ABCD Bethlehem Data Protection Policy
ABCD Bethlehem (ABCD) is a registered charity number 1097623, company number 04383155 and is committed to protecting the privacy of all the personal information or data provided by those that support us.
Personal information and data is described as "any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”. This policy explains how we collect, use and store the personal information provided to us.
ABCD commits to abide by the Data Protection Act 1998 (DPA) and the General Data Protection Regulation 2017 (GDPR) in all areas of its operation. This policy applies to everyone who works on its behalf and they are expected to work within the legislation. This policy sets out in detail the procedures in place to ensure that personal data relating to our supporters is treated in the appropriate way.
ABCD acknowledges that individuals have the right to expect that appropriate and reasonable safeguards will be operated by ABCD and any third parties engaged to protect the confidentiality, integrity and security of their personal and sensitive personal data. Where third parties process data on our behalf we will ensure that the third party also operates in accordance with the DPA and the GDPR.
The DPA and the GDPR require that organisations process personal data in accordance with the eight Data Protection Principles and ABCD has adopted those principles, which are:
- Fair and lawful
- Specific to purpose
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept for no longer than necessary
- Processed in accordance with data subjects rights
- Kept secure
- Not transferred overseas without suitable safeguards
ABCD will never share or sell your data to other third party organisations for their own marketing purposes. We may share your details with third parties when required to by law (For example: government bodies for the purposes of the prevention and detection of crime, when provided with the appropriate request in writing). Where we believe that offensive or inappropriate content on any ABCD Bethlehem service is in breach of the laws of England, Wales, or Scotland, we may use your personal information to contact the relevant third parties, such as employer, internet provider, or law enforcement agencies.
We may allow our employees, consultants and/or external providers acting on our behalf to access and use your information for the purposes for which you have provided them (for example: deliver mailings or orders, online analytics, processing payments). We ensure that they are only provided with the relevant data, and that the information is treated with the same level of care we would do so ourselves.
Our website has links to websites owned and operated by third parties. These third parties have their own privacy policies, and will control the information you provide them with in accordance with these. We cannot accept any responsibility or liability for the privacy practices of such third parties. The use of such websites is done so at your own risk.
ABCD has adopted this policy. The core requirements relate to the collection, storage, processing, records, confidentiality, security, incident management, retention and deletion, management, availability, integrity, and secure disposal of our donors and commercial agents personal and sensitive data.
We will only collect and process personal and sensitive data that has been obtained fairly and lawfully and for a specific set of purposes connected with the charity’s activities or where we have a legitimate purpose under law to do so. Data will be adequate and relevant and only used for the purposes collected. It will be maintained, kept accurate, and not retained for any longer than is necessary. Before collecting any information we will consider:
- What details are necessary for our purposes
- How long we are likely to need this information
- What the information will be used for
When contacting ABCD Bethlehem by phone, email, letter or through social media, making a donation or engaging in any of our activities, we may receive and retain personal information about you. These may include your name, postal address, email address, telephone number, mobile number, bank account details for the purpose of processing donations, and whether or not you are a tax payer so we can claim Gift Aid.
ABCD Bethlehem may use your personal information for a number of reasons. These include:
- Correspondence regarding the work of ABCD Bethlehem
- Administration purposes – you may be contacted with regards to donations you have made or to provide you with any information about our activities you have agreed to receive
- For internal record keeping
- To use IP addresses (identifies the location of a user) to block a user following disruptive behaviour, or collate information on the number of online visitors from different countries. Collecting data on the latter does not disclose the personal details of the user, but gives a broad idea of users so we can adapt our services to suit our users.
We will only contact you via the forms that you have indicated you are happy to be contacted through. If you would like to change your preferences, or cease to be contacted by ABCD Bethlehem, please see the appropriate procedures below.
We will take steps to ensure that all personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
Use of lockable cabinets
Password protection on personal systems
Regular secure data back up
Password protected attachments for sensitive personal information sent by email or stored on computers/laptops/phones
Full measures to ensure laptops taken out of the office or used by home based staff are always secured
We will ensure that anyone whose personal information we process has the right to know:
- What information we hold and process on them
- How to gain access to this information
- How to keep up to date
- What we are doing to comply with the regulations
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block, or erase information regarded as wrong or if consent is withdrawn.
- The following information will be required before access is granted:
- Full name and contact details of the person making the request
- Their relationship with ABCD
- Any other relevant information e.g. timescales
- We may also require proof of identity before access is granted
Queries about handling personal information will be dealt with swiftly and politely. ABCD aim to comply with all requests for access to personal information as soon as possible, but will ensure they are provided within the 30 days required by the DPA and the GDPR.
For further current information see https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Version 1 : April 2018 Review date : annually