We take the protection of your personal information very seriously
Data Protection Statement
Selby Hands of Hope (SHOH) is committed to a policy of protecting the rights and privacy of individuals, participants, volunteers, staff and others in accordance with The General Data Protection Regulations (GDPR) 2018 and The Data Protection Act 2018. The policy applies to all participants and staff involved with SHOH. Any breach of GDPR 2018, The Data Protection Act 2018 or The SHOH General Data Protection Regulations Policy is considered to be an offence and, in that event, disciplinary procedures apply.
Details provided through our online contact form will only be used with the explicit purpose of contacting you in response to your message and/or query. This includes initial response and any further correspondence required with regards to your message and/or query.
We need your consent to hold and store your data and use your data for the purposes as mentioned above. We collect your information with your consent by use of our online contact form.
SHOH has one data controller: Ann Rhodes. SHOH data is held, used and manged in accordance with the SHOH General Data Protection Regulations Policy. Your data is only used by SHOH and will not be sold or given to a third party.
We review our Privacy Notice and General Data Protection Regulations Policy on a regular basis and you will be informed of any updates/changes if applicable.
In accordance with the regulations of GDPR 2018, personal data handled by SHOH will be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is protected by GDPR, brought into effect by the European Union in March 2018. It is also protected by the updated Data Protection Act 2018. Their purpose is to protect the rights and privacy of individuals and to ensure that personal data is not processed without individual’s knowledge, and done so with their consent.
This requires us to state the fact that we hold personal data and to acknowledge the right of “subject access” to this data – participants and staff have the right to copies of their own data.
Purpose of data held by SHOH
Data may be held by us for the following purposes:
1. Staff Administration
2. Funding and fundraising
3. Realising the Objectives of the Organisation
4. Accounts & Records
5. Advertising, Marketing & Public Relations
6. Information and Databank Administration
7. Journalism and Media
Data Protection Principles
In terms of GDPR 2018 and the Data Protection Act 2018, we are the ‘data controller’, and as such determine the purpose for which, and the manner in which, any personal data are, or are to be, processed. We must ensure that we have:
Fairly and lawfully processed personal data
We will always put our logo on all paperwork, stating our intentions on processing the data and state if, and to whom, we intend to give the personal data. Also provide an indication of the duration the data will be kept.
Processed for limited purpose
We will not use data for a purpose other than those agreed by data subjects (participants, staff and others). If the data held by us is requested by external organisations for any reason, this will only be passed if data subjects (participants, staff and others) agree. Also, external organisations must state the purpose of processing and agree not to copy the data for further use.
Adequate, relevant and not excessive
SHOH will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. If data given or obtained are excessive for such purpose, they will be immediately deleted or destroyed.
Accurate and up-to-date
We will provide data subjects (participants, staff and others) with a copy of their data once a year for information and updating where relevant. All amendments will be made immediately and data no longer required will be deleted or destroyed. It is the responsibility of individuals and organisations to ensure the data held by us are accurate and up-to-date. Completion of an appropriate form (provided by us) will be taken as an indication that the data contained is accurate. Individuals should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of SHOH to act upon notification of changes to data, amending them where relevant.
Not kept longer than necessary
We discourage the retention of data for longer than it is required. All personal data will be deleted or destroyed by us after one year if participation/involvement in the organisation has elapsed.
Processed in accordance with the individual’s rights
All individuals that SHOH hold data on have the right to:
Be informed upon the request of all the information held about them within 40 days.
Prevent the processing of their data for the purpose of direct marketing.
Compensation if they can show that they have been caused damage by any contravention of this policy.
The removal and correction of any inaccurate data about the individual.
Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of data.
All Organisation computers have a log in system and our Contact Database is password protected, which allow only authorized staff to access personal data.
Contact Database passwords are changed frequently.
All paper and physical copies of personal and financial data is kept in a locked filing cabinet and can only be accessed by directors and senior members of staff.
When staff members are using the laptop computers out of the office care should always be taken to ensure that personal data on screen is not visible to strangers.
Not transferred to countries outside the European Economic Area, unless the country has adequate protection for the individual.
Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual. SHOH takes particular care to be aware of this when publishing information on the Internet, which can be accessed from anywhere in the globe. This is because transfer includes placing data on a web site that can be accessed from outside the European Economic Area.
If you have any queries about any of the above, please get in touch with us.