Privacy Policy


Introduction. Welcome to The October Club's Privacy Policy. TOC is committed to
safeguarding the privacy of its contacts, and will only use the information it collects about
you lawfully. You should check this page from time to time to ensure that you are happy
with any changes.

This policy is effective from 25th May 2018.

Purpose of this policy. We are obliged to provide you with this privacy policy under the
European Union’s General Data Protection Regulation (GDPR). This policy is for our
contacts, those charities who apply for grants, attend our events or supply us with
services. It explains:

  • What personal data we collect about you, why we collect it, who it is sharedwith, and how long we keep it
  • how we use your personal data
  • how we protect your personal data
  • your legal rights in respect of your personal data, including how to access and update the information we hold about you.

About Us. For the purposes of applicable data protection laws, The October Club CIC is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.

Contact Us. The Head of Operations and events has the responsibility for your data protection compliance. If you have any queries relating to this privacy notice (including any requests to exercise your legal rights in respect of your data, you can contact us at

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Information we collect about you.

Personal information we may collect directly from you (as applicable)

  • Names
  • Postal address
  • E-mail address
  • Mobile and/or landline telephone numbers
  • Dietary information
  • Company name
  • Personal information provided to us if you contact us or make an enquiry, such as your contact details in our records of that correspondence
  • Personal information provided to us if you choose to complete any surveys or questionnaires for us, enter a competition or other social media functions on our website
  • Records of which of our events you are interested in and which events you attend
  • Contact details of suppliers of TOC

If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected.

Why do we collect your personal information and on what grounds?

We will only use your personal data if we have a permitted lawful basis to do so. Generally, we collect your personal data because is it necessary for:

  • the pursuit of our legitimate interests (as set out below); or
  • complying with our legal obligations.

We may also rely on your consent to use your personal data for:

  • keeping you informed of our events;
  • using your profile or images in creating content for the TOC website or social media channels.

You have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the website and/or services. The primary purpose for which we collect information about you is to provide you with services you have requested from us. We also collect information about you for the following purposes:

To perform our contract with you

  • To process your communications
  • For handling queries, complaints or disputes.

For our legitimate interests

  • To support and manage our events
  • For the administration and advancement of TOC for the achievement of its charitable objects.
  • For market research and analytical purposes, e.g. to improve our understanding of contacts and event attendance trends and profiles
  • For improving existing services and developing new products and services
  • For promoting, marketing and advertising our events
  • To effectively handle any legal claims or regulatory enforcement actions taken against TOC
  • To generally run our website and for internal operations, in order to provide you with an up to date, efficient and reliable Service
  • Making important communications about your involvement
  • Maintaining our membership database.

To comply with our legal obligations

  • To help prevent fraudulent activity
  • To comply with our legal and regulatory obligations (including under applicable data protection laws)
  • For preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies
  • To fulfill our duties to our contacts, colleagues and other stakeholders.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with TOC. In this case, we may not be able to accept your application for membership or to provide you with our services, but we will notify you if this is the case at the time.

Who do we share your information with?

Your personal data is primarily only used within TOC. However, in certain limited circumstances we may share your information with other third parties particularly where that is necessary to provide our services to you. These include:

  • Our suppliers and contractors where necessary to provide services to TOC including the providers of payment, marketing, IT and event management services supporting events.
  • Our Charity where you have agreed to make a contribution to it, or otherwise assist it, or where you have expressed an interest in receiving information about its activities
  • Third parties we may be required to disclose such personal data in order to comply with our legal obligations or enforce our legal rights, e.g. any relevant authority or enforcement body and fraud protection

Sensitive Personal Data. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Retention of Personal Data.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the  applicable legal requirements.

Data Subject’s Rights. In certain circumstances you have rights under data protection laws in relation to the personal data we hold about you. These are summarised below:

Right of Access. You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism, of a Subject Access Request (SAR) and you have the right to obtain:

o Confirmation that your data is being processed (held)

o Access to your personal data (copy) and

o Other supplementary information that corresponds to the information  in this Privacy Notice

Fees and Timings. Under GDPR and from 25 May 2018 this information will be provided without charge, without delay and within one month. If an extension is required or  requests are considered manifestly unfounded or excessive, in particular because they are repetitive, TOC may:

  • choose to charge a reasonable fee taking into account the administrative costs of providing the information or
  • refuse to respond. The reasons will be formally notified to you and your rights of appeal to the appropriate Supervisory Authority ie. UK Information Commissioner’s Office (ICO) will be highlighted.

Identity Verification. To protect your personal data, TOC will seek to verify your identity before releasing any information, which will normally be in electronic format. This will normally be a simple process.

Right of Rectification. You are entitled to have personal data rectified or corrected if it is inaccurate or incomplete. TOC will respond within one month of your request. In the unlikely event that the rectification does not take place, TOC will inform you of your rights to complain or seek judicial remedy.

Right of Erasure. You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’. However, you do have a right to have personal data erased and to prevent processing in specific circumstances:

o Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed

o When you withdraw consent

o When you object to the processing and there is no overriding legitimate reason for continuing the processing

o The personal data was unlawfully processed

o The personal data has to be erased in order to comply with a legal obligation

Right to Restrict Processing. Under the Act, you have a right to ‘block’ or suppress processing of personal data. The restriction of processing under GDPR is similar. When processing is restricted, TOC is permitted to store the personal data, but not process it further. In this event, exactly what is held and why will be explained to you.

Right to Data Portability. You may ask to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer  personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:

o To personal data you have supplied to TOC

o Where the processing is based upon your consent or for the performance of a contract and

o When processing is carried out by automated means

In these circumstances, TOC will provide you with a copy of your data in free of charge, without delay and within one month. If there is going to be a delay you will be informed.

Right to Object. You have the right to object to:

o Processing based on legitimate interests or the performance of a task in

the public interest/exercise of official authority (including profiling)

o Direct marketing (including profiling) and

o Processing for purposes of scientific/historical research and statistics


Security of your data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Third party links on our site

Our site may, from time to time, contain links to and from the websites of our charities, affiliates, suppliers and social media pages. If you follow a link to any of these websites, please note that websites have their own privacy policies and that we are not in control of, and do not accept any responsibility or liability for these policies or any third-party website linked to our site. Please check these policies before you submit any personal information through these websites.

Cookies, IP Addresses and Non-Personal Information

We may collect and store information about your visit on an anonymous, aggregate basis. This information may include the time and length of your visit, the pages you look at on our sites, and the site you visited just before coming to ours. We may also record the name of your Internet service provider, browser type, and country of origin. We use this information to measure site activity, to develop ideas for improving our site(s) and, where we observe a particular area of interest, and your business domain name is visible to us, additional information may be offered or sent to you. 

In addition cookies are used. A cookie is a small file that is stored on your computer when you visit a website. If you visit the website again, it is recognised as a repeat visit by means of the cookie. The cookie contains a unique number but no personal data. We therefore cannot and would not use the cookie to identify you personally. Furthermore, the cookie cannot be used to identify you on websites of third parties. You can configure your web browser to refuse cookies, to delete cookies, or to be informed if a cookie is set. You can find out how to do this by clicking "help" on your browser menu.

Changes to this policy

We may from time to time review and amend this Privacy Policy to take into account changes in law, technology and our operations. We will post any changes to this Privacy Policy on our website from time to time and, where appropriate, notify you by e-mail.

25th May 2018