Who we are
We are the Chelmsford Beer & Cider Festivals (CBCF) Volunteer Portal. We are part of the Chelmsford and Mid-Essex (CME) Campaign for Real Ale (CAMRA) Branch.
Our website address is: https://volunteer.cbcf.info/portal/.
What personal data we collect and why we collect it
Registering for an account
In order to use the Volunteer Portal, you must register a user account which collects your first and last names, your date of birth, your email address, your contact number and a name for your Volunteer Badge. We collect this to set up your account on our system and it is needed to keep your account active.
Collection of sensitive information
- Contact telephones numbers – this is only used to get in touch with you during any festival that you have volunteered for to confirm shift times or arrange alternative times if required.
- Date of birth – we are required to keep a record of this for all volunteers as part of our alcohol license. Volunteers under the age of 18 must go through a manual verification process to confirm that parental consent is given for them to keep their data on this site.
Additionally, we may collect data relating to the device you are using to access our website such as IP address, operating system, browser type and version. This is done for security verification and protection purposes to ensure each attempt to register an account is valid.
Submitting details on forms
The Volunteer Portal is based on forms and most of the interactions on this site (such as updating information on Your Profile or signing up to volunteer at a festival) requires us to collect additional personal data:
- Emergency contact numbers – this will be used in the event you have an accident whilst volunteering at one of our festivals. In addition to the contact number, we also required the first and last name of the contact and their relation to you (to help us when dealing with an emergency).
- Dietary/Medical information – as part of our Volunteer Safeguarding, we will ask volunteers to provide information regarding any dietary requirements or medical information that we need to be aware of whilst they are volunteering at a festival.
Additionally, when filling in forms we also collect IP addresses, operating system type, browser type and version for security verification and protection purposes to ensure that no malicious attempts to leak or change data being saved to our system.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you update or submit a form, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the submission ID of the form you just submitted. It expires after 1 day.
Who we share your data with
Data from the Volunteer Portal remains on our secure database and is not shared with anyone outside of CBCF, CME or CAMRA.
How long we retain your data
For users that register on our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their own personal information at any time.
All accounts are valid for 2 years since the last activity date (which we specify as 4 festivals). If an account is not active for 2 years, we will send an email to the affected user and remind them to sign into the Volunteer Portal within 2 weeks before the account is automatically suspended and data is removed.
We take regular backups of data stored on our database – we retain these backups for a period of 30 days. If you submit a request to have your data removed, we will remove it from the live databases although your data will still be stored for a period of 30 days as per our backup policy. After 30 days this data is securely removed. We are unable to restore data removed from our system by a data removal request.
Additionally, information submitted for festivals is removed after 1 year after the end date of the festival and will be clearly indicated when submitting the form.
What rights you have over your data
If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
In addition to the form above, you can permanently remove your Volunteer Portal account by going to this page.
Where we send your data
Some data (such as volunteer shift details, your primary email address and first name) is sent to our volunteer management system (Airtables) to help us complete backend processes.
Additionally, your email, first name and last name are shared to MailChimp who process our bulk emails (Volunteer Portal announcements, Future Festival Reminders, and information regarding festivals you have volunteered for). You can unsubscribe from these at any time by following the links at the bottom of each bulk email or by going to Your Profile.
Your contact information
How we protect your data
There are several security measures we have put in place that ensure personal data on the Volunteer Portal is kept secure at all times.
- We require the use of HTTPS and TLSv1.2 on all pages of the website.
- We run daily backups of data stored on this service that are stored offsite away from the main web servers.
- We complete bi-annual security audits on the Volunteer Portal to find and fix any security vulnerabilities that may arise.
- We enforce the use of Two-Factor Authentication (2FA) for system administrators of this system and provide the option for all users to enable this on their accounts.
- We prohibit the use of compromised or weak passwords on the Volunteer Portal and prevent login attempts of accounts that become compromised.
- We run ad-hoc security patching for the Volunteer Portal, ensuring that any updates go through a staging environment before going to the live environment.
- We use TLSv1.2 connections between our web server, database server, external links to third party systems and email communications.
Industry regulatory disclosure requirements
We are registered with the Information Commissioner’s Officer with registration number ZA478683.