top of page

Privacy Policy

Who are we?

Henry Wood Hall Limited (hereafter referred to as ‘HWH’) is a company limited by guarantee under the Companies Act 2006 with registration number 01214781 and a Registered Charity with registration number 270689. We are also registered as a data controller with the Information Commissioners Office, and our registration number is ZB096059. Any electronic communications will be made in accordance with the Privacy and Electronic Communications Regulations (PECR). Our registered office is Henry Wood Hall, Trinity Church Square, London, SE1 4HU (hereafter referred to as ‘the Hall’).

How can you contact us?

HWH can be contacted through our website, by phone at 0207 403 0118, by email at bookings@hwh.co.uk or by post to the Hall.

Why do we collect Personal Data?

Collecting Personal Data helps us to develop a better understanding of everyone who engages with us including clients, players, suppliers and residents. This information allows us to work more effectively and helps us to provide a better, more tailored service.

 

We use Personal Data strictly in accordance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018, and any Personal Data provided will only be used in accordance with this privacy policy. This policy describes how and why HWH uses your Personal Data, how we protect your privacy when doing so, and your rights and choices regarding this information.

 

This Privacy Policy will be reviewed periodically by the Directors of HWH to ensure it remains compliant with the latest legislation and continues to reflect how and why we use your Personal Data. Announcements about any changes will be made via our website or, where requested, another communication method such as by post or email. 

 

This Policy was last updated on 24 June 2026.

What Personal Data do we collect?

We collect, store and use the following kinds of Personal Data we receive from you, where appropriate:

Category
Description
Identity data
Your name, title and contact details you give us (e.g. postal address, telephone number, e-mail address) and copies of Identification and Right to Work Documents if required (such as for recruitment or safeguarding checks).
Financial data
Your bank, standing order, direct debit or credit/debit card details where you provide these to make or receive a payment, taxation status for relevant payments to enable us to claim Gift Aid, dates and amounts of any financial transactions.
Contract data
Orders and booking confirmations.
Correspondence data
Copies of letters, emails, and any other correspondence which you have sent us.
Supporter data
Information relating to donations or sponsorship, attendance at events, positions such as Trusteeships at other charities, or employment, and your primary interests where relevant to the activities of HWH. Where you have made a legacy, any information about yourself and your executor(s) which you may have given us to administer this will also be stored.
Health and Access data
Any specific needs you have told us about regarding limited mobility or disability in respect of yourself or someone coming to the Hall with you, to enable us to meet your needs where possible; and for monitoring purposes where necessary e.g. for employees. If we are investigating an accident or incident which has occurred at the Hall, we will also store information relevant on your health including the nature of any injury.
Inclusivity data
Age, nationality, religion, gender, disability and ethnicity information (for recruitment and employment purposes only). Surveys may seek this information but as anonymised, aggregate data only without any identification of individuals.
Employment data
If you volunteer or apply for a job with us, information necessary to process your application (which may include information such as employment status, previous experience, as well as any unspent criminal convictions or pending court cases you may have). If you have worked for us in the past we will retain records relating to your employment including payslips, contact details and details of any disciplinary proceedings or any accidents or incidents at the Hall.
Visual and Audio data
Your image and likeness as captured on our CCTV cameras and in photographs, video and audio recordings if you participate in an event at the Hall, or where such photos and videos and submitted by you. We may also record telephone or video conference calls, in which case you will be informed prior to the recording.
Marketing data
Your preferences in receiving marketing from us and your communication preferences, and any engagement with any marketing campaigns.
Meeting data
If you attend a meeting with our employees or Directors we may record minutes of this meeting including a record of any decisions.
Feedback data
Information related to any complaints or compliments you have given.
Criminal data
Details of any criminal convictions through Disclosure Barring Service (DBS) checks may need to be taken in line with Safeguarding requirement.

Certain types of Personal Data are in a special category under data protection laws as they are considered more sensitive. In general, HWH’s area of work means this information is not required except occasionally for employees and volunteers. In cases where we do need to store this data, we would make clear why such information is needed and would ensure it is deleted once the need has passed.

 

In addition to the data you provide directly, we may collect information from publicly available sources such as Companies House, the Charity Commission and your own organisation’s website.

 

Specific provisions apply to younger people and children. We welcome engagement with younger people and children as an important opportunity to engage with the community and fulfil our charitable aim of supporting music education. In most cases we will not record any data relating to under-18s. However, if such data collection is necessary to provide our services:

  • We will take special care to respect and protect the rights of individuals in the case of those aged 13 or under; 

  • We will not use the Personal Data of children or young people for marketing purposes;

  • Personal Data about children will only be accessible by select members of our staff who have undergone relevant training and who have passed a basic DBS check.

If you are under 16, please ensure that you obtain your parent/guardian’s consent each time you provide Personal Data.

How do we use your Personal Data?

In line with UK GDPR, HWH processes your Personal Data under the following legal bases:

  • Consent: the person has clearly given consent to use their information for a specific purpose; 

  • Contract: the processing is necessary for a contract;

  • Legal obligation: the processing is necessary to comply with the law;

  • Vital interests: the processing is necessary to protect someone’s life;

  • Public task: the processing is necessary to perform a task in the public interest or for official functions and the task or function has a clear basis in law;

  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the person’s information which overrides those legitimate interests;

 

The ways in which HWH may process your Personal Data and the legal bases used are:

Processing Purpose
Examples of Activities
Legal Basis for Processing Data
Providing goods and services  
Managing and improving our services including keeping financial records; paying suppliers; invoicing or refunding customers. 
Contract, Legal Obligation, Legitimate interests
Events and other visits 
Facilitating events held at the Hall; improving the quality of our events. 
Contract, Legitimate interests
Service updates and Marketing
Circulating news or information about HWH, our services and/or opportunities to support us that we think may be of interest to you; inviting you provide feedback or to take part in research, a survey or a competition to help us better understand our client base. 
Consent, Legitimate interests
Managing Customer Accounts  
Personalising our interactions with you and providing you with information and/or offers tailored to your interests; when you provide us with information about your health or access requirements so we can need your needs.
Consent, Legitimate interests
Collecting aggregated user data 
Collecting, anonymising and aggregating information about our clients to generate statistical and demographic insights; conducting analysis and producing reports for internal use, for documents such as our Annual Report, and for stakeholders such as funders; analysing how visitors utilise the Hall and interact with our website; using feedback to improve the accessibility and useability of the Hall.
Consent, Legitimate interests
Security and fraud prevention 
Conducting audits, verifying that our processes are compliant with legal, regulatory, or contractual requirements; monitoring for and preventing fraud; maintaining system security and on-site security of our premises, on-site personnel and visitors by using CCTV to prevent and detect crime and to keep people who visit and work at the Hall safe and secure; recording and investigate health and safety and other incidents which have happened at the Hall.   
Contract, Legal obligation, Legitimate interests, Vital interests, Public task
Legal and compliance 
Fulfilling our legal and compliance-related obligations, including complying with applicable laws and industry regulations; complying with legal processes; responding to requests from regulators and other public authorities; replying to Subject Access Requests; meeting national security or law enforcement requirements; enforcing our terms and conditions and code of conduct; protecting our operations; protecting the rights, privacy or property of HWH and its employees; responding to audits; pursuing necessary legal remedies; making or defending insurance claims.
Contract, Legal obligation, Legitimate interests, Public task
Emergency and incident response  
Ensuring the safety of our premises, employees and users of the Hall; responding and documenting on-site accidents, near misses and incidents; ensuring adequate preventive measures are in place in line with our Risk Assessments; requesting assistance from emergency services; sending notifications of incidents or emergencies to employees and Directors; analysing incidents to prevent recurrence.
Contract, Legal obligation, Legitimate interests, Public task
Fundraising 
Processing donations; managing donor relationships; tailoring donor outreach and running fundraising campaigns.
Consent, Legitimate interests
Recruitment and Employment
Processing information providing by applicants for the purpose of recruitment and selection;
Consent

Each time Legitimate interest is used to process your data, a Legitimate interest assessment will be undertaken to ensure this legal basis is still valid.

Do we share your Personal Data?

We do not disclose Personal Data to any third parties or external organisations other than legitimate data processors who are carrying out work on our behalf; where sharing is vital for our business; or to comply with regulations or law. These may include:

  • Insurance companies

  • Organisations we need to share information with for safeguarding reasons

  • Professional or legal advisors

  • Financial or fraud investigation authorities

  • Relevant regulatory authorities

  • External auditors or inspectors

  • Organisations we’re legally obliged to share personal information with

  • Emergency services

  • Debt collection agencies

 

We may occasionally need to transfer your Personal Data to countries outside the EU, for instance to a bulk email distributor such as Mailchimp. We will ensure that such data processors are compliant with UK and EU data protection law and regulations, that they act only in accordance with best practice and our instructions, and that data is stored securely then promptly deleted.

 

Other than for the legal and other reasons specifically mentioned in this policy, your Personal Data will never be sold or passed to any third party for any other purpose.

How do we protect your Personal Data?

Your Personal Data is contained behind secured networks and is only accessible by a limited number of staff and Directors who have a business need to access this information, and who are required to keep the information secure and confidential and have undertaken regular data-handling training. Our policies and training aim to protect all Personal Data we store from unauthorised access, improper use or disclosure, and unauthorised modification.

 

All financial transactions are processed through secure third-party providers and are not stored or processed on our servers. Any credit card or payment information we hold is stored securely and encrypted so that only the last four digits of the long card number are identifiable.

 

In the event of a suspected data breach we will promptly notify you and any applicable regulators, including details of whether your own Personal Data was affected.

How long do we keep your Personal Data?

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it, including for our standard operations and satisfying any legal, accounting, health and safety, or reporting requirements. Where your information is no longer required, or upon your request, we will ensure it is deleted or anonymised securely and thoroughly. This applies to paper records, electronic information and biometric information. For example, we will shred paper-based records or black out sensitive information and overwrite or delete electronic files. We may also use a third party to safely dispose of records, provided the third party provides sufficient guarantees that it complies with data protection legislation. 

 

In deciding how long to retain your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

How do you access your Personal Data?

You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website, but your basic rights are:

  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with.

  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. 

  • Your right to erasure - You have the right to ask us to delete your personal information.

  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.

  • Your right to object to processing - You have the right to object to the processing of your personal data.

  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.

  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

 

If you make a request, we must respond to you within one month. If you would like to exercise any of your rights in relation to the Personal Data that we hold about you, or to make a complaint about how your data is handled, please contact our Company Secretary by email on pfw@hwh.co.uk or by post to our registered address. For security purposes, we will need to verify your identity and may need to ask for proof of your identity (such as a copy of your passport) before we comply with your request. 

 

Please note that we may need to retain certain information where we are required to do so by law, for regulatory compliance or to complete transactions or contracts that you began prior to your request. Some rights may not apply in all situations or may be subject to exemptions under the UK GDPR. If this applies, we will explain the reason we have not been able to comply when we respond to your request.

 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO:

 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

0303 123 1113
ICO Complaints Form 

bottom of page