To download this policy as a pdf file click HERE
Horsham & Shipley Community Project recognises its responsibilities under GDPR to:
- keep information securely and in the right hands;
- to hold good quality (accurate and up-to-date) information;
- only to process relevant information;
- use information in line with the rights of the individual; and
- not keep information longer than is necessary.
Horsham & Shipley Community Project uses personal data in order to:
- keep in touch with members for information purposes
- support the safety of our members while they are on site
- make interested parties aware of the activities of the Project via monthly newsletter
This policy document fulfils our GDPR obligations and the principles contained within it apply to members, associates, and anyone acting on behalf of Horsham & Shipley Community Project.
This policy applies to all the information that we collect, store and use about identifiable individuals including (but is not limited to):
- Membership forms;
- Newsletter circulation lists;
- Supplier contact details
- Press contact details
ROLES / RESPONSIBILITIES
The Trustees recognise their overall responsibility for ensuring that Horsham & Shipley Community Project complies with its legal obligations. The Data Protection Officer is Helen Gibbs, with the following responsibilities:
- briefing trustees and session leaders about their responsibilities under GDPR;
- reviewing Data Protection and related policies;
- advising on Data Protection issues;
- ensuring that Data Protection induction and training takes place if necessary;
- ensuring the organisation is appropriately registered with the Information Commissioner’s Office (ICO); and
- handling subject access requests and requests to ‘be forgotten’.
All trustees and session leaders are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their roles.
PERSONAL DATA MAPPING
The following personal data log records the analysis of data processing regularly undertaken by Horsham & Shipley Community Project. Please note there may be data processing that occurs on an occasional basis that is not recorded within this table. Our data mapping is reviewed every two years and this table is up-dated accordingly.
What type of people (categories) do we hold data about? Members and Others (including Suppliers/Gov /Press/Supporters)
What type (category) of personal data do we hold?
A. Members – the data provided by the members on the membership forms, ie
- Contact details
- Emergency contact details
- Doctor Details
- Health Details
- Date of birth
- DBS/accreditations if relevant
B. Others – Contact Details only
What do we use it for? (Purpose of processing)
A. Members
- A. General contact, newsletter
- Emergency
- Categorising (vets football)
- |Understanding qualifications in each session
B. Others – General contact, newsletter
Where is their data stored?
A. Members
Electronic – H Gibbs holds master copy in password protected computer. Back up copy held in secure Dropbox account.
Hardcopy – Held in folder by session leaders to be readily available during sessions in case of emergency. Russell Wood and Philip Gibbs have full copies
B. Others
Electronic – H Gibbs holds master copy in password protected computer. Back up copy held in secure Dropbox account.
Who do we share that data with? No one
What international organisations or third-party countries is data transferred to? None
How long do we keep the data for?
A. Members
Revised annually. If membership not renewed ICE Data destroyed, and contact data transferred to “Others” list. All data destroyed on request.
B. Others
All data destroyed on request
DATA SECURITY
Horsham & Shipley Community Project has identified the following potential key risks:
- breach of confidentiality (information being given out inappropriately);
- individuals being insufficiently informed about the use of their data;
- misuse of personal information by trustees or session leaders;
- failure to up-date records promptly;
- poor IT security; and
- direct, or indirect, inadvertent, or deliberate unauthorised access.
In order to ensure the safety of the data held, Horsham & Shipley Community Project has identified and put into place the following safeguards:
Hardcopy security
Only the necessary information is held in paper form by session leaders. This is the data which would be required in case of an emergency – emergency contact details and health details. That data is held by the session leaders in closed folders so that it is not generally visible, but is readily accessible to him/her if needed in an emergency.
Paper-based data that is no longer required is securely and properly destroyed.
This information is always stored securely, all access to personal data and sensitive personal data is restricted to those who have a legitimate requirement for access.
We will only request and store personal information that is necessary and used for a specific purpose. We do not transfer data to third parties without the express consent of the individual concerned.
The responsibility to maintain data security is included in the data protection training which session leaders are required to undertake.
Access to data is immediately withdrawn if the session leader ceases their work with the organisation.
Technical security
All electronic data is stored on a password protected computer and files containing personal data are individually password protected.
Virus protection software is regularly updated, and general software updates are completed promptly.
Personal data is never transferred using portable storage devices.
All electronic data is backed up to Dropbox with access only to the Data Controllers.
REVIEW, MONITORING AND SECURITY BREACHES
Horsham & Shipley Community Project refreshes it’s data mapping and reviews procedures for ensuring that its records remain accurate and consistent every two years and
In particular:
- Data on any individual will be held in as few places as necessary;
- Effective procedures will be in place so that the systems are updated when information about any individual changes;
Where anyone connected with Horsham & Shipley Community Project feels that it would be appropriate to disclose information in a way contrary to the confidentiality policy, or where an official disclosure request is received, this will only be done with the authorisation of the Data Protection Officer. All such disclosures will be documented.
If a breach of data security is suspected or occurs, the Data Protection Officer should be notified immediately.
Asking to see the data we hold on you (subject access requests):
Any subject access requests will be handled by the Data Protection Officer. Subject access requests must be in writing. All trustees and session leaders are required to pass on anything which might be a subject access request to the Data Protection Officer without delay. Where the individual making a subject access request is not personally known to the Data Protection Officer their identity will be verified before handing over any information.
Any request to destroy the data we hold will be handled by the Data Protection Officer and actioned once identity of the person has been verified. The data will b destroyed securely and completely.
MORE INFORMATION
Full information about GDPR, its principles and definitions can be found at www.ico.gov.uk
If you have a complaint about the manner in which we have processed your personal data, or receive a complaint from another please contact the Data Protection Officer.
CONTACT DETAILS
Email: info@HorshamShipleyCommunityProject.org
Website: www. HorshamShipleyCommunityProject.org
The designated data controller / data protection officer is Helen Gibbs
The Joint Data Controllers are Russell Wood and Philip Gibbs
Policy written by: Helen Gibbs (Trustee)
Policy approval date: May 2018
Policy review date:May 2020
Signed: __________________________________
Signed on behalf of Horsham & Shipley Community Project by Helen Gibbs
- An electronic copy of this policy can be obtained by request from info@HorshamShipleyCommunityProject.org or by visiting the organisation’s website www.HorshamShipleyCommunityProject.org
- A copy of this policy has been made available to the persons listed below:
- – Trustees;
- – Members;
- – suppliers;
- – associates; and
- – the general public.