Bright Momentz CIC

Privacy Policy

Effective Date: [Insert Date]
Company Number: [Insert CIC Number]
Registered in England & Wales

1. Who We Are

Bright Momentz CIC is a Community Interest Company established to deliver community-based wellbeing activities, small restorative interventions, events, and fundraising initiatives.

For the purposes of UK data protection law, Bright Momentz CIC is the Data Controller of the personal data you provide.

Contact:
Email: [Insert Email]
Registered Address: [Insert Address]

2. What Information We Collect

We may collect the following types of personal data:

2.1 Basic Information

Name
Email address
Phone number
Postal address (for product delivery)

2.2 Event & Activity Information

Booking details
Attendance records
Emergency contact details (where relevant)

2.3 Donations

Donation amount
Gift Aid declaration (if applicable)
Payment reference details

(Note: Payment card details are processed securely by third-party providers. We do not store full card details.)

2.4 Volunteer Information

Contact details
Relevant experience
DBS status (where required)

2.5 Media

Photographs or video recordings taken at events (with consent where required)

3. How We Use Your Information

We process personal data for the following purposes:

To administer events and activities
To deliver goods or services
To communicate about bookings or changes
To process donations and Gift Aid
To manage volunteers
To improve our services
To meet legal or regulatory obligations

We only collect data that is necessary and proportionate.

4. Lawful Basis for Processing

Under UK GDPR, we rely on:

Consent (e.g., newsletters, photographs)
Contract (e.g., ticket purchases, event bookings)
Legal obligation (e.g., financial record keeping)
Legitimate interest (e.g., improving services, safeguarding)

Where consent is used, you may withdraw it at any time.

5. How We Store Your Data

We:

Store data securely using password-protected systems
Limit access to authorised persons only
Retain data only as long as necessary

Typical retention periods:

Financial records: 6 years (legal requirement)
Event records: up to 2 years
Volunteer records: duration of involvement + 1 year
Newsletter subscribers: until unsubscribe

We do not sell personal data.

We may share limited information with:

Payment processors
Event booking platforms
Professional advisors (e.g., accountant)
Legal or regulatory authorities if required

All third parties are expected to handle data securely.

7. Your Rights

Under UK GDPR, you have the right to:

Access your personal data
Request correction
Request deletion
Restrict processing
Object to processing
Data portability (where applicable)

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Website: https://ico.org.uk

8. Photography & Media

Photographs may be taken at public events for promotional purposes.

Where individuals are clearly identifiable:

We will seek consent where appropriate.
You may request removal of an image at any time.

Children will not be photographed without parental/guardian consent.

9. Cookies & Website Data

If our website uses cookies, these may collect:

Basic usage analytics
Website performance data

You may manage cookies through your browser settings.

(A separate Cookie Policy may be provided if required.)

10. Safeguarding & Sensitive Information

If you share personal or wellbeing-related information during community sessions:

We treat such information with discretion.
We do not record sensitive health information unless necessary.
Safeguarding concerns may be shared with appropriate authorities in line with legal duties.

11. Changes to This Policy

We may update this Privacy Policy periodically.
The most recent version will always be available on our website.

PRIVACY POLICY