Privacy Statement and Data Protection Policy

Privacy statement

We will process and handle any information you provide using this website in accordance with the General Data Protection Act 2018.

By using this website to provide personal information you agree to us making your personal information available, when appropriate, to a limited number of employees of The Elizabeth Foundation and select volunteers engaged in database work, subject always to compliance with the General Data Protection Act 2018.

We will use any personal information you provide for the purpose of providing services to you and your family and furthering the stated aims of the charity. We will look after and use your data with care and we will never sell or share it unless required by law or without your permission.

You can read our Data Protection Policy (below) which details what you can expect from us and how we collect and manage information you might provide to us.

You can choose to change the way we communicate with you by contacting [email protected] or phoning 023 9237 2735 and asking to speak with a member of our Finance Team. You can opt out of receiving any communication from us at any time and we will respect your wishes.

You have the right to request information we hold about you after providing appropriate proof of identity. Email [email protected] or phone 02392 372735 and ask to speak with our Data Protection Officer (John Atherton, Finance Director). See the Data Protection Policy (below) for more information.

Data Protection Policy

How we will use, store and protect your personal information

For the purposes of this policy, "personal information" covers any data that enables us to identify you as an individual such as your name and email address. When you supply information to us, we are legally obliged by the General Data Protection Act 2018 (see below) to ensure that we only use any information you have provided for the purpose for which it was requested, and to ensure that we keep/store the data securely.

We will never pass your details onto a third party without gaining prior consent. However, if required to do so by law, we may be required to disclose information about you.

Sometimes we may ask to share personal information regarding you, your family and your child in order to offer you the best support available from a range of agencies. We will only do this if you have given your prior consent.

The General Data Protection Act 2018

The General Data Protection Act 2018 sets out what can and what cannot be done with personal data that is information about living individuals. The Elizabeth Foundation is placed under a legal obligation to comply with the provisions of this Act and is committed to a policy of protecting the rights and freedoms of individuals with respect to giving them a choice at to how their personal data is processed, used and stored.

Commitment to the protection of personal information

In order to function properly, The Elizabeth Foundation needs to collect and use certain types of information about staff, service beneficiaries and other individuals who come into contact with the charity in order to operate effectively. In addition, it is required by law to collect and use certain types of information to comply with the requirements of government departments – different LEAs, statutory and non-statutory funders and other bodies. This personal information must be dealt with properly however it is collected, recorded and used, and there are safeguards to ensure this in the General Data Protection Act 2018.

The Elizabeth Foundation regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions and to maintaining confidence between those with whom we deal and ourselves. We ensure that The Elizabeth Foundation treats personal information lawfully and fairly.

Scope of the policy

The General Data Protection Act applies to electronic and paper records held in structured filing systems containing personal data, meaning data which relates to living individuals who can be identified from the data. This includes any expression of opinion about an individual and intentions towards an individual. It also applies to personal data held visually in photographs or video clips (including CCTV) or as sound recordings. The Elizabeth Foundation collects a large amount of personal data every year.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the General Data Protection Act 2018.

The principles of the policy

The principles may be summarised as follows, and are intended to make sure that the personal information of “data subjects” (the people about whom information is held) is handled properly.

Under the principles, data must be:

  • fairly and lawfully processed
  • processed for limited purposes
  • adequate, relevant and not excessive
  • accurate
  • not kept for longer than is necessary
  • processed in line with the rights of data subjects
  • secure
  • not transferred to countries that are not able to ensure an adequate level of data protection

Individuals will have the following rights:

  • right of access (to see what is being held about them)
  • right to rectify (to be able to correct any incorrect information)
  • right of erasure (to have their details removed – The Elizabeth Foundation only keeps data we are legally obliged to keep – for example for financial or Gift Aid purposes
  • right to restrict processing (but not delete) i.e. individuals may choose what and how they would like information
  • right of portability (to have their data transferred to another organisation if they wish)
  • right to object to their data being held
  • right not to be profiled for wealth screening or any other enhancement of data already held
Data Protection standards

The Elizabeth Foundation will, through appropriate management and adherence to agreed procedures:

  • Individuals who have not given permission to be contacted after 25 May 2018 may be contacted if there is a legitimate interest to do so and in doing so The Elizabeth Foundation will adhere to the Information Commissioner’s Office (ICO) published information and guidelines.
  • observe fully the conditions regarding the fair collection and use of information
  • meet legal obligations to specify the purposes for which information is used
  • collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or comply with legal requirements
  • make reasonable efforts to ensure the quality of information used
  • apply checks to determine the length of time various types of information are held
  • ensure that the rights of data subjects can be fully exercised under the Act, with reference to currently available guidance and good practice available from the Information Commissioner’s Office and The Institute of Fundraising
  • take reasonable and appropriate measures to safeguard personal information
  • ensure that personal information is not transferred abroad without appropriate safeguards
  • treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information
  • use secure methods for communication containing sensitive information, particularly where an individual can be identified – all key education staff are registered on a secure website through NHS.net
Management arrangements

At The Elizabeth Foundation, the Board of Trustees we will ensure that:

  • individuals can contact The Elizabeth Foundation’s Data Protection Officer who is responsible for GDPR (contact details below)
  • this Privacy Notice and Data Protection Policy will be available to view/download at The Elizabeth Foundation’s website and written in plain English
  • The Elizabeth Foundation’s data registration with the Information Commissioner is kept up to date
  • appropriate terms and conditions about managing and handling personal information are included in staff contracts of employment
  • guidance and training is made available to staff about Data Protection issues; using for instance, training materials produced by the Information Commissioner

Financial information

This website is a secure website (as indicated by its web address beginning with https:// and active SSL certificate). This means that any information you send using a form on this website is encrypted before being sent from your device (computer, tablet, smartphone or other web-enabled device) over the Internet to this website’s server, so the information is transmitted securely.

Online payments

To handle online payments for this website, we may need to share your information with our service providers, associated organisations and agents. This website currently uses Stripe (https://stripe.com) to ensure your financial information is processed efficiently, securely and cost-effectively. We cannot, however, be held responsible for the privacy of personal information collected by these companies.

Cookies

Cookies are small pieces of information a website sends to your computer to be stored on your hard drive so that the website can recognise you when you next visit. The law states that we can store cookies on your machine if they are essential to the operation of this site but that for all others we need your permission to do so. By using this website you agree to these cookies being installed on your device. Please note: If you do not have cookies enabled for this website you may not be able to access all this website’s features or functions.

See our Cookie Policy for further details (the contents of our Cookie Policy form part of our Terms and Conditions).

How you can access the information we hold about you

As an individual you have the right to request any information we hold about you after providing appropriate proof of identity. You must give written notification of the request (see contact details below), provide proof of identity and make a payment of £10. We will then respond within 40 days.

Data Protection Contact Details

  • Data Protection Officer - John Atherton, Finance Director
  • Organisation name: The Elizabeth Foundation
  • Registered office: Southwick Hill Road, Cosham, Hampshire, United Kingdom, PO6 3LL
  • Email [email protected]
  • Telephone 02392 372735
Malcare WordPress Security