The Data Protection Act 2018 brought the EU's General Data Protection Regulation (GDPR) into UK law. It governs an individuals personal data rights, including the way companies handle data and the compensation individuals can claim for misuse of personal data
As a small, non-profit charity, the Trustees consider that CAS is exempt from certain requirement of the Act under Schedule 2 (Exemptions etc from the Act), at Part 2, Para 7 (Functions designed to protect the public interest).
However, irrespective of any exemption, as best practice we abide by the following principles of the Act, set out in the ICO guidance. Namely: -
We will not keep personal data for longer than we need it.
We think carefully about – and are able to justify – how long we keep personal data. This will depend on our purposes for holding the data.
We annually review the data we hold.
We carefully consider any challenges to our retention of data. Individuals have a right to erasure if we no longer need the data.
We may keep personal data for longer if we are only keeping it for public interest archiving, scientific or historical research, or statistical purposes.
CONSENT TO HOLD DATA
We will make our consent request prominent, concise, separate from other terms and conditions, and easy to understand.
We will confirm the information is to be collected by Climate Action Strathaven
We will use the data for administration purposes only
We will not sell or otherwise utilise the information
You may withdraw your consent to us storing or using your personal data at any time.
DATA WE HOLD: -
We only hold e-mail addresses of members of the public who have specifically requested that we do so, in order that we can communicate with them. We do not hold associated names and addresses.
We hold mobile phone numbers of members of the public who have specifically requested that we do so, in order than we can communicate with them using media like WhatsApp. We do not hold associated names and addresses.
The two data sets above are not linked, and no other data is attached to this information.
In relation to management of the Charity, we hold the information required by Companies House and the Charity Regulator OSCR. Specifically in relation to GDPR, this includes the name and address details of the Trustees of the charity.
All data is securely held on password protected computer systems.
We obtain consent from persons whose data we hold at the point where they provide the data (the provision of data as noted above is noted as being explicitly for communications).
We periodically review in the advance of the AGM, the need to continue to hold the data