Hipp!!Bones Charity (the “charity”) complies with its obligations under the General Data Protection Regulation (GDPR) by ensuring personal data is processed lawfully and in a transparent manner; and that it is relevant and limited to what is necessary. We protect personal data from loss, misuse, unauthorised access and disclosure by ensuring that appropriate technical measures are in place.
The Hipp!!Bones management committee is the data controller and is responsible for your personal data and decides how your personal data is processed and for what purposes.
1. Your personal data – what is it?
Personal data is anything that could allow a living person to be identified.
2. What personal data is collected from you and why?
Personal data in the form of name, date of birth, address, phone number/email, emergency contact details, and doctors details; along with respite carer details and young people’s learning, physical, health, communication, behaviour and/or personal care needs (if applicable) will be used for the following purposes:
- to enable us to provide a service for the benefit of young people with special needs and disabilities within the local area as specified in our constitution;
- to administer membership records;
- to manage our employees and volunteers;
- for the safety and protection of young people and staff;
- to maintain our own accounts and records;
- to inform you of our club programme, news, events and other activities.
3. On what lawful basis is your personal data collected and processed?
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose. Hipp!!Bones achieves this by asking individuals to positively ‘opt in’ to processing your personal information collected on membership forms, staff detail forms, off-site consent forms and media consent forms.
- Contract: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Hipp!!Bones collects and processes data to fulfil contractual obligations by obtaining references to process applications and issuing contracts of employment for paid staff.
- Legal Obligation: the processing is necessary for you to comply with the law (not including contractual obligations. Hipp!!Bones collects and processes data to fulfil legal obligations, through carrying out DBS checks on all staff and adult volunteers, providing an auto-enrolment pension, using HMRC services, and Health & Safety.
- Vital Interests: the processing is necessary to protect someone’s life. Hipp!!Bones collects and processes personal data to fulfil vital interests through gaining consent for Emergency Medication (where applicable), agreeing to a member receiving emergency medical treatment, if considered necessary by the medical authorities present, and gastrostomy tube feeding.
- Legitimate Interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is good reason to protects the individual’s personal data which overrides those legitimate interests. Hipp!!Bones collects and uses personal data on the lawful basis, that it is necessary and in it’s legitimate interests to do so, for example, the provision of personal data is required to enable us to meet the varied learning, physical, health, communication and/or behaviour needs of our members.
4. Sharing your personal data
The management committee will treat all personal data as strictly confidential. We will not share your data with third parties without your consent, unless legally obliged to do so or to protect the vital interests of members or staff.
5. How is personal data stored?
- Hipp!!Bones laptop with password protection (see Hipp!!Bones Password Protection Policy);
- Manually in secured filing cabinet at headquarters;
- Groop Management Platform: groop.com/privacy-policy/
- Hipp!!Bones dedicated mobile phone with PIN security;
- Hipp!!Bones Youth Support Worker in Charge email address: email@example.com;
6. How long will personal data be stored?
- Volunteer records will be destroyed 1 year after leaving;
- Membership records will be destroyed 1 year after your membership lapsed;
- Offsite Consent Forms will be destroyed one month after the trip;
- Incident/accident forms will be kept for the life of the organisation
- Safeguarding log/concern forms will be kept for the life of the organisation
- Photographs will be kept for the life of organisation, unless right of erasure requested.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Hipp!!Bones holds about you;
- The right to request that Hipp!!Bones corrects any personal data if it is found to be inaccurate or out of date;
- The right to request that your personal data is erased where it is no longer necessary for Hipp!!Bones to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice prior to commencing the processing.
9. Contact Details
To exercise all relevant rights, queries or complaints in the first instance contact Serena Burgess, Secretary at firstname.lastname@example.org or on 07519317162
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF