Springhead Trust Ltd Data Protection Policy
The Springhead Trust is committed to protecting the rights and privacy of its clients, members (Friends), volunteers, trustees and staff in accordance with the General Data Protection Regulations (GDPR) which apply from 25 May 2018. All those who have access to personal information will be expected to have read and comply with this policy.
The purpose of GDPR 2018 is to acknowledge and protect the rights and privacy of individuals.
This requires the Springhead Trust to inform members of the fact that we will hold their personal data in accordance with our Policy and Privacy Statements, and to receive their consent to this.
All individuals that the Springhead Trust holds data on have the right:
- To actively opt-in to email communication with the Springhead Trust
- To be informed what the data held on them is used for and who it is shared with
- To know who to contact regarding personal data held by the Springhead Trust (the nominated data controller)
- To be informed upon request of all the data held about them within 30 days.
- To know how to rectify or remove any inaccurate data
The Springhead Trust (the Privacy Statement)
Friends will be informed on the registration and renewal forms that their contact data will be held by us for the following fair, lawful and limited purposes:
- Fundraising – recording details of annual subscription payments made to The Springhead Trust
- Email – communicating with individuals, including advertising forthcoming events, administration of annual subscription payments and administration of contact details
Lawful Basis for processing personal data
The lawful basis for the Springhead Trust processing Friends’ personal data is the individuals assigned consent on the registration and renewal forms and having opted-in to email communication.
The nominated data controller is the Trust’s Executive Director.
Data Protection Principles
The nominated data controller must ensure that data held by the Springhead Trust is:
Processed for a limited purpose
Data will be shared with the Trust only for purposes of recording and reconciling annual subscription payments and Gift Aid declarations. Members will be given the opportunity to opt-in to email communications from the Trust.
Data held by the Trust will never be passed to any external organisations for any reason,
Adequate, relevant and not excessive
Data will be monitored to ensure it is sufficient and relevant purely for the purposes stated above
Accurate and up-to-date
Members and subscribers will be informed that it is their responsibility to ensure the data held by us is accurate and up-to-date. They will be regularly reminded to notify the Trust of any changes so that their records can be updated accordingly.
It is the responsibility of the nominated data controller to act upon notification of changes to data, amending them where relevant, and ensure that data no longer required is deleted or destroyed.
Not kept longer than necessary
Data will not be retained for longer than it is required and will be deleted or destroyed by the nominated data controller after five years of non-membership has elapsed.
Processed correctly – in accordance with the individual’s rights.
Appropriate technical measures will be taken to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.
- Computers used for holding members personal data will be password protected
- The database will be regularly backed-up to the Cloud to enable restoration in case ofcomputer failure or loss
- Members completed paper registration and renewal forms are filed and held by the Administrator only, and destroyed when no longer required
- Any breach of security would be investigated and reported to the ICO and to members