The General Data Protection Regulations (GDPR) came into effect on 25th May 2018 and in order to comply with these we are contacting our clients to reassure you that we take the security of your data very seriously.
The Data Protection Act 1998 (DPA) governs the use of information about people (personal data).This data can be held on a computer or as a hard copy file and includes e mail and photographs.
GDPR outlines the following rules relating to personal data:
- Personal data must be processed lawfully, fairly and in a transparent manner in relation to the individual concerned.
- It must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with this.
- Personal data collected must be adequate, relevant and limited to what’s necessary.
- It must be accurate and kept up to date, and every reasonable step must be taken to ensure that personal data that’s inaccurate is erased or rectified without delay.
- It must be stored in a way that identifies the individual for only so long as it’s needed.
- It must be processed in a way that ensures appropriate security including protection against loss, destruction, or damage, and unauthorised or unlawful access.
Processing of personal data is only lawful if at least one of the following applies:
- the individual has given consent for one or more specific purposes;
- there is a legitimate interest such as forming a contract with an individual
- a legal obligation must be complied with
- to carry out a public task
- there is a vital interest such as medical information
- personal data is not sent outside the European Economic Area to a country that does not provide adequate protection.
HPL & RCT are legally responsible for complying with the Act and determines what purposes personal information will be used for. We are committed to ensuring your privacy is protected and ensure that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
We currently hold your name and contact details on the HPL/RCT database and use these to send you information about our forthcoming courses and our work with disadvantaged and vulnerable young people.
We need to collect and use certain types of data in order to carry out our work. This information is collected and dealt with appropriately by the Data Controller of HPL & RCT.
The type of information we collect includes:
- Instructors’ contact details and copies of all relevant certificates pertaining to the work they do for us
- completed booking forms which form the basis of a contract between HPL & clients
- completed consent forms which contain emergency and medical contact information and must be completed by anyone taking part in an activity
- pre-course information regarding dietary requirements/medical conditions
- photographs and recordings by prior agreement from course participants
The Information is collected to
- help plan and deliver our activity programmes effectively
- ensure the safety of our clients
- tailor the service we offer to the clients
- manage payments due on accounts
- manage our client relationships and keep them updated with information regarding our services
- Produce marketing material to promote the work of RCT & HPL
On May 25th 2012 a European Union law was implemented by UK legislation, The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, with a requirement that websites that leave non-essential cookies on visitors’ devices have to inform the visitor what these cookies are. Our website complies with this law by providing information on the cookies we use so that if you choose you can either modify your browser settings to manage cookies or leave the website.
Non-essential Cookies also enhance our web site performance in a number of ways, personalising your experience on our site, making it more convenient for you.
If you do not wish to disable cookies then you have the option to leave the website.
Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately. We will ensure that information is confidentially destroyed at the end of the relevant retention period.
Personal data will be destroyed three months after completion of a course. If an accident report or complaint is recorded, information will be retained until that process is concluded.
If you agree to photographs and recordings being taken of you or your child these images may be used by our organisation for publicity and marketing purposes for two years. After this time the images will be archived securely or destroyed in accordance with our Retention Schedule.
You can update your information or have your personal data removed from our records by sending an e-mail to firstname.lastname@example.org. By removing your data we will no longer be able to contact you regarding our activities. You may request details of personal information which we hold about you under the Data Protection Act 1998.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
For more information visit The Information Commissioner’s website (www.ico.gov.uk)