Information we hold We hold two types of information:
organisational information – publicly available information about organisations and some confidential information
personal information – information about individuals such as names, addresses, …
We will not hold information about individuals without their knowledge and consent. It is a legal requirement that people know what we are doing with their information and who it will be shared with.
We will only hold information for specific purposes. We will inform data subjects what those purposes are. We will also inform them if those purposes change.
If we buy in a mailing list we cannot use it for any other purpose than the original Data Controller specified – we must check original use.
Access to Information
We will seek to maintain accurate information by creating ways in which data subjects can update the information held.
Information about Data Subjects will not be disclosed to other organisations or to individuals who are not members of our organisation, staff or trustees except in circumstances where this is a legal requirement, where there is explicit or implied consent or where information is publicly available elsewhere.
Data Subjects have the option not to receive marketing mailings from us or other organisations.
Data Subjects will be entitled to have access to information held about them by us and for what purpose within 40 days or submitting a request.
Subject to any rules of the organisation awarding the funding, information will not be retained once no longer required for its stated purpose, we will not keep more than a project requires or surplus information ‘just in case’. We will establish retention periods and a process to delete personal information when no longer required.
At the beginning of any new project or type of activity the member of staff managing it will consult the Data Controller about any data protection implications.
Data Security
We have procedures for ensuring the security of all electronic personal data. Paper records containing confidential personnel data are disposed of in a secure way. Project documents and staff records are all kept in a locked filing cabinet, IT equipment containing personal information is kept in a looked room or cupboard when not in use.
We will make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.