Privacy Policy

Last updated: 30 January 2026

1. Who we are

DayTime Hub is the data controller for personal data collected through this website. If you need to contact us about data protection, email: communitycentremanager@gmail.com.

2. What personal data we collect

• Identity data: name, signature (typed), date.
• Contact data: email address, phone number, postal address, postcode.
• Emergency contact and referee details (names, relationship, contact info).
• Application details: role, availability, experience, support needs and other information you provide on forms.
• Technical data: IP address, browser and device information, cookies (including the admin login session cookie), and usage data collected automatically.

3. How we use your personal data (purposes and lawful basis)

We will only process personal data where we have a lawful basis. Typical lawful bases we rely on are:

• Consent — for newsletters or optional communications where you opt in.
• Performance of a contract / pre-contract steps — to process volunteer applications and manage placements.
• Legal obligation — where we must retain records for statutory reasons.
• Legitimate interests — to protect our premises, prevent abuse, and administer our services (we balance these interests against your rights).

Lawful basis for each purpose

• Volunteer applications: performance of a contract / pre-contractual steps — to assess and place volunteers and perform background checks where required.
• Administering services and safety: legitimate interests — to protect service users and staff, run sessions, and prevent fraud; we balance this against individual rights.
• Communications & newsletters: consent — we will only send marketing/newsletters where you have opted in; you can withdraw consent at any time.
• Legal and safeguarding obligations: legal obligation — where we must retain or disclose information for statutory or safeguarding reasons.
• Technical & analytics: legitimate interests — for site security, stability, and analytics; you may opt out of non-essential cookies via our Cookie Policy.

4. Who we share data with

We share personal data only with parties who need it to deliver services, including:

• Email delivery provider (Gmail SMTP by Google, or SendGrid if enabled) — to send application and contact notifications.
• Hosting and database providers — to store and serve the website and application data.
• Third-party services used to generate PDFs or process emails (listed in our internal records).

We require all processors to provide appropriate guarantees and process data only on our instructions.

5. International transfers

If personal data is transferred outside the UK/EEA (for example, by our email or hosting providers) we will ensure there are appropriate safeguards in place (e.g., SCCs, approved provider contracts).

6. How long we keep personal data (retention)

We keep personal data only as long as necessary. Our typical retention periods are:

• Volunteer applications: 3 years from last contact (retained for safeguarding and placement records).
• Marketing lists / newsletters: until you unsubscribe or withdraw consent.
• Website logs and analytics: 12 months (aggregated where possible).
• Backups: retained for up to 90 days and deleted according to our backup policy.

We securely delete or anonymise data when no longer required and retain only what is necessary.

7. Your rights

You have the following rights in relation to your personal data (subject to statutory exemptions):

• Right to access a copy of your data.
• Right to correct inaccurate data.
• Right to erasure (right to be forgotten) in certain circumstances.
• Right to restrict or object to processing.
• Right to data portability (where processing is by automated means and based on consent or contract).
• Right to withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, email communitycentremanager@gmail.com. We will respond within one month (we may extend by two months for complex requests and will inform you if we do).

8. Data subject access requests and verification

Before fulfilling requests to access or delete data we will verify the identity of the requester to protect individuals' privacy. To make a request, email communitycentremanager@gmail.com and include your name, the email address you used with us, and a brief description of the data or action requested. We may ask for a copy of photographic ID (passport or driving licence) or another document to confirm your identity where necessary.

9. Security measures

We implement appropriate technical and organisational measures including:

• Encryption in transit (HTTPS/TLS).
• Access controls and least privilege for staff with access to personal data.
• Regular backups protected at rest and in transit.
• Secrets management for production (environment variables / secrets manager).

Where appropriate we use role-based access control (RBAC), audit logging of access to personal data, and encrypt sensitive data at rest where supported by our providers. Staff access is reviewed regularly.

10. Cookies and tracking

We use cookies to improve site functionality and performance. For detailed cookie information and how to opt out, see our Cookie Policy (or contact us). Non-essential cookies are used only with your consent.

11. Data breaches

If we discover a data breach we will assess its severity and, where required by law, notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals where there is a high risk to their rights and freedoms.

12. Children

We do not knowingly collect personal data from children under 13. If we become aware we will promptly delete such data and take steps to verify parental consent where required.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will reflect changes. Significant changes will be notified on the site or by email where appropriate.

14. Complaints

If you are unhappy with how we handle your data you can contact us at communitycentremanager@gmail.com or raise a complaint with the UK Information Commissioner's Office: https://ico.org.uk.

15. Contact

Data controller: DayTime Hub
Email: communitycentremanager@gmail.com
Address: 4 Wilfred Street, Gravesend, DA12 2HA

Data Protection Officer (DPO): We do not currently have a designated DPO. For data protection queries, contact the data controller at the email above.

Special category / sensitive personal data

Certain information you provide (for example, health or support needs, nationality/visa status) may be sensitive. We process this information only where necessary for the volunteer role and safeguarding, or with your explicit consent. Access to sensitive information is restricted to a small number of staff on a need-to-know basis and is stored securely. If you provide sensitive information, we will explain the lawful basis and how long we will keep it at the point of collection.

If you need this policy in a different format (large print, audio), please contact us.