Devised in keeping with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and the General Data Protection Legislation (2018).
We are committed to protecting the privacy of our beneficiaries & their relatives, contractors, supporters, freelance staff and service providers. This policy outlines what data we collect, where it is held, and how it is used.
If you have any questions concerning your personal data and how we look after it then please contact us at firstname.lastname@example.org
Any information relating to project beneficiaries is securely stored in the relevant file, either in paper or electronic form. Photographs and film footage may only be obtained with consent, and consent is also sought in terms of how we make subsequent use of images (this is detailed in our separate Consent Policy).
Alongside the Data Protection Act, healthcare professionals are bound by a duty of confidentiality to their beneficiaries. Confidentiality means not sharing beneficiary information outside the care relationship without consent or an overriding reason.
We do collect and hold personal data for:
We will only hold personal information for as long as reasonably necessary to carry out services and administer their relationship with us, unless we are required to hold it longer for legal or taxation reasons.
This information is held on our database, which is securely stored online. We also hold paper records of Direct Debit forms and historic Standing Orders, which are stored in a locked cupboard in our office.
We do our best to keep all the information we hold up to date. This includes monitoring returned mail. We encourage all our supporters to let us know if their contact details change.
We will never:
We only share personal information with people and organisations with the supporter’s full knowledge and consent, and only if it is necessary to carry out our organisation’s activities.
We use the information shared with us to:
We generally collect the following information from our contacts:
If we dispose of personal information it will always be done securely.
Anyone who chooses to share their information with us will be agreeing to our collection and use of their information as described in this policy.
Supporters and contacts can email email@example.com at any time to request that we stop processing their personal information.
If a supporter has set up a regular payment such as a Direct Debit, we will contact the supporter to confirm this has been set up, to thank them, and to keep them up to date with any relevant administration regarding their regular donations.
If a single donation is made, we will thank the supporter for their donation, and let them know how their contribution has helped us. The donor will not be sent further information on the charity unless they have completed a consent form opting in to further communications from us.
All contacts (including beneficiaries, volunteers, donors and supporters) are free to choose whether they would like to receive our updates, newsletters and general information. They are free to change their mind at any time and we will ensure all preferences are kept up to date.
We only contact our supporters by the means in which they have indicated in their consent form, and all communications include information on how to opt out of communications or update their preferences.
Personal information pertaining to employment or volunteer applicants will be processed as needed for the purposes of recruitment. Any identification documentation provided to us by freelance trainers and resource developers, volunteers or representatives is securely stored in the relevant file (this could be in electronic or paper format) for the duration of their involvement with us. Applicants, freelance trainers/resource developers and volunteers will not receive marketing communications or updates unless they have completed a consent form stating they would like to be contacted in this manner. Information will not be held any longer than is necessary to complete recruitment processes and administration.
The security of our contacts’ personal information is paramount to us. Our database is stored online in a secure manner. Our contact’s personal information will only be accessible to our staff, freelance trainers, certain volunteers and contractors if it is required in order for them to carry out their role and in compliance with this Privacy and Data Protection Policy. We never sell personal information, or let other organisations use it for their own purposes.
We only share personal information where:
Our contacts have the right to a copy of the information held about them. This is called a subject access request. Contacts also have the right to have incorrect information corrected and the right to opt out of further processing of their personal information for direct marketing.
Subject access requests, personal information updates, and opt-out requests should be emailed to:
Founder & Executive Director of Decibels
We review our policies and report on our compliance annually.
This policy was last updated on 22.05.2018