The Suffolk Punch Trust (SPT) is committed to ensuring that the privacy of staff, volunteers, friends of the trust and donors and anyone else whosupports the Trust is protected. The SPT is a registered charity (1100596).
This Privacy Notice explains in detail the type of personal data we may collect, how we collect it and what we do with it and why. It also explains how we will store and handle that data and keep it safe.
What do we mean by Personal Data?
By personal data we mean any information that might allow you (the Data
Subject) to be identified, e.g. your name, address, date of birth, credit card
details etc. It does not apply to information about
organisations, companies and agencies but applies to named persons, such as
individual volunteers or employees within SPT.
How do we collect personal data from you?
We currently collect personal information under the new General Data Protection Regulation. SPT will ensure that data is collected within the boundaries defined in this policy.
This applies to data that is collected in person, by completing a form or by writing to us.
When collecting data, SPT will ensure that the Data Subject:
Clearly understands why the information is needed
Understands what it will be used for and what the consequences are should the Data Subject decide not to giveconsent to processing
As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed
·Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
·Has received sufficient information on why their data is needed and how it will be used
What type of information is collected about you?
The personal information we collect about you for the purposes of fundraising, could include your name, address, email, telephone number, date of birth, I.P. address, photo and financial information such as
credit card details. You may appear in still images or video footage using Closed Circuit Television (CCTV) and publicity information about the Trust.
How we use your information
We may use your information for any of the following:
Staff: We collect personal information of employees for administrative and payroll purposes and in order to comply with employment legislation.
This could be bank details and information relating to the Disclosure and Barring Service (DBS).
Volunteers: We collect personal information of volunteers for administrative purposes. We may also holdbank details if appropriate and information relating to the DBS.
Job applicants: We collect personal information of applicants for administrative purposes and in order to comply with employment legislation.
Fundraisers: We collect personal information for administrative purposes and to ensure you are kept up to date with our products, services and events.
We may use this information if you have made a donation or if we send you communication about SPT.
General: We will process information to identify and prevent fraud and to ensure the security of our communication and informationsystems.
Website: Any data that is stored is anonymous and cannot be linked to you.
Who can access your information?
We may share data you provide with our regulators, auditors, and with relevant legal bodies.We will never provide your details to third parties unless there is a legitimate reason for doing so.
The Data Subject will be made aware in most circumstances how and with whom theirinformation will be shared.
SPT regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.
SPT will, through appropriate management, strict application of criteria and controls:
Observe fully the conditions regarding the fair collection and use of information
Meet its legal obligations to specify the purposes for which information is used
Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements
Ensure the quality of information used,
Ensure that the rights of people about whom information is held, can be fully exercised under the Act. These include:
The right to be informed that processing is being undertaken,
The right of access to one's personal information
The right to prevent processing in certain circumstances and the right to correct, rectify, block or erase information which is regarded as wrong information),
Take appropriate technical and organisational security measures to safeguard personal information,
Set out clear procedures for responding to requests for information.
Information and records relating to service users will be stored securely and will only be accessible to authorised staff and volunteers.
Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately.
Data access and accuracy
All Data Subjects have the right to access the information SPT holds about them.
SPT also takes reasonable steps ensure that this information is kept up to date and at times in the future you may be asked to review your details.
In addition, SPT will ensure that: It has a Data Controller with specific responsibility for ensuring compliance with Data Protection,
Everyone processing personal information understands that they are contractually responsible for following good data protection practice,
Everyone processing personal information is appropriately trained,
Everyone processing personal information is appropriately supervised,
Anybody wanting to make enquiries about handling personal information knows what to do,
It deals promptly and courteously with any enquiries about handling personalinformation,
It describes clearly how it handles personal information,
It will regularly review and audit the ways it hold, manage and use personal information
It regularly assesses and evaluates its methods and performance in relation to handling personal information
All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes oramendments made to the Data Protection Act 1998.
The Data Protection Policy is fully supported by the Chair of the Board of Trustees and Managers and has been agreed by the Trustees and will be reviewed and when necessary amended to ensure legal compliance.
Whenever we process data we will ensure that we always maintain your Personal Data rights and take accountof your rights. You have the right to object to processing and also access to your information if you wish by emailing email@example.com
If you have any questions about this privacy statement or our privacy and data processing in general, please contact us on 01394411327 or write to us at the following address:
The Suffolk Punch Trust