UN-GL GDPR Statement

UNA-GL CIC PRIVACY & DATA PROTECTION POLICY

UNA-GL Community Interest Company, Number 14106558 
Reg. Address: Shepherds Cottage, Main Street, Bigby. UK DN38 6EW

1. Overview

UNA-GL Community Interest Company keeps certain information about Trustees and Ambassadors, Volunteers and Supporters  in order to manage communications effectively.  To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. The following policy sets out how this will be achieved.

2. Definitions

Personal data is information about identifiable, living individuals held on computer or in manual filing systems. The Data Controllers are UNA-GL Chair, Secretary and Treasurer and they are ultimately responsible for the policy’s implementation. The Data Protection Officer is a nominated director of UNA-GL responsible for reviewing and enforcing the Data Protection Policy.

3. The Policy

In keeping information about its Trustees and Ambassadors, Contacts and Volunteers of all ages, UNA-GL will follow the six Data Protection Principles set out in the General Data Protection Regulation (GDPR) effective from 25 May 2018, which are summarised below:
• Process data fairly and lawfully and transparently
• Purpose limitation: Collect data only for a specified, explicit and legitimate purpose
• Data minimisation: Collect and store data only to the extent which is adequate, relevant and not excessive.
• Accuracy: Ensure data is accurate and up to date
• Storage: Not keep the data for longer than is necessary.
• Integrity, confidentiality and security:  Technical and organisational measures against unauthorised or unlawful processing, and against accidental loss, destruction, or damage UNA-GL Trustees and Ambassadors, consultants and volunteers who process or use any personal information in the course of their duties will ensure that these principles and the following procedures are followed at all times.

Guidance notes to aid with adherence to the six principles above have been included in Appendix 1.

When UNA-GL has cause to obtain personal data (such as names, addresses, phone numbers, email addresses) from volunteers, interested organisations and contacts, this data will be obtained, stored and processed solely to assist Trustees and Ambassadors, consultants and volunteers in the efficient running of the UNA-GL projects.

When personal data is requested from a new volunteer or contact they will be given an explanation of how their personal data will be used. Written consent will be required to collect and store this data.

When a contact is made via a third party, contact will be made with the potential service user or volunteer to obtain written permission to store and process their personal data.

A contact’s or volunteer’s personal data will not be passed on to anyone outside UNA-GL without explicit consent from them unless there is a legal duty of disclosure under other legislation, in which case UNA-GL Trustees  will be consulted.

Only UNA-GL , Trustees and Ambassadors, volunteers and professional advisors will normally have access to volunteers’ or contacts’ personal data.

All  Trustees and Ambassadors, volunteers and professional advisors will be made aware of UNA-GL Data Protection Policy and their obligation not to disclose personal data to anyone who is not authorised to have it. (Professional advisors, for the purposes of the points above are: book keeper, accounts examiner, lawyers, volunteer agencies)

Volunteers and contacts will be supplied with a copy of any of their personal data held by UNA-GL if a request is made.

4. Accuracy and Longevity

UNA-GL Trustees and Ambassadors, and volunteers will take reasonable steps to keep personal data up to date and accurate and make corrections in a timely fashion. Personal data will be stored for as long as the volunteer volunteers with us, or the service user uses our services.

Where a volunteer / contact ceases to use our services and it is not deemed appropriate to keep their records, their records will be destroyed.

 If a request is received from an individual to destroy their records, UNA-GL will remove their details from its database and request that all Trustees and Ambassadors holding paper or electronic details of that individual destroys them.

This work will be carried out by the Data Protection Officer.

 It is the responsibility of all UNA-GL Trustees and Ambassadors to inform the Data Protection Officer if such a request is received.

This procedure also applies if UNA-GL is informed that an organisation ceases to exist.

5. Storage

Personal data are kept on a password-protected computer system and/or password-protected cloud storage system.

6. Personal Data Relating to Trustees and Ambassadors, Volunteers

UNA-GL obtains personal data (names, addresses, phone numbers, email addresses), application forms, references and in some cases other documents from Trustees and Ambassadors and Volunteers.

This data is stored and processed for the following purposes:
• validating the suitability of a Volunteer in all capacities
• to keep track of availability and other necessary details with respect to volunteering opportunities

APPENDIX 1 – GUIDANCE NOTES

This outlines the practical ways we are adhering to the six principles of GDPR (effective from 25 May 2018).

1. Process data fairly and lawfully and transparently

We will let all new and existing Trustees and Ambassadors, Volunteers, and official contacts know what data we hold about them and why it is being held and collect their written permission to hold this data for the reasons outlined in the policy. (The privacy statement used for the above is in Appendix 2 )

2. Collect data only for a specified, explicit and legitimate purpose The purposes for collecting personal data are:

• to inform interested organisations and individuals about our projects.
• to inform supporters of our activities and outcomes from their donations and support.

 We will only collect data for the reasons given above and will not use those details for activities that fall outside those of UNA-GL.

3. Collect and store data only to the extent which is adequate, relevant and not excessive.

The information we collect are names, addresses, telephone numbers and email addresses. The addresses and telephone numbers will be passed to our volunteers if necessary to support involvement in our projects.

4. Ensure data is accurate and up to date

We will review the data held annually. We will delete data from our computer records or burn or shred any paper copies of data held on:

  • anyone who, for whatever reason, informs us that they do not wish to be informed of, or take part in our projects.
    • anyone who has moved away from the area
    • anyone who has died

5. Not keep the data for longer than is necessary

We will adhere to number 4 above 6. Technical and organisational measures against unauthorised or unlawful processing, and against accidental loss, destruction, or damage Computer data records are held on password protected computers. The excel file that contains the contact details of all our clients and volunteers is also password protected and is only accessible by UNA-GL Trustees. The UNA-GL files are stored on a password protected account only accessible by UNA-GL Trustees.

If our computer systems are compromised in any way, the data protection officer will be informed and all the people whose data has been compromised will be informed.

APPENDIX 2 -PRIVACY STATEMENT WORDING

UNA-GL Privacy Statement In accordance with the new General Data Protection Regulation (GDPR) which comes in to force on 25 May 2018, UNA-GL is required to seek permission to store any personal data held about you and to allow us to contact you in the future.

What data we hold:

Personal data that UNA-GL holds are names, addresses, telephone numbers and email addresses
We also use photographs which to promote UNA-GL projects both in print and on our website.

Why we hold personal data

We hold this information in order for UNA-GL to run its projects and activity effectively and efficiently.

How it is stored

Computer data records are held on password protected computers. The file that contains the contact details of all our contacts and volunteers is also password protected and is only accessible by UNA-GL Trustees. The UNA-GL files are stored on a password protected files and cloud storage account only accessible by Trustees.

What we will NOT do with your data

Your data will not be passed onto to any third party without your permission. Your data will not be used for any purpose other than for the effective running of UNA-GL or if it is required by emergency services.

Privacy Policy

The UNA-GL Privacy and Data Protection Policy can be accessed via our website or a hard copy can be obtained from any UNA-GL  Secretary.

You can request to see the personal data we hold about you at any time. We will regularly review the data we hold and update it accordingly and also remove your data from our records if requested.

UNA-GL is not required to pay a fee to the Information Commissioners Office

Review Date March 2025