top of page


Policy Statement


Harrison’s Fund Ltd (HF) is committed to ensuring the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This policy outlines our commitment to GDPR compliance and the responsibilities of all staff and volunteers regarding the processing of personal data.

1. Data Protection Officer (DPO)

HF has appointed a Data Protection Officer (DPO) who is responsible for overseeing GDPR compliance. You can contact the DPO at

2. Data Collection and Processing

  1. We will only collect and process personal data for specified, explicit, and legitimate purposes.

  2. We will obtain clear and unambiguous consent when required for data processing activities.

  3. Data processing will be limited to what is necessary for the purpose and will be kept accurate and up to date.​

3. Lawful Basis for Processing

We will identify and document the lawful basis for processing personal data, which may include consent, contract performance, legal obligations, vital interests, public task, or legitimate interests.

4. Data Security

  1. We will implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.

  2. Staff and volunteers will be trained on data security best practices.

5. Data Subject Rights

We will inform individuals of their rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object. We will provide mechanisms for individuals to exercise these rights.

6. Data Processing Records

HF will maintain records of all data processing activities, including data types, purposes, lawful bases, and retention periods.

7. Data Transfer

We will ensure secure data transfers, especially when sharing data with third parties, by using appropriate safeguards and contracts.

8. Data Retention

We will define retention periods for different types of data, ensuring data is not retained longer than necessary for the intended purpose.

9. Data Breach Response

We have a plan in place for detecting, reporting, and addressing data breaches in compliance with GDPR requirements.

10. Privacy Impact Assessments

We will conduct Privacy Impact Assessments (PIAs) for high-risk data processing activities.

11. Training

All staff and volunteers will receive training on GDPR compliance and data protection.

12. Privacy Notices

We will provide clear and transparent privacy notices to individuals regarding the processing of their data.

13. Data Subject Requests

We have established a procedure for handling data subject requests in a timely manner.

14. Vendor Contracts

We will ensure that data processors and third-party vendors comply with GDPR and have appropriate contracts in place.

15. Review and Update

This GDPR policy will be reviewed and updated regularly to ensure ongoing compliance with GDPR and related regulations.

 HF encourages all staff and volunteers to report any concerns or potential breaches of this policy to the Data Protection Officer.

This policy was last reviewed and updated on 13/10/2023.

Team shot Surrey Half 2018_edited.jpg

Get involved

JPG FILE-02_edited.jpg

Project Chrysalis



bottom of page