Data Protection Policy: Difference between revisions

From Freegle Wiki
Jump to navigationJump to search
No edit summary
(Small edits to align document to Disaffiliation Procedure etc.)
 
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Personal Data Policy ==
== Personal Data Protection Policy ==


'''Policy aims :'''
'''Policy aims :'''


* To keep the trust of our membership
* To maintain the trust of our membership by keeping data safe.
* To comply with all UK laws on Data Protection
* To comply with all UK laws on Data Protection
* To be open about all of the data we have associated to members, allowing them to ensure it is accurate.
* To be open about all of the data we have associated to members, allowing them to ensure it is accurate.
Line 12: Line 12:
'''Scope of Personal Data held''' - Freegle will aim to minimise the amount of data it keeps to only that necessary to deliver the services to members.  
'''Scope of Personal Data held''' - Freegle will aim to minimise the amount of data it keeps to only that necessary to deliver the services to members.  


'''Use of Data''' - Freegle will only use members personal data to help aid the purpose of furthering to stated aims of Freegle in the communities it serves. These are the reuse of materials and sharing local charity events and volunteer opportunities.  
'''Use of Data''' - Freegle will only use members' personal data to help aid the purpose of furthering to stated [[Freegle Aims|aims]] of Freegle in the communities it serves.  


'''Allowing Members Access to Data''' - Freegle will allow its members to see all the personal data (and other associated data if possible) we have on the Freegle systems
'''Allowing Members Access to Data''' - Freegle will allow its members to see all the personal data (and other associated data if possible) we have on the Freegle system directly from the system. In addition members may request other data Freegle may have about, such as correspondence with volunteers, via a Subject Access Request made to DPO@ilovefreegle.org


'''Data Retention''' - Freegle will maintain data for the period of membership. Should members wise to have their data removed from the Freegle system they can delete their membership.
'''Age Restrictions''' - We will not maintain children's personal data, as we would then require some way to ensure that guardians consented to this. The definition of children in this respect is taken as 13 years old.  


'''Storing Data Securely''' - Freegle will use industry standard techniques to ensure that data we hold will be kept safe from unauthorised access or loss.
'''Data Retention''' - Freegle will maintain data for the period of membership, and up to 6 months after membership has ceased as part of our anti-SPAM measures. However, during these 6 months these details will not be visible. Should members wish to have their data removed immediately this can be arranged via the Data Protection Officer DPO@ilovefreegle.org <br>
Freegle Volunteers who correspond with others in relation to Freegle and its activities are advised to do so via the Freegle Direct system if possible. Freegle policy on correspondence outside of the FD system is also subject to a 6 month retention period unless the volunteer obtains consent from the correspondent that they may keep the information for an agreed longer period.  Volunteers who leave the Freegle platform are subject to the same consent expectations.
 
 
'''Storing Data Securely''' - Freegle will use industry standard techniques (e.g. access restriction, encryption, taking backups etc) to ensure that data we hold will be kept safe from unauthorised access or loss on its system. We also advise all volunteers who store personal information to keep it secure with access limited to known individuals, .
 
'''Notification of Data Breaches''' - Freegle will notify the relevant authorities of any data breach it detects. Unless there is an important reason, such as to aid law enforcement, Freegle will inform all individuals impacted by any breach and the membership in general on the details of the breach.
 
'''Data Protection Officer''' - due to the nature of Freegle we are  not legally obliged to have a Data Protection Officer [DPO]. However, we have a volunteer who undertakes this role who can be reached via email at DPO@ilovefreegle.org
 
== Useful Links ==
*[[Data Use & Protection]] - Detail of Freegle's use and protection of Personal Data
*[[Data Protection Guidelines]] - Guidelines for Volunteers
*[[Data Protection Compliance - Volunteer Task list]] - Ongoing and completed tasks
*[[Spam]] - further explanation to counter accusations that we spam!
*[[Basic Information]]
*[[Admin]]
 
[[category: Data Protection]]
[[category:Policies, Procedures, Remits]]

Latest revision as of 12:57, 17 June 2024

Personal Data Protection Policy

Policy aims :

  • To maintain the trust of our membership by keeping data safe.
  • To comply with all UK laws on Data Protection
  • To be open about all of the data we have associated to members, allowing them to ensure it is accurate.


Definition of Personal Data - Any data that separately or in combination with other elements may identify a living individual.

Scope of Personal Data held - Freegle will aim to minimise the amount of data it keeps to only that necessary to deliver the services to members.

Use of Data - Freegle will only use members' personal data to help aid the purpose of furthering to stated aims of Freegle in the communities it serves.

Allowing Members Access to Data - Freegle will allow its members to see all the personal data (and other associated data if possible) we have on the Freegle system directly from the system. In addition members may request other data Freegle may have about, such as correspondence with volunteers, via a Subject Access Request made to DPO@ilovefreegle.org

Age Restrictions - We will not maintain children's personal data, as we would then require some way to ensure that guardians consented to this. The definition of children in this respect is taken as 13 years old.

Data Retention - Freegle will maintain data for the period of membership, and up to 6 months after membership has ceased as part of our anti-SPAM measures. However, during these 6 months these details will not be visible. Should members wish to have their data removed immediately this can be arranged via the Data Protection Officer DPO@ilovefreegle.org
Freegle Volunteers who correspond with others in relation to Freegle and its activities are advised to do so via the Freegle Direct system if possible. Freegle policy on correspondence outside of the FD system is also subject to a 6 month retention period unless the volunteer obtains consent from the correspondent that they may keep the information for an agreed longer period. Volunteers who leave the Freegle platform are subject to the same consent expectations.


Storing Data Securely - Freegle will use industry standard techniques (e.g. access restriction, encryption, taking backups etc) to ensure that data we hold will be kept safe from unauthorised access or loss on its system. We also advise all volunteers who store personal information to keep it secure with access limited to known individuals, .

Notification of Data Breaches - Freegle will notify the relevant authorities of any data breach it detects. Unless there is an important reason, such as to aid law enforcement, Freegle will inform all individuals impacted by any breach and the membership in general on the details of the breach.

Data Protection Officer - due to the nature of Freegle we are not legally obliged to have a Data Protection Officer [DPO]. However, we have a volunteer who undertakes this role who can be reached via email at DPO@ilovefreegle.org

Useful Links