Privacy Notice and Policy

Who we are

The Lower Thames Crossing Association (LTCA) is a non-political, not-for-profit unincorporated association* established to benefit the communities impacted by the Lower Thames Crossing proposed by the UK Government and their agent Highways England.

The LTCA is managed and governed by an elected Executive Committee comprising representatives for the affected areas.

Our website address is: https://ltca.org.uk.

*An ‘unincorporated association’ is an organisation set up through an agreement between a group of people who come together for a reason other than to make a profit (for example, a voluntary group or a sports club). Individual members are personally responsible for any debts and contractual obligations. Source: https://www.gov.uk/unincorporated-associations

How we use information about you

We’re committed to protecting and respecting your privacy.

We collect, store and use information about people in a secure, respectful way that complies with the relevant legislation. This includes:

General Data Protection Regulation (GDPR),
Data Protection Act 2018,
Privacy and Electronic Communications (EC Directive) Regulations 2004.

We use information about you to:

administer your relationship with and/or support for the LTCA and maintain our supporter records,
send you newsletters and updates about LTCA activities and events,
support your attendance at events,
deliver LTCA services,
run our fundraising campaign.

It is in our legitimate interests to use the information in this way to ensure the successful operation of the LTCA.

What personal data we collect and why we collect it

When visitors leave comments or contact information on our website we collect the data shown in the relevant form, and also the visitor’s IP address and browser user agent string to help spam detection.

The exact information we collect may vary based on the service we provide to you. Typically, we need details like:

your name and email address so that we know who you are and can contact you about LTCA business or events
events you wish to attend
photographs of you at our events for use for publicity and news

We do not store your bank account details, but these may be collected and stored by our third party service providers if and when we collect donation payments from you. That personal information is covered by those third part provider’s Privacy Policies.

Media

Out website does not currently allow visitors to upload images. If this is enabled in the future and you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

By agreeing to this Policy you agree that any photos of you taken at LTCA or related events may be used in LTCA marketing material, both online and in print.

Contact forms

We may obtain information about you:

when you complete and submit any of the forms on our website at: www.ltca.org.uk and any other such services we set up in the future,
when you contact us for any reason by other means including email, telephone and on-line communication (social media, direct/instant messaging)
if you attend an event or use a LTCA service where photos may be taken and surveys undertaken.

Technical information relating to our website platform:

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Members of the Executive Committee to process and store information about you, using I.T. equipment owned by them,
Event organisers and/or venues, if this is necessary for you to attend an event.

The third party service providers we use are as follows:

GoFundMe for our fundraising activities, whose Privacy Policy can be found at: https://www.gofundme.com/privacy
PayPal for our banking services, whose Privacy Policy can be found here at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
1and1 Internet Ltd for our website hosting whose Privacy Policy can be found here: https://www.1and1.co.uk/terms-gtc/terms-privacy/

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We keep your name and contact details for up to 6 months after you exercise any of your rights (see below) to give us time to process any enquiries.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Right to access (what information we have)
You can ask us for a copy of the information we hold about you. You can also ask us for details of what we use the information for, who we share it with, how long we’ll keep it for and where we got it from.

Right to rectification (ensuring we have the correct information)
You can ask us to rectify any incorrect information we hold about you, or update any incomplete information.

Right to deletion (if you want to be forgotten)
You can ask us to delete the information we hold about you. This right applies in certain circumstances, such as when we hold information we no longer need, or when you originally consented to us holding information about you but have changed your mind.

Right to object (stopping us using information about you)
You can ask us to stop using your information, including direct marketing. If you gave us consent to use your information, you have the right to withdraw this at any time.

Right to restriction (suspending the use of information about you)
You can ask us to stop using information you have queried while we deal with your query.

Right to data portability
You have the right to request a copy of the information you have given to a company under a contract or with your explicit consent. Please note that this right is unlikely to apply to

If you’d like to put any of your rights into effect, please contact info@ltca.org.uk . We’ll respond within one calendar month of receiving your request.

Where we send your data

Visitor comments may be checked through an automated spam detection service. Third party service providers may reside outside the European Union (EU), in which case it is the responsibility of those service providers to comply with the relevant EU legislation. Please refer to their Privacy Policies for details.

How we protect your data

All personal data in held on secure, encrypted, password-protected systems.

If LTCA uses or stores information about people, it must and does comply with data protection legislation.

Some of the most relevant obligations are:

Tell people what information we collect about them and what we use it for. This is done using a Privacy Notice.
Only use the information for the purposes set out in a privacy notice.
Collect the information needed to carry out our purpose, but no more.
Meet one of the criteria set out in the legislation to justify each use of the information. This will normally be legitimate interests.
Make sure our information is accurate and up to date.
Securely dispose of information when we no longer need it.
Store and move information around in a secure way.
Get consent if we want to use information about people for marketing purposes.
If we use any external suppliers or IT services, make sure that they are data protection compliant.
Tell the Information Commissioner about any security breach which could result in a risk to people’s rights and freedoms. We have to do this within 72 hours of becoming aware of it.
Tell the people affected by a security breach if it is likely to result in a high risk to their rights and freedoms.

What data breach procedures we have in place

If we were to have a security breach, for example affecting members’ bank account details or disability information, it is likely that we will have to report it to the Information Commissioner and tell the affected individuals. We have 72 hours from becoming aware of the breach to do this. Contact the Data Protection Officer immediately if you think you have had a data protection breach. However, we do not capture or store bank account details or disability information.

What third parties we receive data from

None.

What automated decision making and/or profiling we do with user data

None at present. If we were to decide to capture personal data such as location information for analysis in the future we will notify users and request their permission to do so.

Industry regulatory disclosure requirements

Not applicable. We are not subject to any industry regulator.