GDPR
Policy
Policy Statement
Harrison’s Fund Ltd (HF) is committed to ensuring the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This policy outlines our commitment to GDPR compliance and the responsibilities of all staff and volunteers regarding the processing of personal data.
1. Data Protection Officer (DPO)
HF has appointed a Data Protection Officer (DPO) who is responsible for overseeing GDPR compliance. You can contact the DPO at info@harrisonsfund.com
2. Data Collection and Processing
-
We will only collect and process personal data for specified, explicit, and legitimate purposes.
-
We will obtain clear and unambiguous consent when required for data processing activities.
-
Data processing will be limited to what is necessary for the purpose and will be kept accurate and up to date.​
3. Lawful Basis for Processing
We will identify and document the lawful basis for processing personal data, which may include consent, contract performance, legal obligations, vital interests, public task, or legitimate interests.
4. Data Security
-
We will implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.
-
Staff and volunteers will be trained on data security best practices.
5. Data Subject Rights
We will inform individuals of their rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object. We will provide mechanisms for individuals to exercise these rights.
6. Data Processing Records
HF will maintain records of all data processing activities, including data types, purposes, lawful bases, and retention periods.
7. Data Transfer
We will ensure secure data transfers, especially when sharing data with third parties, by using appropriate safeguards and contracts.
8. Data Retention
We will define retention periods for different types of data, ensuring data is not retained longer than necessary for the intended purpose.
9. Data Breach Response
We have a plan in place for detecting, reporting, and addressing data breaches in compliance with GDPR requirements.
10. Privacy Impact Assessments
We will conduct Privacy Impact Assessments (PIAs) for high-risk data processing activities.
11. Training
All staff and volunteers will receive training on GDPR compliance and data protection.
12. Privacy Notices
We will provide clear and transparent privacy notices to individuals regarding the processing of their data.
13. Data Subject Requests
We have established a procedure for handling data subject requests in a timely manner.
14. Vendor Contracts
We will ensure that data processors and third-party vendors comply with GDPR and have appropriate contracts in place.
15. Review and Update
This GDPR policy will be reviewed and updated regularly to ensure ongoing compliance with GDPR and related regulations.
HF encourages all staff and volunteers to report any concerns or potential breaches of this policy to the Data Protection Officer.
This policy was last reviewed and updated on 13/10/2023.
