Privacy and Cookie Policy | Wellbeing Courses

We’re relaunching!

The Wellbeing Course service welcomed a new Co-ordinator on the 14th July. Work will begin to create a new programme and promote existing services and activities across Bath and North East Somerset. The project is being led by 3SG, Bath and North East Somerset Third Sector Group, as part of the Community Wellbeing Hub partnership. We are aiming to be fully operational during September. Get in touch: wellbeingcourses@3sg.org.uk

3SG Privacy and Cookie Policy

Policy No.: 11
Author: Becky Brooks
Approved by: Board of Trustees
Last Updated: July 2025
Next Review Due: July 2026

1. Purpose of this Policy

This Privacy and Cookie Policy explains how 3SG (Bath and North East Somerset Third Sector Group CIO) collects, uses, stores, and shares personal data. It also outlines your rights and how to exercise them.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Who We Are

3SG is a registered charity (No. 1181029) supporting the Third Sector in Bath and North East
Somerset. Our registered office is:
The Archway Office, 4-5 Chapel Court, Bath BA1 1SQ
You can contact us at: contact@3sg.org.uk

3. Scope

This policy applies to:

Visitors to our website (www.3sg.org.uk)
Individuals and organisations who use our services
People who attend our events or training
Subscribers to our newsletters
Partners and collaborators

4. What Personal Data We Collect

We may collect the following types of personal data:

Type	Examples
Contact details	Name, email, phone number, postal address
Organisational info	Organisation name, role, sector
Communications	Emails, feedback, event registrations
Media	Photos or videos taken at events (with notice)
Technical data	IP address, browser type, device info (via cookies)
Special category data	Health, ethnicity, religious beliefs, political opinions, or other sensitive data (only with explicit consent)

We do not knowingly collect data from children under 16.

5. How We Collect Your Data

We collect data:

Directly from you (e.g. forms, emails, event sign-ups)
Automatically via cookies and analytics tools
From third parties (e.g. partners, funders, social media)

6. Lawful Basis for Processing

We only process your data when we have a lawful basis to do so. These include:

Lawful Basis	When We Use It
Consent	For newsletters, photos, special category data
Contract	When providing services or event bookings, including Wellbeing Courses commissioned by Bath & North East Somerset Council
Legal obligation	For safeguarding or regulatory compliance
Legitimate interests	To improve services, monitor impact, or communicate with members (where your rights are not overridden)

You can withdraw consent at any time.

7. How We Use Your Data

We use your data to:

Provide services, support, and information
Manage events and training
Send newsletters and updates (with consent)
Monitor and evaluate our impact
Improve our website and services
Comply with legal obligations

8. Data Sharing

We may share your personal data with:

Community Wellbeing Hub partners – 3SG is a member of the Community Wellbeing Hub and has a formal Data Sharing Agreement in place with other members, including Bath & North East Somerset Council, HCRG Care Group and Everyone Health. Data is only shared where necessary to deliver joined-up support and in line with agreed protocols.
Commissioning bodies – Where we deliver services under contract (e.g. Wellbeing Courses commissioned by Bath & North East Somerset Council), we may share relevant data with the commissioning body for monitoring, evaluation, or safeguarding purposes. This data can be anonymised if requested.
Service providers – such as Google (for email and cloud storage), who are only permitted to process data on our instructions and under strict confidentiality agreements.
Legal or safeguarding obligations – where required by law or to protect someone’s vital interests.
With your consent – to connect you with other organisations or services.

We never sell your data.

9. International Data Transfers

If any personal data is stored or processed outside the UK (e.g. via cloud services like Google Workspace), we ensure appropriate safeguards are in place. These may include:

UK adequacy regulations
Standard Contractual Clauses (SCCs)
Binding corporate rules or equivalent protections

10. Cookies and Tracking

We use cookies to:

Make our website work properly
Understand how visitors use our site (via Google Analytics)
Improve your experience

We use a cookie consent banner to allow you to accept or reject non-essential cookies in line with PECR and ICO guidance.

You can also manage your cookie preferences via your browser. For more info, visit http://www.allaboutcookies.org.

11. Automated Decision-Making

We do not currently use automated decision-making or profiling that has legal or similarly significant effects. If this changes, we will update this policy and explain:

The logic involved
The significance and consequences for you
Your right to request human intervention

12. Data Security

We take appropriate technical and organisational measures to protect your data, including:

Secure cloud storage (Google Workspace)
Access controls for staff and contractors
Regular data protection training

13. Data Retention

We keep your data for no longer than necessary. Typically:

General contact data: 36 months after last interaction
Event records: 3 years
Contractual data: up to 7 years (for audit purposes)

We may retain anonymised data for research and reporting.

14. Children’s Data

Our services are not intended for individuals under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete it as soon as reasonably practicable.

15. Your Rights

You have the right to:

Access your data
Correct inaccurate data
Erase your data (“right to be forgotten”)
Object to processing
Restrict processing
Data portability (move your data)
Withdraw consent at any time

To exercise your rights, contact us at: contact@3sg.org.uk
We may need to verify your identity and will respond within 30 days.

16. Complaints

If you’re unhappy with how we handle your data, please contact us first. If we can’t resolve your concern, you can contact the Information Commissioner’s Office (ICO): https://www.ico.org.uk

17. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on our website.