GDPR Policy WECare Worldwide

Similar documents
Data Protection policy

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

General Data Protection Regulation (GDPR) Policy

INCLUDE-ED PRIVACY POLICY

Jefferies EMEA Privacy Notice

GRAHAM JONES - PRIVACY POLICY

Our Data Protection Officer is Andrew Garrett, Operations Manager

Islam21c.com Data Protection and Privacy Policy

Made In Hackney Data Protection Policy Last Updated:

Privacy Policy GENERAL

Order of Malta Volunteers Privacy Statement

EIT Health UK-Ireland Privacy Policy

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

REAL RENTS PROPERTY MANAGEMENT LTD PRIVACY NOTICE

De Montfort Students Union Student Data Privacy Statement

What personal data or information do we collect? The personal information we collect may include:

WEBSITE PRIVACY POLICY

PRIVACY POLICY. 1. Introduction

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Zemlja-Voda-Zrak Ltd. Further addressed as»natural Croatia« Privacy Policy

PS Mailing Services Ltd Data Protection Policy May 2018

Depending on the Services or information you request from us, we may ask you to provide the following personal information:

Data Protection Policy

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Graff Search Limited ( Graff Search ) is a recruitment agency and recruitment business.

Vistra International Expansion Limited PRIVACY NOTICE

Conjure Network LLC Privacy Policy

Wesley House data protection statement and privacy notice (short-course delegates)

Information you give us when you sign up to the World Merit Hub. In addition, when you sign up to the World Merit Hub, we will usually ask for:

UWTSD Group Data Protection Policy

CAPPELLA NOVOCASTRIENSIS Data Protection Policy

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

6. Where we collect personal information from. 7. Who we share your personal information with

BELLISSIMA BEAUTY SALON PRIVACY NOTICE

Privacy Notice. General Information Protection Regulation ( GDPR )

DLB Privacy Policy. Why we require your information

Our Privacy Statement

TIA. Privacy Policy and Cookie Policy 5/25/18

We may change the privacy notice from time to time by amending this page. What type of information will we collect from you?

2. Who we collect information (data) from & why we collect it

We may change the privacy notice from time to time by amending this page.

Clubs template privacy notice wording

Website privacy policy

We may change the privacy notice from time to time by amending this page.

INNOVENT LEASING LIMITED. Privacy Notice

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

Privacy and Cookies Policy EH Hotel 2018 Ltd

HBW LAW LTD T/A HESELTINE BRAY & WELSH

Cova Security Gates Ltd Privacy Notice. Unit C1, Sussex Manor Business Park, Crawley, West Sussex, RH10 9NH, United Kingdom

PRIVACY POLICY BACKGROUND:

Privacy Policy. 1. Introduction and Purpose. 2. What we do not do. 3. How we use your information

Privacy Policy. Full name and contact details (including your contact number, and postal address).

The General Data Protection Regulation

Protecting your Privacy Winchester Cathedral Privacy Notice

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

PRIVACY POLICY. We will use the information that we collect about you in accordance with:

Privacy Notice For Ghana International Bank Plc customers

Subject: Kier Group plc Data Protection Policy

PRIVACY NOTICE. This policy may be updated from time to time so please check back occasionally to make sure you re happy with any changes.

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

CEM Benchmarking Privacy Policy

Privacy and Cookies Policy

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Data Protection Policy

M T BUCKLEY & Co Chartered Accountants

PRIVACY NOTICE. Who we are:

PRIVACY POLICY & GDPR COMPLIANCE STATEMENT Updated 15 May 2018

FIRSTBEAT TECHNOLOGIES OY DESCRIPTION OF PERSONAL DATA PROCESSING FOR PARTNERS - FIRSTBEAT LIFESTYLE ASSESSMENT

VISTRA NETHERLANDS PRIVACY NOTICE

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Michael Robinson Associates Limited is committed to protecting your personal information. This policy

Membership Privacy Notice. 31 August 2018

Creative Funding Solutions Limited Data Protection Policy

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

Privacy Policy. About Us

The West End Community Trust Privacy Policy

Privacy notice. Last updated: 25 May 2018

PRIVACY STATEMENT. The Island with Bear Grylls (the Programme ) Introduction and main purposes

Privacy Policy Who are we? What personal date or information do we collect? How do we collect data or information from you?

Data Protection Policy

DATA PROTECTION PRIVACY NOTICE PROTECTING YOUR PERSONAL INFORMATION: YOUR RIGHTS, OUR RESPONSIBILITIES

Smile IT Ltd Privacy Policy. Hello, we re Smile IT Ltd. We offer computer and network support to businesses and home computer users.

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Hallmark Solutions Limited PRIVACY NOTICE

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

Element Finance Solutions Ltd Data Protection Policy

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

Adelaide Fringe is committed to protecting the privacy of its artists, employees, prospective employees, venues and the general public.

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

GDPR Compliance. Clauses

Our privacy statement Who are we? Your acceptance of this statement Changes to this privacy statement What is personal data?

ATHLETICS WORLD CUP PRIVACY NOTICE

Whiteinch and Scotstoun Housing Association and WS Property Management Ltd. Privacy Policy

Bournemouth Churches Housing Association: National Citizen Service (NCS) PRIVACY NOTICE

Pathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke

VISTRA ZURICH AG - PRIVACY NOTICE

Privacy Policy: Data & Information Security Policy Last revised: 9 May 2018

Privacy and Data Protection Policy

Transcription:

GDPR Policy WECare Worldwide MAY 2018 GDPR policy, WECare Worldwide WECare 1

WECare Worldwide s commitment to GDPR WECare Worldwide ( WECare ) is both a UK registered charity (1162386) and a Sri Lankan NGO (SL FL- 159116) which was set up by UK veterinary surgeon Janey Lowes in October 2014. WECare aims to provide high standard veterinary care for street animals in need around the world and started operations in Sri Lanka due to the huge overpopulation of street dogs, often with extensive injuries or severe disease. Over the last 3 years, WECare have treated almost 4,000 animals in need and look to increase this number in a dramatic way in the near future. WECare s donors, supporters and stakeholders are crucial to the charity s survival and sustainability and so respecting their data, the protection of it, how it s stored and their ability to object at any point is an absolute priority to WECare. We aim for transparency in everything we do, so that we can serve the community, both local and global, in an honest and trustworthy manner. How does GDPR affect WECare? Key definition: The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This document aims to cover how, and in which areas, GDPR will be implemented within WECare. The following points will be covered in more detail: 1. How WECare processes data where it s stored, how long it s stored for, when it s refreshed. 2. Consent if we have consent, how we received, where it s logged. 3. Why WECare processes data lawful processing, purpose, legitimate interest. 4. Employee data personal data files. 5. Objection, erasure, right to withdraw how WECare deals with erasing data, giving individuals the right to withdraw and objection requests. 6. Data breaches what happens if someone s data is breached. WECare documents all information regarding how data is stored and where data is stored. Breaches, update logs and activities relating to article 30(1) of the GDPR are all documented and managed by the data controllers. Consent WECare s consent form is on the charity s website (www.wecareworldwide.org.uk) and is separate to any other terms and conditions. WECare has positively asked for consent from every individual on it s mailing list. Consent has been given for the following: WECare communication via e-mail no more than four times a month, with information regarding the charity s progress, recent animal cases and general updates/education about the situation in Sri Lanka. GDPR policy, WECare Worldwide WECare 2

For information stored on WECare s CRM system (Zoho) until they have asked for information to be deleted. WECare Worldwide will ask individuals to opt back in yearly to avoid data being stored unnecessarily. WECare communication via direct mail no more than four times per year. WECare does not rely on third party processors to manage the charities data- only WECare employees will process data. If this procedure is amended at any point, the charity will inform all individuals with data currently stored on our system. WECare keeps a detailed record of the date at which individuals gave consent for their data to be stored and to have WECare communications delivered to them. This record is stored on Zoho. The charity has an unsubscribe section on its email platform (Mailchimp) which is easily accessible and is a very-simple 2 step procedure. Upon requesting consent, this link was clearly communicated. Individuals can choose for their data to be removed from the CRM system and Mailchimp at any point. Once this request has been given, an alert will be sent to the controllers at WECare and data will be removed within 72 hours. The charity will confirm the removal of this data to the recipient, once completed. Being Informed WECare has its GDPR policy available on the website at all times, and all WECare email signatures will carry a link to this page. This will allow any individual looking to gain understanding of how and where their data is stored the opportunity to do so. WECare Worldwide s purposes for processing personal data includes: To have individual s data stored so that they can receive updates from the charity and to be kept informed of any changes To keep individual s data so that trends and patterns can be analysed to assist future promotions of the charity To invite individuals to key WECare events To record transactions for accounting purposes relating to goods or services supplied by individuals and process the associated payments in settlement of these. For anti-money laundering regulation and identification purposes, WECare holds copies of Trustees current passports. To carry out appropriate processes in respect of WECare s employees (for further details, see Employee Data Protection Policy) Privacy Information WECare will store individual s data for 24 months after consent has been received. After this one year period has drawn to a close, the charity will again request consent from individuals for the storage of their information and permission for regular contact. Data will not be shared with third parties, only WECare staff will have access to information and should not contact individuals that have given consent without the permission of one of the data controllers, namely Janey Lowes, Rebecca Carruthers and Yasmin Davoodi. The charity will review its GDPR policy every 3 months to ensure the individuals best interests are considered and that data is being stored securely and safely. GDPR policy, WECare Worldwide WECare 3

All individuals have the right to access their personal data and supplementary information. If a request is given to WECare, this will be fulfilled within fourteen working days. WECare Worldwide stores the following information for all stakeholders: Full name Company name Email address Telephone number Postal address Additionally for donors: Donation channel Donation amount Additionally for suppliers (individuals): Bank account details Additionally for employees: Date of birth Bank account details National insurance number Copy of passport or driver s licence Health records (see Employee Data Protection Policy) Employment records (see Employee Data Protection Policy) Gender Ethnicity (Equal opportunity monitoring) Nationality (Equal opportunity monitoring) Religion (Equal opportunity monitoring) Additionally for trustees: Date of birth Bank account details (expenses reimbursement purposes) Copy of passport or driver s licence If an individual requires access to their information, to use on other online platforms, they can email the data controllers and their request will be answered within 7 working days. When signing up to WECare communications (via the website, email or at WECare events) individuals will always have full access to the charities GDPR policy and will be asked if they would like to give consent to be communicated with and for their data to be processed, WECare will not process an individual s data without this consent. Email communications will not be sent without this consent. Security of data WECare have a number of systems and policies in place to protect data including password protection of devices and where devices allow, the use of anti-virus and firewalls. Encryption software will be set up in emails containing personal or sensitive information and removable devices will also be encrypted to prevent data breaches arising from loss or theft of these devices. GDPR policy, WECare Worldwide WECare 4

Data is stored on Google Drive, which is protected by 2-step verification. All charity staff members have password-controlled devices, which should be refreshed every 3 months. Google Drive is not downloaded on employee devices, which means that data can only be accessed through Google mail, once employees have signed in on their computer. Data is in a folder within the WECare Google Drive and only the data controllers can access this folder. This ensures that, in the event of theft or loss of a device, data is still secure and can not be accessed by third parties. If there is a breach of data, the breach will be rectified and reported to the ICO within 72 hours. If the breach is likely to result in a high risk of adversely affecting individuals rights and freedoms, the individual will be contacted within 24 hours. A record will be kept should any breaches take place of data. Google drive has an alert system set up on the data folder which means that if a document is downloaded, the data controllers will receive an email alert. If there is suspicious activity on the folder, the data controllers will flag the breach with ICO and the individual. We will also block the account that the breach has come from and change passwords to all data folders. In order to maintain secure systems, WECare employ the expertise of IT professionals and as such to protect data or resolve IT issues, on occasion there will be circumstances whereby they will have access to personal data. All agents, contractors, or other parties working on behalf of the Charity handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Charity arising out of this Policy and the GDPR. Data controllers Charity data controllers are responsible for ensuring the safety and security of stakeholder information. Details are: Company name: WECare Worldwide Data controllers of WECare Worldwide: Janey Lowes, Rebecca Carruthers, Yasmin Davoodi Contact details: janey@wecareworldwide.org.uk, yasmin@wecareworldwide.org.uk, rebecca@wecareworldwide.org.uk Lawful basis of processing data The processing of individual s data benefits WECare and the efforts of the charity. Processing of information takes place every month. When subscribers donate to platforms to support the charity s work, each individual is asked whether or not they would like their information to be processed and are given the right to object or erase their data. The individual s relationship to WECare is usually as a supporter of the charity and thus they already have a vested interest in the organisation. We approach the supporter at this time to give the opportunity to opt in to receive further updates and communications. Individuals are not vulnerable; WECare asks all individuals to confirm the fact that they are 16 years or over. If individuals object to their data being processed, WECare will remove their data from the database and stop processing their information within 72 hours. GDPR policy, WECare Worldwide WECare 5

Individuals have the right to object to their data being used at any point when processing. The charity has an opt out option on emails and individuals will be asked for permission to process their data once the charity has access to it. For example, if an individual donates to the charity, WECare will email them and ask them if they are happy for their data to be processed. At that point, they then have the right to object to their data being processed. At any point, individuals have the right to erase or amend their data from WECare. This can be done via email or via the charities Facebook pages/website contact form. Once this request has been made, the charity will complete this request within seven working days. Legitimate Interest WECare only relies on legitimate interest when trying to contact individuals for the first time. We contact only those who may be interested in partnering with the charity for key events and sponsorship. Individuals will only be contacted to a company email address, no other data will be stored of these individuals. WECare Worldwide focuses on three main elements of legitimate interest: Identify a legitimate interest in animal welfare and/or the veterinary field and profession Balance it against the individual s interests, rights and freedoms. Legitimate interest can include commercial interests, individual interests or broader societal benefits. WECare uses email (Gmail account) and will never contact those that have not opted in using promotional material such as e-shots. A legitimate interest assessment will be taken each time someone is contacted that has not given consent. Individuals will be emailed once and given a second follow-up. If they do not reply within 21 days, individuals will not be contacted again. WECare Worldwide does not hold any special category data (except employee health records as outline in the Employee Data Protection policy) or criminal offence data and all individuals who have confirmed consent have agreed to the fact that they are over 16 years of age. If data has been obtained from third party sources and consent has not been given, the charity will store information for one month, this will then be deleted from every system the data is stored on. Automated decision-making and profiling WECare does not currently use automated decision-making tools as part of its marketing strategy. Mailchimp (email platform tool) is used manually. If the charity decides to adopt an automated system in the future, it will only be used to contact those that have given explicit consent. At any time when individuals receive these automated marketing communications, they will be given the opportunity to object the right to be contacted and erase any future processing of their data. WECare does use data to profile buyers and this is based on information available on third party channels such as Facebook, Twitter, Instagram and Google Analytics. Any profiling that is used on specific people has been included in the consent form which Is provided to the individual at the time of consent. Data Retention GDPR policy, WECare Worldwide WECare 6

WECare does not retain personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. When personal data is no longer required, all reasonable steps will be taken to safely erase or otherwise dispose of it without delay. Personal Data is held by the Charity for the below purposes and time periods: PAYE and payroll purposes As evidence that the Charity has reported information accurately, WECare Worldwide is required by HM Revenue and Customs to keep records which will include personal data, for 3 years from the end of the tax year they relate to. Accounting records In order to comply with requirements from HM Revenue and Customs and the Charity Commission, accounting records, including any relevant personal data are retained by WECare Worldwide for a period of 6 years from the end of the accounting period they relate to. Transferring Personal Data to a Country Outside the EEA Due to the locations in which it operates, WECare transfers ( transfer includes making available remotely) personal data to countries outside of the EEA, however great care is taken to ensure the protection of any personal data held, and the measures taken to reduce risks are outlined above in the security of data section of this policy. WECare platforms Platform Data it holds Review period Zoho CRM Donation information 24 months Volunteer and staff information G Drive Donation information 12 months Staff photos Gmail Email addresses of donators 12 months and volunteers WECare website Donation information Volunteer applications 12 months GDPR policy, WECare Worldwide WECare 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback