Privacy Policy

Privacy Policy

The Brandwood Centre Community Association is committed to ensuring the confidentiality, integrity, and availability of all personal data it holds.

Read more

GDPR and Data Protection Policy

1. Purpose and Scope

This Data Protection and Confidentiality Policy outlines how personal data will be processed, stored, and protected in compliance with data protection legislation, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2018. It applies to all staff, volunteers, and third-party organisations that process data on behalf of The Brandwood Centre Community Association.

The aims of this policy are to:

  • Ensure the confidentiality, integrity, and availability of all personal data held by The Brandwood Centre Community Association.
  • Comply with all applicable data protection legislation to the highest ethical standards.
  • Require partner organisations to comply with data protection laws when handling data on behalf of The Brandwood Centre Community Association.

This policy applies to:

  • All staff and volunteers at The Brandwood Centre Community Association.
  • Any third-party organisations working with The Brandwood Centre Community Association where personal data is being processed.
  • All forms of data, including both electronic (e.g., emails, documents) and physical (e.g., manual files) data processing.

2. Definitions

Person: An identifiable, natural living person who can be identified by name or other information.

Personal Data: Information relating to a person, including both special and non-special data (e.g., name, address, opinions, intentions).

Data Subject: The individual to whom personal data refers.

Data Controller: The organisation that determines the purposes and means of processing personal data.

Data Processor: An individual or entity that processes personal data on behalf of the data controller.

Non-Special Personal Data: Information that can identify a person but does not fall into sensitive categories.

Special Personal Data: Data relating to racial/ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual orientation, or criminal proceedings.

Data Breach: A breach resulting in accidental or unlawful loss, destruction, alteration, unauthorised disclosure of, or access to personal data.

Data Subject Request: A request by a data subject for access to their personal data held by The Brandwood Centre Community Association.

Privacy Notice: A statement that outlines how personal data is collected, processed, and protected.

3. Data Protection Principles

In line with GDPR 2018, The Brandwood Centre Community Association upholds the following six principles when processing personal data:

Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and in a transparent manner.

Purpose Limitation: Personal data must only be collected for specified, legitimate purposes and not processed further in a manner incompatible with those purposes.

Data Minimisation: Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy: Personal data must be accurate and kept up to date. Inaccurate data should be corrected or erased without delay.

Storage Limitation: Personal data must not be kept for longer than necessary for the purposes for which it is processed.

Integrity and Confidentiality: Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.

4. Data Subject Rights

Data subjects have the following rights under this policy:

  • The right to access their personal data held by The Brandwood Centre Community Association.
  • The right to request correction or deletion of inaccurate or outdated personal data.
  • The right to be informed about how their data is processed and the purposes for processing.
  • The right to data portability in certain circumstances.
  • The right to object to the processing of their data if it is based on legitimate interests.
  1. Safeguarding Personal Data

The Brandwood Centre Community Association commits to safeguarding personal data by:

  • Ensuring that all personal data is kept secure and accessible only to authorised individuals.
  • Using encrypted communication and secure storage systems for electronic data.
  • Implementing physical controls for access to manual files.
  • Ensuring that personal details (e.g., addresses, phone numbers) are not disclosed without consent.

5. Safeguarding Personal Data

The Brandwood Centre Community Association commits to safeguarding personal data by:

  • Ensuring that all personal data is kept secure and accessible only to authorised individuals.
  • Using encrypted communication and secure storage systems for electronic data.
  • Implementing physical controls for access to manual files.
  • Ensuring that personal details (e.g., addresses, phone numbers) are not disclosed without consent.

6. Third-Party Data Processing

The Brandwood Centre Community Association will ensure that any third-party organisation processing data on its behalf adheres to data protection legislation and this policy. Third parties must:

  • Comply with GDPR and the Data Protection Act 1998.
  • Ensure the secure handling of any personal data shared with them.
  • Be subject to periodic audits to verify compliance.

7. Data Protection Breaches

In the event of a data protection breach, The Brandwood Centre Community Association will:

  • Respond promptly and appropriately, ensuring any affected parties are notified where necessary.
  • Review the breach and take steps to prevent future incidents.
  • Report serious breaches to the Information Commissioner’s Office (ICO) as required.

8. Roles and Responsibilities

The Brandwood Centre Community Association’s Management Committee has overall responsibility for ensuring compliance with this GDPR and Data Protection Policy. The Centre Manager will act as the Data Protection Officer (DPO) and is responsible for:

  • Overseeing the implementation of this policy.
  • Ensuring that data protection is built into new systems and projects from the outset (“data protection by design”).
  • Ensuring that staff and volunteers are aware of data protection responsibilities and undergo necessary training.
  • Reviewing data protection incidents and making decisions on whether to report incidents to the ICO.

9. Data Subject Requests

Data subjects can request access to their personal data held by The Brandwood Centre Community Association by submitting a written request to the DPO. The Centre will respond to such requests within one month, ensuring transparency and compliance with GDPR legislation.

10. Review and Amendments

This policy will be reviewed periodically and updated in response to significant changes in UK data protection law. The Management Committee must approve any changes to the policy.