reasonable care to comply with the requirements of the UK Data Protection Act 1998 (‘the Act’) and the General Data Protection Regulations (May 2018 – GDPR) relating to the personal information you supply to be a member of Sinai Synagogue Leeds, and on the website.
For the purpose of the Act and GDPR, the data controller is Sinai Synagogue Leeds, whose head office is at Roman Avenue, Leeds LS8 2AN
2. Your Personal Data
The information we gather (‘Information’) may include your name, address, email address and any other personal information you submit to Sinai Synagogue Leeds.
This includes information about children under the age of 21 which we need to hold to deliver the objects of Sinai eg the advancement of Judaism through educational and youth activities.
We share your data with Reform Judaism UK for the purposes of demographic and statistical information, as well as to ensure that you are aware of their youth provisions and opportunities for attendance at other major events.
In respect of fees you pay to the Joint Jewish Burial Society, your membership information is shared with them to allow them to carry out their official duties.
We will not sell, distribute or disclose your information without your consent, or unless required or permitted to do so, by law. Sensitive personal information will be held securely by the Sinai office.
3. Updating your Information and Retention
If any of your information is inaccurate or if it changes, please notify us by email.
We will retain personal information for the legally required period, e.g. seven years for Charity Commission requirements and HM Revenue and Customs (HMRC) and otherwise only whilst it serves to support your membership of Sinai Synagogue.
On termination of membership or on a member’s death, the information will be retained in perpetuity for demographic and statistical purposes, such as being able to provide evidence of Jewish status for family members on request, should the need occur.
4. Access to personal data
Under the data protection regulations you have the right to:
- obtain confirmation that your data is being processed;
- request access to your personal data and to information corresponding to that in this privacy notice;
- request that your data is deleted from our electronic or paper records, in accordance with Data Protection Regulations in force at that time.
Any information requested will be provided free of charge except where excessive, repeated or duplicate requests are made. In such a case a fee to cover the costs of administration will be made.
The information will generally be provided electronically within one month of the request. Should an extension of up to two months be required we will inform you of the reason.
5. Internet and Data Storage
The Sinai Synagogue Leeds website uses a security system that protects your information from unauthorised use. However, as no data transmissions over the Internet can be guaranteed to be 100% secure, we cannot take responsibility for any unauthorised access or loss of personal information that is beyond our control, e.g. whilst in transit. Any data you send is at your own risk.
We have procedures and security features in place to keep your data secure once we receive it. Your data is shared with the third parties mentioned in sections 2 and 3 above.
Please remember that other methods of Internet communication, such as emails and messages sent via a website, are not secure, unless they are encrypted.
We take no responsibility for any unauthorised access or loss of personal information that is beyond our control.
6. Complaints about a data breach
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint successfully on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
7. Data breach
In case of a personal data breach that is likely to result in a risk to people’s rights and freedoms, Sinai Synagogue Leeds will adhere to the mandatory regulation to report it to the Information Commissioner’s Office (ICO) within 72 hours.
High risk situations would be where there is the potential of people suffering significant detrimental effect such as discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage. Sinai Leeds will need to notify the relevant supervisory authority about a loss of personal details where the breach leaves individuals open to identity theft.
A breach notification must contain the nature of the personal data breach including, where possible:
- the categories and approximate number of individuals concerned
- the categories and approximate number of personal data records concerned
- The name and contact details of the data protection officer (if your organisation has one) or other contact point where more information can be obtained
- A description of the likely consequences of the personal data breach
- A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
Further information can be found on the ICO’s website or through the link: