Introduction: Be Kind Give Time is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our responsibilities and practices for ensuring compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

 

Scope: This policy applies to all trustees, employees, volunteers, and contractors of Be Kind Give Time who have access to personal data processed by the charity.

 

Principles of Data Protection Be Kind Give Time adheres to the following principles when processing personal data:

 

1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.

2. Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3. Data Minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date.

5. Storage Limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

 

Rights of Data Subjects Individuals whose personal data is processed by Be Kind Give Time have the following rights:

 

• The right to be informed

• The right of access

• The right to rectification

• The right to erasure

• The right to restrict processing

• The right to data portability

• The right to object

• Rights in relation to automated decision-making and profiling

 

Data Protection Measures To ensure compliance with our data protection obligations, Be Kind Give Time will:

 

• Implement and maintain robust information security measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

• Ensure that personal data is only shared with third parties where necessary, and under conditions that protect the data.

• Provide data protection training to all staff and volunteers who handle personal data.

• Establish procedures for responding to data subjects’ requests to exercise their rights under GDPR and the Data Protection Act 2018.

• Conduct regular audits and assessments to ensure compliance with this policy and identify any areas for improvement.

 

Data Breach Response: In the case of a personal data breach, Be Kind Give Time will promptly assess the risk to individuals’ rights and freedoms and report the breach to the appropriate supervisory authority and, where necessary, the affected individuals, in accordance with GDPR requirements.

 

Policy Review and Updates: This policy will be reviewed annually and updated as necessary to reflect changes in our operations, legal requirements, and best practices in data protection.

 

Contact Information: For questions regarding this policy or data protection practices, please contact our Data Protection Officer at:

 

Email: zoe@starbuckassociates.com

Address: 3 Ousemere Close, Billingborough, Sleaford, Lincolnshire, NG340HY

 

This policy has been approved by the Board of Trustees on 5th March 2024 and is effective immediately.