Data Protection Policy
The Dominic Simpson Memorial Trust Limited (DSMT) Data Protection Policy
The Dominic Simpson Memorial Trust has reviewed its data protection measures according to the new General Data Protection Regulations 2018 which came into force on 25 May.
Background
DSMT is a registered charity (number 1109452) that has been supporting the education of disadvantaged children, particularly girls, in the Occupied Palestinian Territories since 2005. We raise funds from individuals and organisations in support of our work. The legitimate purpose for us collecting and using personal data is to maintain contact with our supporters and beneficiaries in order to fulfil our charitable objective: “to advance education and facilitate educational opportunity for individuals and communities in the Middle East…”, enabling us to fund-raise and to monitor and report on the outcomes of our charitable activities.
As with all organisations that hold data on individuals we are required to comply with data protection legislation. New legislation came into force on 25th May 2018, which strengthens the requirements of the existing Data Protection Act of 1998 (DPA).
The General Data Protection Regulation (GDPR) aims to protect the privacy of all the personal information or data about individuals. This is defined as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.
This policy explains how we collect, use and store the personal information provided to us by our supporters and beneficiaries.
Our Policy
DSMT commits to abide by the Data Protection Act 1998 (DPA) and the General Data Protection Regulation 2018 (GDPR) in all areas of its operation. This policy applies to everyone who works on our behalf, on a contracted or volunteer basis and they are expected to work within the legislation. This policy sets out the procedures in place to ensure that personal data is treated in the appropriate way.
DSMT acknowledges that individuals have the right to expect that appropriate and reasonable safeguards will be operated by us and any third parties engaged to protect the confidentiality, integrity and security of your personal data. Should third parties process data on our behalf we will ensure though a legal agreement that the third party also operates in accordance with the DPA and the GDPR. We will ensure information is treated with the same level of care we would do ourselves
The DPA and the GDPR require that organisations process personal data in accordance with the eight Data Protection Principles. These are that the data is:
- Fair and lawful
- Specific to purpose
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept for no longer than necessary
- Processed in accordance with data subjects rights
- Kept secure
- Not transferred overseas without suitable safeguards
DSMT has adopted these principles. We will only collect and process personal and sensitive data that has been obtained fairly and lawfully and for a specific set of purposes connected with the charity’s activities or where we have a legitimate purpose under law to do so. Data will be adequate and relevant and only used for the purposes collected. It will be maintained, kept accurate, and not retained for any longer than is necessary.
Before collecting any information we will consider:
- What details are necessary for our purposes
- What the information will be used for
- How long we are likely to need this information
When you contact DSMT by phone, email, letter or through social media, make a donation or engage in any of our activities, we may receive and retain personal information about you. This may include your name, postal address, email address, telephone number, mobile number, bank account details for the purpose of processing donations, and whether or not you are a tax payer so we can claim Gift Aid.
DSMT may use your personal information for a number of reasons. These include:
- Correspondence regarding the work of DSMT;
- Administration purposes – you may be contacted with regards to donations you have made or to provide you with any information about our activities you have agreed to receive;
- For internal record keeping;
- To use IP addresses (identifies the location of a user) to collate information on the number of online visitors from different countries. Collecting data on the latter does not disclose the personal details of the user, but gives a broad idea of users so we can adapt our services to suit them.
We will only contact you via the forms that you have indicated you are happy to be contacted through. If you would like to change your preferences, or cease to be contacted by DSMT, please see the appropriate procedures below.
Please inform us in writing, by letter or email, to the Administrator: contact details belowand on our website. We will amend or delete your details from our database within 30 days of receiving your instruction.
DSMT will NEVER share or sell your data to other third party organisations for their own marketing purposes, unless required to by law (For example: government bodies for the purposes of the prevention and detection of crime, when provided with the appropriate request in writing).
Personal data will only be used by DSMT for the above purposes and will not be made available to anyone other than those involved in organising the above activities, with one exception. We use a third-party provider (MailChimp) to deliver newsletters and other information to those on our database who have provided us with an email address. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletters. MailChimp has data protection policies that comply with DPA and GDPR and their Privacy Notice can be viewed at https://mailchimp.com/legal/privacy/ If you prefer not to have your data passed to MailChimp please write to the Administrator (details below) and your email address will be removed from our database. You will then receive information from DSMT by post only.
Our website has links to websites owned and operated by third parties. These third parties have their own privacy policies, and will control the information you provide them with in accordance with these. We cannot accept any responsibility or liability for the privacy practices of such third parties. The use of such websites is done so at your own risk.
Policy statement for data on beneficiaries
Personal information on DSMT scholarship beneficiaries (photographs, name, date of birth, family circumstances, academic record, place of study, exit route) is collected and stored with permission of the individuals and our partner school for the purposes of evaluating economic need and academic potential, monitoring academic progress, sharing news between beneficiaries and DSMT, maintaining contact after the end of the scholarship period for alumnae activities.
DSMT undertakes to treat this data in line with its policy as set out above: to keep it securely, to retain only as long as needed for the above purposes, to share carefully selected information with our supporters for information and marketing purposes via newsletters, website and the DSMT Facebook page.
Written permission will be sought from the beneficiaries and our partner school for use of personal Information and photographs made public via our newsletters, website and social media. Only beneficiaries’ first names are ever used.
Protocols for retention of data on individual beneficiaries are applied. For Higher Education Scholarships applications from unsuccessful applicants are not retained beyond the formal acceptance of the award by the successful applicant. Application forms from successful applicants will be retained until six months after graduation. For School Scholarships, the personal information supplied by the school will be retained until six months after the award holder leaves school, unless she is also awarded a Higher Education Scholarship, in which case the Higher Education protocols above will then apply.
Information on final academic results for all scholarship students will be retained for a minimum of 7 years for audit purposes and impact assessment. Names, email addresses and phone numbers will also be retained for all beneficiaries after the end of their scholarship period for audit purposesfor a minimum 7 yearsbut will not be shared.
General Data Security and Storage
We will take steps to ensure that all personal data of supporters and beneficiaries is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
- Password protection on personal systems for all financial files, supporter and beneficiary information;
- Supporter database stored on dedicated laptop and password protected;
- Security protected use of all data storage via cloud computing (Dropbox) with access restricted to three people;
- All financial, supporter and beneficiary data backed up securely in Dropbox after updates and amendments made;
- CD copy of database (from dedicated laptop) kept in separate location and in Dropbox and password protected;
- Information retained and updated as necessary on all supporters who have agreed to be contacted by DSMT, until such time as they indicate they no longer wish to be contacted;
- When supporter database is updated, any previous version will be deleted;
- Password protection for all attachments with sensitive personal and financial information when sent by email or stored on computers/laptops/phones.
Access Requirements
We will ensure that anyone whose personal information we process has the right to know:
- What information we hold and process on them
- How to gain access to this information
- How to keep up to date
- What we are doing to comply with the regulations
Individuals have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block, or erase information regarded as wrong or if consent is withdrawn.
Individuals also have the right under the DPA and the GDPR to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to our Administrator/Data Protection Officer, Lesley Shareif, by email at admin@dominicsimpsontrust.org.uk or write to: DSMT Administrator, Flat 3, 4 Bolebrooke Road, Bexhill-on-Sea, East Sussex, TN40
The following information will be required before access is granted:
- Full name and contact details of the person making the request
- Their relationship with DSMT
- Any other relevant information e.g. timescales
- We may also require proof of identity before access is granted
Queries about handling personal information will be dealt with efficiently and politely. DSMT aims to comply with all requests for access to personal information as soon as possible, but will ensure they are provided within the 40 days required by the DPA and the GDPR.
For further current information see https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Breach of Confidentiality
DSMT takes its responsibility very seriously to ensure that all sensitive data stored is protected and will report any breaches of confidentiality to the Information Commissioner’s Office (ICO) within 72 hours as regulated by the GDPR. We will also inform the individuals concerned.
Unauthorised access to personal data held by DSMT will be addressed immediately with steps taken to recover any lost data and to ensure that measures are put in place to rectify the violation. Security measures will be reviewed and revised accordingly.
The Dominic Simpson Memorial Trust (DSMT) June 2018