Privacy Policy

Sunnybank Association (hereinafter referred to as “Sunnybank”) is committed to protecting your personal information, using it in accordance with all applicable laws and being transparent about what we do with it.

This Privacy Policy sets out how and why we obtain, use and protect your personal information.

Key points:

We will only send you marketing information electronically (eg by email, social media) if you specifically agree to us doing so.

You can change your marketing preferences at any time by emailing at

If you ask us to stop sending marketing information we will update our records to stop further mailings as quickly as we can.

We collect personal data (ie your name, postal & email addresses and telephone number etc) when you give them to us for various purposes, such as donating, seeking advice, signing up for an event etc.

This Privacy Policy is written in accordance with the General Data Protection Regulation 2018. If you have any questions about it, please contact us at

How do we obtain your personal information?

When you give it to us directly.  You may give us your information in order to become a member, register for one of our events, when you contact us to ask about our activities, make a donation to us etc

When your information is available publicly or from other external sources
. We may combine information that we already have about you with information available publicly or available from external sources (printed, digital, social media).The information we get from these sources may depend on your privacy settings or the responses you give, so you should regularly check them. For example, you may have provided permission for a company or other organisation to share your data with third parties. This could be when you buy a product or service, register for an online competition or sign up with a comparison site. Depending on your settings or the privacy policies for social media and messaging services like Facebook, LinkedIn, WhatsApp, Instagram, YouTube, or Twitter, you might give us permission to access information from those accounts or services.

What information do we collect?

Personal information is any information that can be used to identify you. For example, it can include information such as your name, date of birth, email address, postal address, telephone number, IP address, credit/debit card details, and information relating to your health and personal circumstances.

The kind of information we collect, why we collect it, if we share it, and the legal basis for this data collection is set out below. When you contact Sunnybank to:

Become a member

We collect the following types of information: title, name, address, email, phone number.

We use this information to: add you to our membership list so that we can inform you about our activities and events.

Become a Volunteer We collect the following types of information: name, address, email, phone number, preferred area of involvement with Sunnybank, eg visting residents or helping at The Grange on our Open Days.

Request our Help 

We collect the following types of information: name, address, email, phone number.  This information is then forwarded to our Welfare Officers who will then liaise with other relevant third parties.  Your express permission for us to do so will always be requested beforebeing passed on.

How long do we hold your information for?
We will keep your information for as long as we are legally allowed or as best practices are from time to time. You can, of course, choose at any time to have your personal data deleted from our database by writing to us at

How do we use your information?

How we use your information depends on why you provide it. We may use your information in the following ways or as specifically mentioned above.

We use your personal information to send you information about our activities.
We may also use your personal information for other purposes which we specifically notify you about and, where appropriate, obtain your consent.

We may pass on to you information from other local associations or organisations who also make use of our headquarters at The Grange, Mouans- Sartoux.

We rely on your consent for marketing communications by electronic means – including text, email and social media.

You can let us know if at any time if you would prefer not to receive these communications by email to

Who do we share your information with?

We will not sell your details to any third parties, but in some cases we may need to share your information with trusted service providers etc.

Sometimes, we input your data into tools owned by third party companies for the purposes authorised by you.

When we collect your personal information we use strict procedures and security features to prevent unauthorised access. However, no data transmission over the Internet is 100% secure. As a result, while we try to protect your personal information, Sunnybank cannot guarantee the security of any information you transmit to us, you do so at your own risk.
We also share some information with Facebook as described below.
Remarketing (or retargeting)
Facebook have tags on some pages of our website which allows them to collect information about pages you’ve visited on our website, they will then serve you advertising on Facebook based on this information.


The Sunnybank website includes links to other sites, not owned or managed by us. We therefore cannot be held responsible for the privacy of information collected by such websites.

Your rights – Accessing and updating your personal information

You can request access to any information we hold about you by contacting us at Equally, please notify us of any changes in your personal information.

You can also let us know if you would no longer like to receive communications from us by contacting the same email address.

If you are unhappy with how we’ve used your data please tell us so we can find a resolution.  If you are still unhappy you have the right to complain and have the issue investigated by the relevant authorities.

Your rights – more details

Right to be informed – you have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.

Right of access – you have a right to ask us to confirm whether we are processing information about you, and to request access to this information.

Right to object – you have the right to object to processing based on legitimate interests or performance of a task in the public interest / exercise of an official authority; direct marketing and processing for the purposes of scientific, statistical or historical research. We must comply with any request to stop processing for the purposes of direct marketing. The right to object is not absolute in relation to processing for legitimate interests and research purposes.
Right to rectification – you have the right to require us to rectify information about you that is inaccurate. You may also ask us to remove information which is inaccurate, or complete information which is incomplete. If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so they may update their own records.
 We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided us changes, for example if you change your email address etc, please let us know at We will update your details as soon as possible and within one month.

Right of portability – you have a right to obtain your personal data from us and re-use it for your own purposes, without hindering the usability of the data. This includes the right to require us to pass on information we obtained from you to another data controller. This right applies when we process your data with consent and we are carrying out processing by automated means.
Right to be forgotten – you have a right to seek the erasure of your data. You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data. This right is not absolute, as we may need to continue processing this information, for example, to comply with any legal obligations, or for reasons of public interest. We may also need to keep some information about you in order to, for example, comply with an instruction not to contact you again. We will respond to a right to be forgotten request within one month.

Right to restriction – you have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
– you contest its accuracy and we need to verify whether it is accurate
– the processing is unlawful and you ask us to restrict use of it instead of erasing it
– we no longer need the information for processing, but you need it to establish or defend legal claims
– you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests. If you exercise your right to restrict processing, we would still need to process your information for exercising or defending legal claims, protecting the rights of another person or for public interest reasons.

This is an alternative right to the right to be forgotten and it is not an absolute right. If we refuse a request for restriction we will explain why. We will respond to requests for restriction within one calendar month.

If we rely on consent as the legal basis for processing, you can withdraw your consent to that processing. However, we often rely on different legal bases for different aspects of processing. This means that we may not be able to act on your request if we have a compelling legal reason not to.

Changes to this policy

We may change our privacy policy from time to time so please check back periodically.

This Privacy Policy was last updated May 2018.