Privacy Notice
This Privacy Notice is provided to you by the London Shogyoji Trust which is the data
controller for your personal data.
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be
identified from that data (for example, a name, photographs, videos, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (GDPR) and other legislation relating to personal data and rights such as the Data Protection Act 1998.
The London Shogyoji Trust collects and uses information about people with whom it communicates.
This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the GDPR.
The London Shogyoji Trust regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain the confidence of those with whom it deals.
To this end the London Shogyoji Trust fully endorses and adheres to the Principles of Data Protection, as set out in the GDPR.
Why do we use your personal data?
We use your personal data (name, phone number, email address, postal address) for the following purposes: –
- To enable us to provide a voluntary service for the benefit of the public;
- To administer membership records;
- To fundraise and promote the interests of the charity;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid applications);
- To inform you of news, events, activities and services running at Three Wheels.
Principles
GDPR regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
Data users must comply with the data protection principles of good practice which underpin GDPR. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
Your rights and your personal data
You have the following rights with respect to your personal data. When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
The right to access personal data we hold on you
At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within 30 calendar days. There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
The right to correct and update the personal data we hold on you
If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
The right to have your personal data erased
If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
When we receive your request we will confirm whether the personal data has been erased or the reason why it cannot be erased (for example, because we need it to comply with a legal obligation).
The right to request the restriction of your personal data for certain purposes only
You have the right to request that we restrict the processing your personal data. Upon receiving the request we will contact you and let you know within 30 calendar days if we are able to comply or if we have a legal obligation to continue to process your data.
The right to data portability
You have the right to receive personal data you have provided to us in a structured, commonly used and machine readable format. You also have the right to request that we transfer your personal data to another controller. We will comply with your request, where it is feasible to do so, within 30 calendar days of receiving your request.
The right to withdraw your consent at any time to the processing of your personal data by us
You can withdraw your consent to our processing your personal data by writing to us by email or by post (see our contact details below). Upon receiving the request we will contact you within 30 calendar days and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
The right to lodge a complaint with the Information Commissioner’s Office
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Data Protection Policy Statement
The London Shogyoji Trust as a body is a DATA CONTROLLER under the Act, and is responsible for the implementation of this policy.
The following procedures have been adopted to ensure that the London Shogyoji Trust meets its responsibilities in terms of Data Protection.
Purpose
The purpose of this policy is to ensure that the staff and volunteers of the London Shogyoji Trust are clear about the purpose and principles of Data Protection and to ensure that the guidelines and procedure set out in the our Privacy Notice and Data Protection Policy are consistently followed.
Data Processing Obligations
The London Shogyoji Trust complies with its obligations and responsibilities under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Consent
Written consent is not requested from an individual when that individual has freely and personally provided the data to us and we will keep a record of this fact.
Personal data will not be passed on to anyone outside the London Shogyoji Trust without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation.
Access
Only staff and volunteers involved in the running of the London Shogyoji Trust will have access to personal data.
All such staff and volunteers are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.
Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the running of the London Shogyoji Trust.
Information will not be passed on to anyone outside the London Shogyoji Trust without their explicit consent unless legislation demands it.
Individuals will be supplied with a copy of any of their personal data held by the London Shogyoji Trust if a request is made.
All confidential post must be opened by the addressee only.
Accuracy and Storage
The London Shogyoji Trust will take reasonable steps to keep personal data up to date and accurate.
Personal data will be stored for as long as the individual consents to remain on our database. Unless we are specifically asked by an individual to destroy their details, we will normally keep them on file for future reference.
If a request is received from a member to destroy their records, we will remove their details from the database and request that all personnel holding paper or electronic details for the member destroy them.
This procedure also applies if the London Shogyoji Trust is informed that a member has passed away.
Personal data is securely stored whether in paper or electronic form and can only be accessed by responsible staff and members of the London Shogyoji Trust.
Responsibilities of staff and volunteers
During the course of their duties with the London Shogyoji Trust, staff and volunteer members will be dealing with information such as names/addresses/phone numbers/e-mail addresses of contactees and interested individuals. They may be told or overhear sensitive information while working for London Shogyoji Trust. The GDPR gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
If you have any questions about the content of this Notice and Policy please contact us in writing by email or post. Our address is as follows:
The London Shogyoji Trust
Three Wheels
55 Carbery Avenue,
Acton,
London,
W3 9AB
Download this Privacy Notice & Data Protection Policy Statement PDF file 84Kb.