Greencuisine Trust Data Protection Policy

 

1. Introduction

This policy outlines how GreencuisineTrust (hereafter referred to as "the Charity") collects, uses, stores, and protects personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The Charity is committed to safeguarding the privacy and security of the personal information we hold.

 

2. Purpose of the Policy

The purpose of this policy is to ensure that the Charity:

Complies with data protection law and follows best practices.

Protects the rights of individuals whose personal data we process.

Is transparent in how it collects, stores, and processes data.

Prevents data breaches and ensures personal data is protected against unauthorized access.

​​

3. Scope of the Policy

This policy applies to:

All employees, trustees, volunteers, contractors, and anyone working on behalf of the Charity.

All personal data processed by the Charity, whether it is stored electronically or in paper format.

 

4. Key Principles

The Charity adheres to the principles set out by GDPR:

Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.

Purpose Limitation: Data is collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimization: Only the data necessary for the purposes for which it is processed is collected.

Accuracy: Personal data is kept accurate and up to date.

Storage Limitation: Data is kept only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality: Appropriate security measures are taken to protect personal data against unauthorized access or breaches.

 

​5. Data Collection and Use

Personal Data: The Charity collects personal data such as names, addresses, emails, phone numbers, and other necessary information for legitimate operational purposes (e.g., managing staff, volunteers, students, donors).

Special Category Data: Where necessary, the Charity may collect special category data (e.g., health information) only with expicit consent.

Data Processing: The Charity ensures that personal data is processed based on one of the lawful bases outlined in GDPR (e.g., consent, contract, legal obligation, legitimate interest).

 

6. Data Security

The Charity takes appropriate technical and organizational measures to ensure the security of personal data, including:

Password protection on all electronic devices.

Encryption where necessary.

Regularly updated antivirus software.

 

7. Data Retention

Personal data will only be retained for as long as necessary. Once data is no longer needed, it will be securely deleted or destroyed. The Charity maintains a data retention schedule that outlines the retention period for different types of personal data.

 

8. Data Sharing

The Charity will not share personal data with third parties unless:

We have obtained explicit consent.

It is required by law.

There is a legitimate interest, and it complies with data protection law.

Where data is shared with third parties (such as contractors), appropriate due diligence and agreements are in place to ensure compliance with GDPR.

 

9. Data Subject Rights

Individuals whose personal data is processed by the Charity have the following rights:

Right to Access: Request access to their personal data.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of their data, where applicable.

Right to Restriction of Processing: Request to limit the processing of their data.

Right to Data Portability: Request a copy of their data in a portable format.

Right to Object: Object to the processing of their data for certain purposes (e.g., direct marketing).

Right to Withdraw Consent: Withdraw consent at any time if processing is based on consent.

 

10. Data Breach Procedures

In the event of a data breach, the Charity will:

Assess the severity of the breach.

Report any breaches to the Information Commissioner’s Office (ICO) within 72 hours, if necessary.

Notify affected individuals without undue delay if there is a high risk to their rights and freedoms.

 

11. Training and Awareness

The Charity provides regular training to staff, volunteers, and trustees to ensure awareness of data protection laws and practices. Everyone is required to adhere to this policy and to report any concerns or breaches immediately.

 

12. Review and Updates

This policy will be reviewed annually and updated as necessary to ensure continued compliance with data protection laws.

 

13. Contact Information

If you have any questions or concerns about this policy or how we handle your personal data, please contact:

Data Protection Officer: [tbc October 2024]

Email: [tbc October 2024]

Phone: [tbc October 2024]

​​