Introduction

Shama Women’s Centre needs to gather and use certain information about individuals this could be users , suppliers, employees , volunteers and other people we need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the organisations Data Protection standards and comply with the law.

Why this policy exists

To ensure that Shama Women’s Centre

  • Complies with the law
  • Protects rights of staff, customers and partners
  • Is open about how it stores and processes individuals’ data
  • Protects itselaf from risks of a data breach

Data Protection Law

The Data Protection Act 2018 describes how organisations- including Shama Women’s Centre- must collect, handle and store personal.

These rules apply regardless of whether data is stored electronically, on paper or other materials.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

Policy Scope

It applies to users, suppliers, employees, volunteers and other people we need to contact.

Data Storage

Data should be securely saved including paper and electronic files, photographs and videos backed up, with strong passwords and not saved directly on mobile devices.

Data Use

When using personal data, employees should ensure computer screens are locked, data is not shared, is encrypted before transferred.

It should be accurate and updated

Subject Request for Data

All individuals are allowed access to their own personal data, and allowed to ask what information Shama holds, how to gain access and be informed how it is kept up to date and how we meet our data protection obligations.

On occasions the Data Protection allows personal data to be disclosed to law enforcement agencies without consent of the data subject, under these circumstances Shama Women’s Centre will enclose them

Providing Information

Shama Women’s Centre aims to ensure that individuals are aware their date is being processed, used and how they can exercise their rights as per our privacy statement.

We will continue to use your data to inform you of courses, events and programmes unless you opt out.

To keep with the legalities of it all here is our updated privacy policy which contains everything you need to know on how we store your personal data, what we store, what we use it for and that we do not share your information with any third parties.

In short we hold any names, telephone numbers, addresses and email addresses that have been supplied to us by yourselves. We hold these so we can contact you about future courses, events and programmes.

1 The privacy policy of processing your personal data

 We use your personal data for the following purposes:

Informing members of events and services, including telephone consultancy.

2 The categories of personal data concerned

 With reference to the categories of personal data described in the definitions section, we process the following categories of your data:

  • Personal data: name, address, telephone numbers and email addresses.

We have obtained your personal data from information you have supplied to us either directly to us, membership forms and third parties.

3 What is our legal basis for processing your personal data?

  1. Personal data (article 6 of GDPR)

Our lawful basis for processing your general personal data:

Processing necessary for the performance of a contract with the data subject or to take steps to enter contract.

  1. Sharing your personal data

Your personal data will be treated as strictly confidential, and will not be shared with anyone, unless legal authorities need access to it.

  1. Your rights and your personal data

Unless subject to an exemption under GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interest ( or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purpose of scientific/historical research and statistics).

Date: 27/10/20

Next review 27/10/22