Privacy Statement

(How we use CVA members’ personal information)


The categories of CVA members’ personal information that we collect, hold and share include:

  • Information of employees and volunteers of a member organisation (such as name, surname, job title, work email address, work telephone number)
  • Information of active citizens/residents (such as name, surname, email address, telephone number)
  • Attendance information on individual members (such as one to one sessions attended, name of training and events attended)

Why we collect and use this information:

We use our members’ data:

  • To send to our members CVA regular newsletter, training and events information and local updates
  • To provide appropriate capacity building support to our members
  • To monitor and report to our funders and commissioners
  • To assess the quality of our services
  • To comply with the law regarding data sharing

The lawful basis on which we use this information

We collect and use members’ information under Legitimate interest of the General Data Protection Regulation (Article 6, Article 9 - 2d - GDPR):

  1. CVA is a membership organisation, set up to support local voluntary sector groups, social enterprises and active members of the community in Croydon, as clearly stated in our Constitution, and is therefore in our legitimate interest to hold personal information to pursue our charitable objectives.
  2. CVA collects information on individuals working or volunteering for local community groups/social enterprises and community activists to be able to deliver its services to them. We would not be able to deliver such provision otherwise. CVA also collects personal details of local residents who want to volunteer to be able to search for appropriate volunteering opportunities for them and all the information we ask is necessary to deliver such service.
  3. We will only contact members for the provision of our services and, as a membership organisation, groups and residents coming to us do so in order to access a specific provision; we believe therefore that, in most cases, we will have a legitimate interest in processing their information and are not intruding unfairly on them or using their data in a way that our members might object to.

Storing members’ data

We hold members’ data for as long as it is required to carry out our services unless we receive a specific request to remove someone’ details from the database.

  • Members' data is stored on our password protected VC Connect database (U.K. based) and only accessible by staff and volunteers with the appropriate level of authorisation, which is reviewed regularly. You can unsubscribe from our database at any time by replying to any e-mail we send you and asking for the details of your organisation or those relating to yourself, to be removed. 
  • We use Voice to build and host our website Voice and the sites hosted on it use cookies. We do not use these to personally identify you, store any personal information nor to track your individual use of the site. For more details about how and why Voice use cookies  Our website contains links to other websites. This privacy notice only applies to this website so when you link to other websites you should read their privacy policies.
  • When someone visits our website at we use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do collect personally identifiable information through our website, this is with your consent and we will make it clear when we collect personal information what we intend to do with it.
  • If you are receiving our CVA newsletter, please note we use Mailchimp, a U.S. based online platform. See for more information on how they adhere to the GDPR and their use of cookies. Via Mailchimp, we gather statistics around email opening to help us monitor and improve our e-newsletter. You can unsubscribe from our news at any time by clicking unsubscribe at the bottom of a news email or by getting in touch with us.
  • We store pictures from events and training days on Flickr, owned by U.S. company SmugMug. Permission to take photos is asked and information on how images are used given at each event by the speaker and through posters.
  • We advertise our events and take bookings from members on EventBrite, a U.S. based event management and ticketing website. See how EventBrite complies with GDPR at 

Who we share members’ information with and why 

We can be asked to share members’ information (name, surname, organisation's details, email address, telephone number with:

Funders and commissioners for relevant monitoring purposes, if the organisation took part into specific funded projects. This data sharing underpins CVA funding and monitoring

  • A range of stakeholders (such as Local Authority, Public Heath, other voluntary sector groups) for the benefit of partnership work / sharing best practice
  • With the general public when details of your organisation/group/service is on our website
  • Please note that there may be legal situations where we would have to share information with statutory bodies – e.g. to a lawyer, the police, Ofsted, HMRC, Home Office, etc.

Requesting access to your personal data

Under data protection legislation, members of the public have the right to request access to information about them that we hold. To make a request for your personal information contact

You also have the right to:

  • Object to processing of personal data that is likely to cause, or is causing, damage or distress
  • Prevent processing for the purpose of direct marketing
  • Object to decisions being taken by automated means
  • In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed;
  • Claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at


If you would like to discuss anything in this privacy notice, please contact

Updated September 2022