BCT Privacy Notice
Last updated: 06 August 2019
We will process the personal information you provide for our legitimate charitable interests and to enhance the experience of our volunteers. This includes contacting you about Belhelvie Community Trust news, events and any relevant volunteering opportunities.
In brief
· We respect your personal data and store it securely.
· We will never sell your personal data.
· We will remove or update your data if you ask us to.
· We may send you content we think is relevant or interesting to you but you can unsubscribe or change your contact preferences at anytime.
· We may use your data to contact you about information you request or to allow you to access our services.
Full version
What is the purpose of this document?
The Belhelvie Community Trust collects and processes personal information about you during and after your relationship with us in order to manage that relationship. We are committed to being transparent about how we collect and use your data to meet our obligations under the General Data Protection Regulation (GDPR).
What personal information do we collect and how is it used?
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
|
Data we collect |
What we use it for |
|
Names, addresses, telephone numbers, email addresses |
To contact you to discuss volunteering opportunities or to keep you updated on our services or activities and events; |
|
Information gathered from business and social media sources in the public domain, eg LinkedIn, Facebook |
To build a picture of your skills, experience and interests in order to assess your suitability for volunteering projects |
|
PVG Check |
To assess your suitability for volunteering with us, and for being utilised on specific projects |
|
Information on special requirements, health or medical conditions |
To assess your suitability for volunteering with us, and for being utilised on specific projects; to carry out our legal duties (eg to ensure health and safety) |
|
Information related to project monitoring such as hours spent on a project |
To assess your suitability for being utilised on specific projects; to use such data for statistical analysis and reporting |
|
Information related to availability and the reasons for periods of unavailability |
To assess your suitability for volunteering with us, and for being utilised on specific projects |
|
IP Addresses |
As an extra cyber security measure, we may log the IP address of the computer used to email us a contact form as part of our registration process. This type of data does not normally identify an individual in the UK. |
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. If you fail to provide certain information when requested, we may not be able to register you, or we may be prevented from meeting our legal obligations (such as to ensure your health and safety).
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How is your personal information collected?
We collect information through our member and/or volunteer registration processes, either directly from you or the references you may be asked to provide. We may sometimes collect additional information from third parties including business and social media searches such as LinkedIn. We may collect personal information in the course of member or volunteering activities throughout the period of you are a member or volunteer with us.
How we use particularly sensitive personal information
We do not need your consent if we use special categories of your personal information to carry out our legal obligations. In limited circumstances we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Automated Decision Making
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Who has access to your data?
Your information may be shared internally, including with trustees, staff members responsible for managing and administering projects, HR, health and safety, insurances, events and marketing activities.
We may have to share your data with third parties, including third-party service providers, for example in connection with supporting our CRM system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to an individual.
We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data Security
The Belhelvie Community Trust takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data Retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods, archiving and destruction policies for different aspects of your personal information are available in our retention policy which is available from the person responsible for data protection.
Your legal rights
As a data subject, you have a number of rights, details of which can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent at any time. Once confirmed, we will no longer process your information for the purpose you originally agreed to, unless we have another legitimate basis for doing so in law.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner (ICO).
Accessing your data
You will not have to pay a fee to access your personal information. However, if we think that your request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request.
We may need to confirm your identity or ensure your right to exercise your legal rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Queries and Further Information
The Belhelvie Community Trust (Charity number: SCO45563) based at 28 Whitehorse Terrace, Balmedie, Aberdeenshire, AB23 8XF is the Data Controller.
For any queries, please contact the Data Protection Officer via email info@belhelviecommunitytrust.org.uk