Privacy policy

West Surrey Badger Group

Privacy Policy and Data Protection Procedures

Last updated: March 2026

1. Who we are

West Surrey Badger Group is a UK-based wildlife charity dedicated to the protection and conservation of badgers and their habitats.

Registered address: 11 Lime Grove, Woking, Surrey, GU22 9PW
Email: wsbg@wsbg.co.uk

For the purposes of data protection law, West Surrey Badger Group is the data controller.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Policy Statement

West Surrey Badger Group is committed to protecting personal data and handling it responsibly. We will collect, store, use, amend, share, destroy and delete personal data only in ways that protect individuals’ privacy and comply with UK GDPR and other relevant legislation.

We will:

  • Collect and use only the minimum personal data necessary for explicit purposes.
  • Ensure data is adequate, relevant, and limited to what is required.
  • Keep data accurate and up to date.
  • Retain data only for as long as necessary for the purpose for which it was collected.
  • Store personal data securely.
  • Keep clear records of why we collect and hold specific data.
  • Not share personal data with third parties without explicit consent unless legally required.
  • Provide individuals with details of the data we hold about them upon request.
  • Delete personal data when requested, unless we are required to retain it for legal reasons.
  • Maintain appropriate data protection procedures for committee members and volunteers.

In the event of a data breach, we will take immediate steps to recover or secure the data where possible, review our processes, and implement measures to prevent recurrence. Any serious breach that risks individuals’ rights or freedoms will be reported to the Information Commissioner’s Office (ICO) within 72 hours and, where required, to the affected individual(s).

3. What is personal data?

Personal data is information that identifies or can identify a living individual. It may be stored electronically or on paper and can include written records, images, and audio recordings.

Data protection concerns how we collect, store, use, amend, share, and delete personal data in a lawful and responsible manner.

4. Responsibility for data protection

Overall responsibility for data protection rests with the Committee, which oversees activities and ensures this policy is upheld.

All trustees, committee members, and volunteers are responsible for observing this policy and associated procedures in the course of their roles.

5. What personal data we collect

We may collect and store the following information about members, supporters, volunteers, and organisations we work with:

  • Name
  • Postal address
  • Email address
  • Telephone number
  • Membership type and renewal dates
  • Donation and payment records (where used, we do not store full card details)
  • Communication preferences
  • Records of correspondence with us
  • Individual interests in volunteering roles

We only collect personal data that is necessary for running the charity, managing memberships, supporting volunteers, responding to enquiries, sharing Gift Aid declarations with HMRC, and fulfilling our charitable objectives.

6. Lawful bases for processing

Under UK GDPR, we process personal data on one or more of the following lawful bases:

  • Contract – to administer membership or other agreed services.
  • Consent – for newsletters, mailing lists, and certain communications.
  • Legitimate interests – to operate and promote the charity effectively.
  • Legal obligation – to comply with legal and regulatory requirements (e.g. financial record-keeping).
  • Vital interests – to protect someone’s life.
  • Public task – where applicable.

Individuals may withdraw consent at any time where processing is based on consent.

7. How we use personal data

We use personal data to:

  • Manage memberships and renewals
  • Process donations and payments
  • Communicate about membership and group activities
  • Send our members newsletters, updates, and information about our work (where consent has been given)
  • Respond to enquiries and provide advice
  • Organise volunteering and training activities
  • Meet legal and regulatory obligations
  • Share details of Gift Aid declarations with HMRC

We will never sell personal data or use it for purposes unrelated to our charitable aims.

8. How we store and protect personal data

We take appropriate technical and organisational measures to protect personal data.

  • Electronic data is stored on password-protected computers and/or password-protected files.
  • If stored online (e.g. secure cloud services), we ensure providers comply with UK GDPR.
  • Paper records are kept securely, typically in locked filing cabinets. The Group aims to minimise paper storage wherever possible.
  • Access to personal data is limited to authorised trustees, committee members, or volunteers who require it for their role.

We keep secure records of consent where required.

Personal data will be retained only for as long as necessary for the purpose it was collected or to meet legal obligations. When no longer needed, data will be securely deleted. Electronic data will be permanently removed from systems, and paper records will be shredded.

9. Sharing personal data

We may share limited personal data with trusted third parties where necessary, such as:

  • Membership or email management services
  • Payment processors (who process data securely and independently)
  • Gift Aid declarations

All third parties are required to comply with data protection law.

We do not share personal data with other organisations for marketing purposes.

Personal data will not be shared without explicit consent unless legally required or necessary to protect someone’s vital interests.

10. Data Protection procedures

The following procedures support the implementation of this policy.

  • 10.1 Mailing lists
  • We maintain a mailing list of individuals who have asked to receive communications, including members.
  • Explicit consent is obtained for receiving communications where required.
  • We do not use mailing list data for purposes beyond those consented to.
  • Individuals may unsubscribe at any time.

10.2 Supporting individuals

From time to time, individuals contact the Group for advice on badger-related matters.

  • Personal data shared for advice purposes will only be used for that purpose.
  • We will obtain explicit written consent before sharing personal details with any relevant third party.
  • We maintain contact details for current and recent volunteers to coordinate activities and share volunteering opportunities.
  • If a volunteer is not a member and has not volunteered for 12 months, their contact details will be removed.
  • When contacting volunteers, we provide a privacy notice explaining why we hold their information, how it is used, how long it is retained, and their rights.
  • Volunteer contact details will only be shared with other volunteers where necessary and with explicit consent.
  • Committee members’ contact details are shared internally to allow the organisation to function effectively and meet legal obligations.
  • Committee contact details must not be shared outside the Committee or used for purposes other than Group business without explicit consent.

10.3 Volunteers

  • We maintain contact details for current and recent volunteers to coordinate activities and share volunteering opportunities.
  • If a volunteer is not a member and has not volunteered for 12 months, their contact details will be removed.
  • When contacting volunteers, we provide a privacy notice explaining why we hold their information, how it is used, how long it is retained, and their rights.
  • Volunteer contact details will only be shared with other volunteers where necessary and with explicit consent.

10.4 Committee members

  • Committee members’ contact details are shared internally to allow the organisation to function effectively and meet legal obligations.
  • Committee contact details must not be shared outside the Committee or used for purposes other than Group business without explicit consent.

11. Your rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (where applicable)
  • Object to or restrict processing
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, please contact us at wsbg@wsbg.co.uk.

12. Cookies and website use

Our website may use basic cookies to improve functionality. We do not use cookies to collect personal data without consent.

13. Policy review

This Privacy Policy and associated procedures will be reviewed every two years. The latest version will always be available on our website or upon request.