The Friends of Alexandra Park recognise the right to privacy of the individual as a basic human right. We accept that personal details about an individual belong to that individual. Accordingly, we undertake to respect the confidentiality of certain information in relation to relevant legislation – the Data Protection Act of 1998 and the General Data Protection Regulations May 2018. Confidentiality is based upon a reasoned concern for the interests of the person to whose personal information we have access. Respecting confidentiality means that information may be disclosed only with consent and when necessary, and that consultation and discussion remains within those boundaries. This protects the integrity of both The Friends of Alexandra Park and of individuals.
How we use personal data relating to supporters, members, committee members, and community contacts, (referred to in the rest of the policy as ‘supporters’)
The Friends of Alexandra Park complies with its obligations under the GDPR by keeping personal data of supporters up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
What type of data is collected?
The personal data we collect includes names, addresses, email addresses, and telephone numbers.
We use supporters’ personal data for the following purposes: -
To enable us to provide a voluntary service for the benefit of the public as specified in our constitution;
To fundraise and promote the interests of the Friends;
To manage our volunteers;
To maintain our own accounts, records and membership monitoring
To inform supporters of The Friends of Alexandra Park’s news, events and activities and
services, including fundraising campaigns
How long will we keep personal data for?
We review our retention periods for personal data yearly and consider the purpose we hold the information for in deciding whether (and for how long) to retain it. Any data that is no longer needed for these purposes will be deleted securely. The data for a member who does not renew their subscription will be retained for three months after their renewal was due.
GDPR allow us to contact our supporters without having their prior consent if we have legitimate interest, such as notifying people of health and safety procedures at an event or event cancellation for example. When using legitimate interest, we will make sure that the individuals have the opportunity to opt-out of future communications. Our donors and supporters will be treated fairly and respectfully and we will ensure that we meet our legal obligations.
Right to be forgotten or be removed from marketing
If for any reason a donor wishes to have personal details removed from our records, they can contact us at firstname.lastname@example.org and request that data is removed. We will always comply promptly with such requests.
We will not sell or share supporters’ data with third parties
Who has access to personal data?
Third Party Service Providers working on our behalf:
We use a bulk email provider to facilitate communication to supporters. This provider is in compliance with the EU-U.S. Privacy Shield Framework
Supporters’ rights and their personal data
Our supporters give us their explicit consent to be contacted by us by ticking the relevant boxes situated on the form on which we collect their personal data.
Supporters can change their consent at any time and unsubscribe from our communications by contacting us at email@example.com
Under the GDPR supporters have the following rights with respect to their personal data:
The right to request a copy of their personal data which The Friends of Alexandra Park holds about them;
The right to request that The Friends of Alexandra Park corrects any personal data if it is found to be inaccurate or out of date;
The right to request their personal data is erased where it is no longer necessary for The Friends of Alexandra Park to retain such data;
The right to object to the processing of personal data, (where applicable) The right to lodge a complaint with the Information Commissioner’s Office (ICO).
We will report breaches (other than those which are unlikely to be a risk to individuals) to the ICO where necessary, within 72 hours. We will also notify affected individuals where the breach is likely to result in a high risk to the rights and freedoms of these individuals.