General Data Protection Regulation (DGPR)
The General Data Protection Regulation (GDPR) is a new, Europe wide law that replaces the Data Protection Act 1998 in the UK. It is part of a wider package of reform to the data protection landscape that included the Data Protection Bill. The GDPR sets out requirements fo how organisations will need to handle personal data from 25 May 2018.
The GDPR applies to ‘personal data’, which means any information relating to an identifiable person.
Many of the GDPR’s main concepts and principles are much the same as those in the Data Protection Act and Trauma Aid UK is already complying properly with this law (for instance in how we hold and process personal information).
– the right to be informed;
– the right of access;
– the right to rectification;
– the right to erasure;
– the right to restrict processing;
– the right to object; and,
– the right to data portability (allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without affecting its usability);
– the right not to be subject to automated decision-making including profiling (Trauma Aid UK does not do this).
1. The right to be informed
1.1 We will only collect personal information voluntarily provided by you with your consent when you enquire about our activities, register as a member with us or subscribe to one of our services (for instance our Monthly Update/Newsletter).
[Up to 25 May 2018, if you joined Trauma Aid UK you would receive our Monthly Update/Newsletter. In future, there will be a specific question on the Membership Application form. On the Monthly Update/Newsletter itself there has always been an UNSUBSCRIBE button at the bottom. If you sign up on the web site specifically for the Monthly Update/Newsletter then this is an informed consent.]
1.2 If you have provided information to us we will record: First and Last Name; Address; email address; whether you have set up a standing order and the date it is paid; whether Gift Aid is applicable and the date that you signed up to it; donations made (when and how); whether you have been sent a receipt for the donation(s); if you have signed up as a volunteer supervisor; occasional brief notes (for instance if the name on the account via which you make donations differs from the First and Last name of your membership). We also note whether or not you have elected to receive our Monthly Update/Newsletter (the right to restrict processing applies).
1.3 We will also hold information that you have provided to us when registering for events (for instance at the annual Consultants’ Day: dietary requirements and EMDR professional status).
1.4 When you make donations through PayPal the transaction details are held within PayPal; similarly any payments to our bank account are held by the bank. We do not hold any details within our records bar those already listed in 1.2-1.3.
1.5 Since we hold records of donations this information will be held for a maximum period of six years.
2. Our use of this information
2.1 Your personal information will only be used to process your requests, to provide you with our services, and to provide you with information relating to our services. These communications are for instance: receipts sent following donations; the Monthly Update/Newsletter; and, occasional notifications of training.
2.2 We generate statistics about the numbers of members, the numbers paying by standing order etc. and these are regularly presented to Trustees and annually at the Trauma Aid UK Annual General Meeting. These statistics are aggregated and anonymised; it is not possible to identify personal details.
2.3 We have not and will not share your information with any other organisation except for 2.4 below.
2.4 When claiming Gift Aid from HM Revenue and Customs we are required in some instances (most donations are aggregated into daily totals) to provide brief name and address details.
2.5 Data portability has always applied on the Trauma Aid UK web site when donors make payments through PayPal, the user does not have to re-enter information into PayPal that has already been securely entered on our web site. The Monthly Update/Newsletter is created within a secure on-line service called Mailchimp which is used by many other organisations. Whilst lists are held temporarily on Mailchimp with name and email details they are used only for the purpose of circulating the newsletter or other communication and are subsequently deleted.
3. Access to this information and your right of access
3.1 The information is held and processed on a single computer held by the Membership Secretary (who is a Trustee). It is only made available to other Trustees for specific purposes, for instance management of Volunteer Supervisors, event registrations or to the Treasurer (a Trustee) for Gift Aid and annual account preparation. All processing for receipts is performed off-line.
You have the right to request the information that we hold: already the receipts contain most of this information and email confirmations when you sign up as a Volunteer Supervisor or to an event contain this information.
4. Security, rectification and erasure
4.1 We take reasonable precautions to prevent the loss, misuse or alteration of information you give us. The information we hold is regularly backed-up securely both on-line (over an https secure service) and off-line. All access to data is password protected. You have a right to contact us if you believe any of the information held by us is incorrect and we will correct it. You may ask us to delete information and we will do so.
4.2 Communications are normally sent by e-mail. For ease of use and compatibility, communications (other than payments where applicable) will not be sent in an encrypted form. E-mail unless encrypted is not a fully secure means of communication. Whilst we endeavour to keep our systems and communications protected against viruses and other harmful effects we cannot bear responsibility for all communications being virus-free.
5.1 A cookie is a small piece of data or message that is sent from a website’s server to your web browser and is then stored on your hard drive. They’re generally used to improve your user experience by – for example – remembering what’s in your online shopping basket (not applicable on the Trauma Aid UK web site) or keeping you logged in on a website as you navigate from one page to another (not applicable on the Trauma Aid UK web site). Cookies can’t read data off your hard drive or other cookie files, and do not damage your system.
6. Other information and the right to object
6.1 If you would like us to correct or update any information, or if you would like information deleted from our records, then please email us at firstname.lastname@example.org