Introduction
The Privacy Policy ensures Friends of Charity International complies with Data Protection Law, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018. These set out the framework for how the UK processes personal data, both written and computerized information, and the individual’s right to see such records. The regulations cover records relating to all personal data, including staff, volunteers, beneficiaries, suppliers and supporters.
The Information Commissioner’s Office (ICO) is responsible for regulating and enforcing the Acts. The ICO is an independent authority which has legal powers to ensure organisations comply with the Acts. Friends of Charity International has a duty to comply with the requirements of the Acts as it “collects, stores and processes” data about individuals when undertaking its operations. The Trustees will endeavour to ensure data is managed within the requirements of the Acts and will minimise access etc. to any Personal Data to a minimum, by Trustees/Volunteers, within its work. The following policy is not a definitive statement on the UK GDPR but seeks to interpret relevant regulations and guidance where they affect Friends of Charity International.
The Trustees have overall responsibility for data protection within Friends of Charity International and will ensure one nominated Data Controller. Each Friends of Charity International representative who processes personal information and data is a Data Processor acting on the Data Controller’s behalf and also has a legal obligation to adhere to the Regulations.
Definitions
Data Subject
A data subject is an identifiable individual person about whom the Charity holds personal data.
Contact Information
For the purposes of this Policy, “Contact Information” means any or all of the person’s: full name (including any preferences about how they like to be called); full postal address; telephone and/or mobile number(s); e-mail address(es); social media IDs/UserNames (eg: Facebook, Skype, Hangouts, WhatsApp)
Policy Statement
Friends of Charity International is committed to meeting its obligations and ensuring compliance with the DPA 2018 and the UK GDPR. Friends of Charity International will:
- respect the rights of each individual
- be open and transparent about the Personal Data it holds
- strive to observe the law in all collection and processing of subject data
- meet any subject access request in compliance with the law
- provide training and support to Friends of Charity International representatives who handle Personal Data in the course of their duties
- maintain an up-to-date ICO registration (which requires changes to the registration within 28 days of any adjustments)
- inform the ICO of breaches of the Acts (where required)
- include Data Protection guidance for all trustees and employees and volunteers
Friends of Charity International will only use data in ways relevant to carrying out its legitimate purposes and functions as a charity in a way that is not prejudicial to the interests of individuals. Friends of Charity International will take due care in the collection and storage of any sensitive data. Friends of Charity International representatives will do their utmost to keep all data accurate, timely and secure.
Friends of Charity International representatives will not disclose data except where there is subject consent or legal requirement. Data sent to outside agencies will always be protected by a written contract. All collection and processing will be done in good faith. Paper records will be destroyed when no longer required.
Principles of Date Protection
The Charity will ensure that all personal data that it holds will be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary; accurate and kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Lawful Processing
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting info@friendsofcharityintl.org
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest
Collection of Information
Friends of Charity International may collect information about individuals whenever they interact with the charity, for example when individuals:
- contact us by email, online contact form, phone, SMS, social media or post
- apply to volunteer or work as an employee
- sign up to receive our newsletter
- fundraise on our behalf
- when individuals provide information directly, for example by providing details when they request information, enquire about our activities, make a donation, visit our website, or attend one of our events.
- when individuals provide information indirectly, for example when using other fundraising sites and provide their consent to be contacted by Friends of Charity International.
- post content to our social media sites or connect with Friends of Charity International on social media and messaging services, for example, Facebook, Instagram and Twitter. Depending on individuals’ settings or the privacy policies, individuals may provide permission to access information from the accounts or services.
- when individuals use Friends of Charity International websites and information about the visit is recorded and stored (e.g. Google Analytics for website statistics tracking)
- when information about individuals is available from other public sources, Friends of Charity International may collect personal details from the public domain, such as from company websites and news sites, to provide background information about an individual for Friends of Charity International in preparation for a meeting/event. This information will only be used for this purpose and not stored after the meeting/event unless consent has been provided by the individual.
Each information collection system will make individuals aware of this policy and include a statement to ensure they are aware of their right to ask not to be contacted for marketing and fundraising purposes.
Individual Data Protection Rights
The UK GDPR provides the following rights for individuals over their personal information and how we use it:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If an individual would like to exercise any of these rights, they should contact Friends of Charity International by emailing info@aqmstech
Any visitors to Friends of Charity International websites who do not want their data used by Google Analytics can install the Google Analytics opt-out browser add-on.
A data subject (individual) or approved agent may make a request to have a copy of all information held on them by an organisation. On receipt of a Subject Access Request, it will be passed immediately to the nominated Data Controller. The Data Controller will then check the validity of the subject access request for authenticity and once authenticated, will gather a response which will be sent to the subject.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at info@friendsofcharity.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk