Privacy Policy
Not Home Along. Registered charity no.1168683
Introduction
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protections for individual within the European Union (EU)
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 and sets a new standard for data privacy, security and compliance. The GDPR seeks to protect personal data by giving individuals (our Trustees, Volunteers, Guest, Helping Agencies, Guest’s Carer/Emergency Contact and Donors) more rights over how Not Home Alone (NHA) handles their data and it also places new obligations on how NHA manages individual’s data.
The Regulations cover both written and computerised information and the individual’s right to see such records.
GDPR requirements ensures personal and special category data is:
Processed fairly, lawfully and in a transparent manner.
Obtained for only one or more specified and lawful purposes.
Adequate, relevant and not excessive for the legitimate purpose it has been obtained.
Accurate and kept up to date.
Erased or rectify any errors in personal or special category data as soon as they have been notified.
Not kept for any longer than is necessary.
Protected at all times and stored securely.
Not transferred to a country outside the EU.
Considered with Data Protection in everything we do.
Consent
NHA must record trustees, volunteers, guests, donors and any other individual who is involved in a specific event explicit consent to store personal data or special categories data on file.
What is Personal Data?
As a general rule, any information that identifies a living individual or relates to an identifiable living individual is classed as personal data and is covered by GDPR. This includes but is not limited to; name, home address, personal email address, telephone numbers, photographs video or voice recording.
What is Special Category data?
Special category data is personal date that, under the GDPR, is considered more sensitive, and so needs greater protection. Examples include but are not limited to; race/ethnicity, political opinions, religious beliefs, genetic data, health data (including both physical and mental health) and sexual orientation.
Consent is not required to store information that is not classed as special category data as long as only accurate data that is necessary to facilitate a NHA event to be recorded. As a general rule, NHA will always seek consent where personal or special categories of data is to be held.
On occasions where it is not possible to obtain consent at the time data is first recorded and the case remains open, retrospective consent should be sought at the earliest appropriate opportunity.
Obtaining Consent
NHA may obtain consent in a number of ways although the consent must be recorded within the individual’s records. Although written consent is the optimum, verbal consent is the minimum requirement.
Verbal
Written
Telephone
Email
All data collected must be recorded on computerised records to safeguard confidentiality and ensure security of personal information.
Individual’s Rights
GDPR also gives individual’s a number of rights, which are to:
Be informed about how to contact HNA;
Know:
o how NHA collects personal or special category data,
o why and how we use their personal or special category data,
o whether we use their data in another country,
o how long we will keep their data for.
Access their personal data and how we will respond to that request.
Request corrections to their personal data if it is inaccurate or incomplete - this is also known as the tight to rectification.
Have their data erased and to prevent processing in specific circumstances: this is known as the right to erasure:
o when an individual withdraws consent
o where personal data was unlawfully obtained
Be forgotten
Lawful basis
The lawful basis for NHA processing personal or special categories of data is consent, which means the individual has given clear consent for NHA to process their personal data for the purpose of running a specific charitable event.
Subject Access Request (SARs)
A SAR is any request whether verbal or in writing from an individual to an organisation asking to know what personal information is held on them and what data is used. This request can come from a Trustee, Volunteer, Guest, Guest Carer, Helping Agency or Donor.
You need to be aware that, from 25 May 2018, anyone requesting personal data can request it via multiple forms; verbally, electronically and in writing.
Who is responsible for identifying Subject Access Requests?
A nominated Trustee will be responsible in their role as Data Protection Trustee for considering whether any request for potential data is to be dealt with as a SAR.
Security of Personal Information
Unlawful disclosure of personal information.
1. It is an offence to disclose personal information knowingly and recklessly to third parties.
2. We will only hold personal information for those who have given their consent to allow us to hold their information.
3. Personal or special categories of data may be shared with helping agencies on a need to know basis, if consent has been given.
4. An individual’s consent to share information should always be checked before disclosing personal information.
5. Personal or special categories of information should only be communicated within HNA trustees and volunteer team on a strictly need to know basis. Care should be taken that conversations containing personal or special categories of information may not be overheard by anyone who should not have access to such information.
Use of Files, Books and Paper Records
In order to prevent unauthorised access or accidental loss or damage to personal or special categories of information, it is important that care should be taken to protect personal data. Paper records should be stored in locked cabinets or drawers overnight. Care should be taken to ensure that personal information is not left unattended and in clear view during the working day or during an event.
At the end of any specific event, care should be taken to ensure that the correct number of documents that were held at the start of the day match those held at the end of the event.
Disposal of Scrap Paper, Printed or Photocopying overruns
Any personal or special category information on scrap paper is also considered confidential and care should be taken to ensure that this is securely disposed of.
Computers
All personal or special category information retained on computers should be restricted by password to authorised personnel if the storage of data is shared.
Cloud Storage
All electronic personal and special categories of data records retained by NHA should be stored in the specific cloud based management system.
Data Breach
If you discover or suspect that there has been a data protection breach you should report this to the Trustee who has the overall responsibility for data collection and management.
Any deliberate or reckless breach of this Data Protection Policy by a Trustee or Volunteer may result in disciplinary action and removal from any involvement with the NHA charity.