Data Protection Policy
INTRODUCTION
This policy explains how Hope House Haiti (UK) complies with the Data Protection At (EU GDPR) 2018. It covers information about individuals which is held by the charity in any form. It is based on the right of the individual to know what information is being held about them, and how the information will be used. All personal records will be kept by Hope House Haiti (UK) in accordance with this policy.
DATA PROTECTION RESPONSIBILITY
Overall responsibility for ensuring that Hope House Haiti (U.K) complies with its data protection obligations rests with the Data Protection Officer, Joan Baker (email: [email protected], mobile 07711616009). Information will be:
What is sensitive data? Sensitive data is personal data that inlcudes:
- Processed fairly and lawfully
- Obtained only for specified purposes
- Relevant to the purposes for which it is processed
- Accurate and kept up to date
- Not kept for longer than is necessary
- Processed according to the rights of the Data Subject under the Act
- Protected against unauthorised processing, accidental loss or damage
- Not transferred to third parties.
- Kept secure.
What is sensitive data? Sensitive data is personal data that inlcudes:
- Data on racial or ethnic origin, political opinion, trade-union membership or religious belief
- Genetic or biometric data that can be used to identify a human being
- Health related data
- Data related to sex life or orientation.
- The individual is provided sufficient information to explain why the data is needed
- The individual understands how there data will be used
- The individual understands the consequences should they decide not to give consent to processing.
DATA STORAGE AND ACCESS
Hope House Haiti (UK) will only hold personal data on computers as needed for undertaking day to day processes and operation. Data held on individual computers will be password protected and have current virus software installed. Hope House Haiti (UK) will only use online services that are industry recognised and where we are satisfied the appropriate levels of data security and protection are applied. Otherwise all personal data will be in offline storage or in files. All sensitive data will be held manually in a locked box.
When personal data needs to be deleted or destroyed, adequate measures are taken to ensure personal data is properly and securely disposed of. This includes the physical destruction of manual files through shredding, and the deletion of computer files and back up files. Data subjects have the right to have any data held about them erased under a number of circumstances, and this must also occur if they withdraw consent for all the processing for which the data is held.
Hope House Haiti (UK) trustees and volunteers, other than the Child Protection Officer in the course of their duty do not have access to information on other staff or volunteers, in accordance with the safeguarding policy. Information about individuals will not be disclosed to any third party outside of Hope House Haiti (UK) without the permission of the individual. Where images of children or teachers at the Hope House Christian Academy, Haiti are used for the purpose of fund raising or social media, permission will be obtained from the parents and teachers by Yvrose Ismael Telfort and Pierre Richard Ismael for these photographs to be used for a specified length of time. If anyone disagrees they are to make it known to he organisation.
Trustees and volunteers have the right to see the information held on them by Hope House Haiti (UK). Requests should be in writing to the Data Protection Officer and Hope House Haiti (UK) will provide a copy of the information within two weeks of receiving the request with no charge. When trustees and volunteers leave, all personnel documents will be kept in accordance with Hope House Haiti (UK)‘s procedures and policies. A record would be made of the dates they volunteered and the record would be archived.
When personal data needs to be deleted or destroyed, adequate measures are taken to ensure personal data is properly and securely disposed of. This includes the physical destruction of manual files through shredding, and the deletion of computer files and back up files. Data subjects have the right to have any data held about them erased under a number of circumstances, and this must also occur if they withdraw consent for all the processing for which the data is held.
Hope House Haiti (UK) trustees and volunteers, other than the Child Protection Officer in the course of their duty do not have access to information on other staff or volunteers, in accordance with the safeguarding policy. Information about individuals will not be disclosed to any third party outside of Hope House Haiti (UK) without the permission of the individual. Where images of children or teachers at the Hope House Christian Academy, Haiti are used for the purpose of fund raising or social media, permission will be obtained from the parents and teachers by Yvrose Ismael Telfort and Pierre Richard Ismael for these photographs to be used for a specified length of time. If anyone disagrees they are to make it known to he organisation.
Trustees and volunteers have the right to see the information held on them by Hope House Haiti (UK). Requests should be in writing to the Data Protection Officer and Hope House Haiti (UK) will provide a copy of the information within two weeks of receiving the request with no charge. When trustees and volunteers leave, all personnel documents will be kept in accordance with Hope House Haiti (UK)‘s procedures and policies. A record would be made of the dates they volunteered and the record would be archived.
DATA BREACHES
We would be informed by our Network Provider. Generic information would be kept on the I Cloud server with a secure password. Sensitive information would be protected and kept with the Child Protection Officer in a locked box. Trustees who have had sensitive information on a subject would delete this information. If a computer goes for repair or destruction, information stored on the computer on the hard drive relating to a subject by Hope House Haiti (U.K) the hard drive will be wiped securely.
SUBJECT ACCESS REQUESTS (SAR)
A subject Access Request (SAR) is a written request made by or on behalf of an individual for the information which he or she is entitled to ask for under section 7 of the Data Protection Act 1998 (DPA). The request does not have to be in any particular form, nor does it have to include the words ‘subject access’ or make any reference to the Data Protection Act. A request may be a valid SAR even if it refers to other legislation, such as the Freedom of Information Act. Requests must be written but can be made electronically by email. If someone makes a SAR orally, they must be advised to put their request in writing. All requests need to go through the Data Protection Officer. We must satisfy ourselves as to the identity of the person making the request - they must provide evidence of their identity.
This policy is to be read in conjunction with the following policies/documents: Child protection Policy, Risk Assessment Policy, Fund Raising Policy TBA Code of Conduct
This policy is to be read in conjunction with the following policies/documents: Child protection Policy, Risk Assessment Policy, Fund Raising Policy TBA Code of Conduct