The term ‘charity’ refers to us, Uzima In Our Hands
The term ‘individual’ refers to anyone the charity holds personal data on, including sponsors, donors and those held as showing an interest in our work.
The charity is committed to preserving the privacy of individuals and to comply with the GDPR (General Data Protection Regulation).
The key areas for responsibility are:
The charity’s Chair of Trustees’s is responsible for:
Ultimately ensuring that the charity meets its legal obligations.
Appointing a Data Controller
The charity’s Data Controller is responsible for:
Each Data Processor (Trustee’s or volunteers who handle data) is responsible for:
3. Personal Data Updating
The charity will ensure that any personal data collected is within the boundaries of what is required for charitable purposes, legal and accounting use.
This personal data may be used for communications, accounting and legal reasons.
Data is regularly reviewed and updated to help ensure it is accurate and up to date.
When personal data is no longer required, it will be deleted and disposed of.
Personal data will not be given to 3rd parties unless for legal reasons or specific consent has been given.
4. Personal Data Security
When personal data is stored electronically:
When personal data is stored on paper:
If any breach of data is discovered, then the individuals it relates to will be informed within 72 hours.
5. Personal Data Access
Individuals who have personal data held are entitled to know what personal data the charity holds about them. This is known as a Subject access request.
When a Subject access request is made:
If an individual feels that any personal data is missing or inaccurate then they should inform the charity so it may be updated.
Individuals are also entitled to know the charity is meeting its data privacy obligations. This information is detailed in this Privacy Notice.
6. Right to be Forgotten
An individual has the right to their personal information being forgotten.
When an individual requests to be forgotten, then personal data concerning them will be deleted, with the exception of details that are required for charity or legal reasons.
The identity of the individual must be verified before deleting information.
If you wish to change the way we contact you, please click here
7. Conditions to Communicate
Communications may be made at various times by the charity to individuals by Email, Mail, Phone or Text.
If an individual requests not to be contacted, then the data will be updated to show this and that individual will be excluded from any communication except from ones required for legal, charity or contractual reasons.
Communications are made under GDPR Article 6, Part 1, Condition: B (If entering into a contract with someone and you need to use their data in order to fulfil that contract), or Condition: F (processing is necessary for the legitimate interests of the charity, so long as such interests are not overridden by the interests or rights and freedoms of the individual). When Condition: F is used, the comparison of the charity interests versus those of the individuals is referred to as the “Balancing test”. This test is documented by the Data Controller to show that the test was carried out. Because these conditions are adhered to, specific consent from individuals is not required.
8. Privacy Notice updates
This document may be updated as necessary to reflect best practice in data management, security and control and to ensure continuing compliance with current GDPR.
In case of any queries or questions in relation to this policy please contact the charities Data Controller.