Privacy & Cookies
The Deptford Challenge Trust
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”). We also comply with the Privacy and Electronic Communication Regulations (“PECR”).
2. Who are we?
The Deptford Challenge Trust is a registered charity which aims to improve the quality of life for people who live and work in a defined area of Lewisham, covering Deptford and parts of New Cross by giving grants to organisations operating for Deptford purposes.
Any personal data that we collect will only be in relation to the work we do to further the objects of our Charity.
3. How do we process your personal data?
The Deptford Challenge Trust complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
- to process grant applications (on our behalf by the London Community Foundation)
- to inform you of events and activities that are run by the Charity.
4. Sharing your personal data
Your personal data will be treated as strictly confidential. We will only share your data with third parties outside of the organisation if there is a legitimate reason to do so or with your permission.
5. How we protect your personal data
We take appropriate measures to ensure that the information discussed to us is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.
6. How long do we keep your personal data?
We keep data in accordance with the guidance set out in our Data Protection Policy, a copy of which is available on our website.
7. Our website
8. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Company Secretary by writing to the Deptford Challenge Trust.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Resources & Further Information
- Overview of the GDPR - General Data Protection Regulation
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
Adopted June 2018
Data Protection Policy
The purpose of this policy is to enable Greenwich Hatcliffe Charity to comply with the General Data Protection Regulations 2018 (GDPR) in respect of the data it holds about individuals.
The Charity will:
- · follow good practice;
- · protect residents, Trustees, staff, volunteers and other individuals by respecting their rights;
- · demonstrate an open and honest approach to personal data; and
- · protect the Charity from the consequences of a breach of its responsibilities.
The Data Protection Act 1998 requires that:
- information is collected only for one or more specified and lawful purposes and not processed for any other purpose;
- it is kept secure;
- it is adequate, relevant and up to date;
- it is not excessive and kept only for as long as it is needed;
- the person about which the information is held may have access to it on request.
Personal data Personal data is any data from which an individual can be uniquely identified, which includes sensitive information such as that listed below, which would be regarded as a more serious breach if released:
- racial or ethnic origin
- political opinion
- religious or other beliefs
- trade Union membership
- physical or mental health
- sexual life
- criminal proceedings or convictions.
This policy applies to all the information that we control and process relating to identifiable, living individuals including contact details, bank details and photographs.
2. Data Storage and processing
Greenwich Hatcliffe Charity recognises that data is held about:
- · residents
- · Trustees
- · staff
- · almshouse applicants
- · grant applicants
This information is always stored securely and access is restricted to those who have a legitimate need to know. We are committed to ensuring that those about whom we store data understand how and why we keep that data and who may have access to it. We do not transfer data to third parties without the express consent of the individual concerned.
3. Rights of individuals
All individuals who come into contact with Greenwich Hatcliffe Charity have the following rights under GDPR:
- a right of access to a copy of their personal data
- a right to object to processing that is likely to cause or is causing damage or distress
- a right to object to decisions being taken by automated means
- a right, in certain circumstances, to have inaccurate personal data rectified, blocked, erased or destroyed and
- a right to claim compensation for damages caused by a breach of GDPR.
Archived records are stored securely and the Charity has clear guidelines for the retention of information.
4. Trustees’ Responsibilities
The Trustees recognise their overall responsibility for ensuring that the Charity complies with its legal obligations. A trustee, currently Helen McIntosh, is responsible as follows:
- briefing Trustees on Data Protection responsibilities
- reviewing Data Protection and related policies
- advising other staff on Data Protection issues
- ensuring that Data Protection induction and training takes place
- handling subject access requests.
All Trustees and staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their roles.
Significant breaches of these policies will be handled under disciplinary procedures.
5. Key risks to the safety of data control and process:
The Trustees have identified the following potential key risks:
- breach of confidentiality (information being given out inappropriately)
- individuals being insufficiently informed about the use of their data
- misuse of personal information by staff
- failure to up-date records promptly
- poor IT security and
- direct or indirect, inadvertent or deliberate unauthorised access.
The Trustees will review the Charity’s procedures regularly, ensuring that the Charity’s records remain accurate and consistent and in particular:
- IT systems will be designed, where possible, to encourage and facilitate the entry of accurate data
- data on any individual will be held in as few places as necessary and Trustees and staff will be discouraged from establishing unnecessary additional data sets
- effective procedures will be in place so that relevant systems are updated when information about an individual changes.
If a breach of data security is suspected or occurs, the Trustee responsible for Data Protection should be notified immediately.
6. Subject Access Requests
Any individual who wants to exercise their right to receive a copy of their personal data can do so by making a Subject Access Request, (‘SAR’) to the Clerk. The request must be made in writing and the individual must satisfy the Clerk of their identity before receiving access to any information.
A SAR must be answered within 40 calendar days of receipt by the Charity.
7. Collecting and using personal data
Greenwich Hatcliffe Charity typically collects and uses personal data in connection with the provision of housing for people of limited financial means, and for the processing of grant applications, in its area of benefit, defined as five miles from the almshouses in Tuskar Street, and south of the River Thames.
The Charity collects personal data mainly in the following ways:
- by asking applicants for accommodation and grants to complete paper forms;
- by asking residents to give staff information verbally.
Greenwich Hatcliffe Charity will:
- not use any of the personal data it collects in ways that have unjustified adverse effects on the individuals concerned;
- be transparent about how it intends to use the data and give individuals appropriate privacy notices when collecting their personal data;
- handle people’s personal data only in ways they would reasonably expect;
- not do anything unlawful with the data.
8. Keeping Data Secure
The Charity will take all appropriate measures to prevent unauthorised or unlawful processing of personal data and to protect personal data against loss, damage or destruction. This means that: (below are examples)
- personal files for residents, Trustees, staff. applications for grants and accommodation will be kept locked at all times with access only by authorised staff;
- electronic files containing personal data will be password protected and passwords will be changed on a regular basis;
- backed up electronic data will be held securely on an alternative site or when off-site it will be encrypted, password protected and only accessed by named staff;
- if any data is taken from the office (e.g. to work at home) the data must be held securely at all times whilst in transit and at the location the data is held.
9. Retention of personal data
The Charity will not keep personal data for longer than is necessary. This means that, for example:
- a resident’s file will be completely destroyed after three years of the resident leaving or passing away;
- records of complaint/investigations concerning residents will be destroyed three years after the resident leaves or passes away;
- application forms for unsuccessful applicants will be destroyed three years after the date of application;
- grant application forms will be destroyed six years after the date of application;
- Trustees and staff will only keep personal data relating to anyone connected to the Charity at their home for the duration of the period it is necessary for them to discharge their duties;
- Trustees personal files will be destroyed three years after ceasing to be a Trustee;
- staff personal files will be destroyed six years after employment ceases.
10. Managing Agent
The Trustees will ensure that the managing agent of its almshouses will have adequate policies and procedures in place to ensure compliance with GDPR.
11. More information
Full information about the Data Protection Act, its principles and definitions can be found at www.ico.gov.uk.
Adopted June 2018