Data Protection Privacy Statement,
including Key Procedures for Friends of Holland Park
Charity no 281348Aims of this policy
Aims of this policy
The Friends of Holland Park (FHP) needs to keep certain information about its members in order to distribute its quarterly newsletter and to contact members about events and other matters concerning The Friends.
The charity is committed to ensuring any personal data will be dealt with in line with the Data Protection Act 1998, as amended 2003 and the General Data Protection Law, to become operative from May 2018.
To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
This document highlights key data protection procedures within the organisation. The aim of these procedures is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection law.
This Privacy Statement defines the trustees and any other persons using data connected with the business of the charity.
The type of personal data we hold
· Contact details of members, who have completed a membership application form. Needed for distribution of newsletter.
· Contact details of council officers and elected members for the day-to-day running of the charity. These can be identified by the sortable database code.
· Contact details of suppliers.
· Contact details of those volunteers who have agreed to hand deliver the newsletter and the areas in which they deliver. Needed to produce delivery schedules.
· Each entry shows whether or not a member is registered for Gift Aid, so that we can make an annual return to HMRC.
Who holds the data?
The Secretary is the controller of the database. Other FHP Trustees who may process personal information are:
· The Chairman
· The Treasurer and the Database Manager
The information is not shared with other parties, with the exception of the Independent Examiner and HMRC in the case of Gift Aid data. It is also shared with the member who prints labels for the newsletter and the member who organises the deliverers.
Names and addresses, in hard copy form, are given to newsletter deliverers so they can hand deliver to the correct address.
Personal information is kept in the following forms:
· Paper details kept by the Treasurer, Secretary, Chairman and Database Manager, securely filed.
· Digital database of members kept by the Secretary (controller) and circulated, in encrypted form, to the Treasurer, Database Manager, Chairman, member who organises deliverers and member who creates labels for deliverers, as necessary.
· Digital Gift Aid records kept by the Treasurer and sent to Independent Examiner, in encrypted form, for filing with HMRC.
· Digital records from Paypal account showing receipts.
Security of data
Each trustee that holds member data has confirmed in writing that their systems are secure:
· All computers are password protected with a secure password
· All emailed records are encrypted.
Deletion of data
· The Friends of Holland Park Bank statements and Gift Aid reports are kept for reference and are regularly referred to.
· The current member database, used for newsletter distribution, is cleaned every September. Members who have not paid the current year’s subscription are left on the database until 31 December and then removed, as they are no longer deemed to be members.
· Previous member databases are a useful source of reference and are regularly referred to e.g. when they claim their membership has only recently lapsed. These databases are retained for seven years but for reference only and not for contact.
· Analysis of payments by cheque and cash are kept for seven years.
Right to access data
Each member has the right to see a copy of the data held about them and the right to correct it if it is found to be incorrect. Contact The Secretary at: rhoddy.wood@thefriendsofhollandpark.org
Risk Assessment
The trustees of The Friends of Holland Park operate a Risk Assessment process which is reviewed annually. In the unlikely event of a break of data protection, the process would be to:
· Inform the Information Commissioner’s Office (ICO)
· Inform those whose data has been compromised
· Amend the process which has caused the breach.
12 January 2024