Harrison’s Fund Ltd (HF) is committed to ensuring the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This policy outlines our commitment to GDPR compliance and the responsibilities of all staff and volunteers regarding the processing of personal data.
2. Data Collection and Processing
We will only collect and process personal data for specified, explicit, and legitimate purposes.
We will obtain clear and unambiguous consent when required for data processing activities.
Data processing will be limited to what is necessary for the purpose and will be kept accurate and up to date.
3. Lawful Basis for Processing
We will identify and document the lawful basis for processing personal data, which may include consent, contract performance, legal obligations, vital interests, public task, or legitimate interests.
4. Data Security
We will implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.
Staff and volunteers will be trained on data security best practices.
5. Data Subject Rights
We will inform individuals of their rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object. We will provide mechanisms for individuals to exercise these rights.
6. Data Processing Records
HF will maintain records of all data processing activities, including data types, purposes, lawful bases, and retention periods.
7. Data Transfer
We will ensure secure data transfers, especially when sharing data with third parties, by using appropriate safeguards and contracts.
8. Data Retention
We will define retention periods for different types of data, ensuring data is not retained longer than necessary for the intended purpose.
9. Data Breach Response
We have a plan in place for detecting, reporting, and addressing data breaches in compliance with GDPR requirements.
10. Privacy Impact Assessments
We will conduct Privacy Impact Assessments (PIAs) for high-risk data processing activities.
All staff and volunteers will receive training on GDPR compliance and data protection.
12. Privacy Notices
We will provide clear and transparent privacy notices to individuals regarding the processing of their data.
13. Data Subject Requests
We have established a procedure for handling data subject requests in a timely manner.
14. Vendor Contracts
We will ensure that data processors and third-party vendors comply with GDPR and have appropriate contracts in place.
15. Review and Update
This GDPR policy will be reviewed and updated regularly to ensure ongoing compliance with GDPR and related regulations.
HF encourages all staff and volunteers to report any concerns or potential breaches of this policy to the Data Protection Officer.
This policy was last reviewed and updated on 13/10/2023.