Hipp!!Bones Charity (the “charity”) complies with its obligations under the General Data Protection Regulation UK (GDPR) by ensuring personal data is processed lawfully and in a transparent manner; and that it is relevant and limited to what is necessary. We protect personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures are in place.
The Hipp!!Bones management committee is the data controller and is responsible for your personal data and decides how your personal data is processed and for what purposes.
1. Your personal data – what is it?
Personal data is anything that could allow a living person to be identified.
2. What personal data is collected from you and why?
Personal data in the form of name, date of birth, address, phone number/email, emergency contact details, and doctors details; along with respite carer details and young people’s learning, physical, health, communication, behaviour and/or personal care needs (if applicable) will be used for the following purposes:
- to enable us to provide a service for the
benefit of young people with special needs and disabilities within the local
area as specified in our constitution; - to administer membership records;
- to manage our employees and volunteers;
- for the safety and protection of young people and staff;
- to maintain our own accounts and records;
- to inform you of our club programme, news, events
and other activities.
3. On what lawful basis is your personal data collected and processed?
- Consent: the individual has given clear consent for you
to process their personal data for a specific purpose. Hipp!!Bones achieves this by asking individuals
to positively ‘opt in’ to processing your personal information collected on
membership forms, staff detail forms, off-site consent forms and media consent
forms. - Contract: processing is necessary for
the performance of a contract to which the data subject is party or in order to
take steps at the request of the data subject prior to entering into a contract.
Hipp!!Bones collects and processes data to fulfil contractual obligations by
obtaining references to process applications and issuing contracts of
employment for paid staff. - Legal Obligation: the processing
is necessary for you to comply with the law (not including contractual
obligations. Hipp!!Bones collects
and processes data to fulfil legal obligations, through carrying out DBS checks
on all staff and adult volunteers, providing an auto-enrolment pension, using
HMRC services, and Health & Safety. - Vital Interests: the
processing is necessary to protect someone’s life. Hipp!!Bones collects and
processes personal data to fulfil vital interests through gaining consent for
Emergency Medication (where applicable), agreeing to a member receiving
emergency medical treatment, if considered necessary by the medical authorities
present, and gastrostomy tube feeding. - Legitimate Interests: the processing
is necessary for your legitimate interests or the legitimate interests of a
third party unless there is good reason to protects the individual’s personal
data which overrides those legitimate interests. Hipp!!Bones collects and uses personal data on the lawful basis, that
it is necessary and in it’s legitimate interests to do so, for example, the
provision of personal data is required to enable us to meet the varied
learning, physical, health, communication and/or behaviour needs of our
members.
4. Sharing your personal data
The management committee will treat all personal data as strictly confidential. We will not share your data with third parties without your consent, unless legally obliged to do so or to protect the vital interests of members or staff.
5. How is personal data stored?
- Hipp!!Bones
laptop with password protection (see Hipp!!Bones Password Protection Policy); - Manually in
secured filing cabinet at headquarters; - Groop
Management Platform: groop.com/privacy-policy/ - Hipp!!Bones
dedicated mobile phone with PIN security; - Hipp!!Bones
Youth Support Worker in Charge email address: j.green.hippbones@gmail.com;
6. How long will personal data be stored?
- Volunteer
records will be destroyed 1 year after leaving; - Membership
records will be destroyed 1 year after your membership lapsed; - Offsite
Consent Forms will be destroyed one month after the trip; - Incident/accident
forms will be kept for the life of the organisation - Safeguarding
log/concern forms will be kept for the life of the organisation - Photographs
will be kept for the life of organisation, unless right of erasure requested.
7. Your rights and your personal data
Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Hipp!!Bones
holds about you; - The right to request that Hipp!!Bones corrects any personal data
if it is found to be inaccurate or out of date; - The right to request that
your personal data is erased where it is no longer
necessary for Hipp!!Bones to retain such data; - The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or
processing of your personal data, to request a restriction is placed on further
processing; - The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioners
Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice prior to commencing the processing.
9. Contact Details
To exercise all relevant rights, queries or complaints in the first instance contact Serena Burgess, Chairperson at serena@hippbones.org.uk
Date:
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF