Data Protection Policy

Definitions

  1. Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.

  2. Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

Responsibility

  1. Overall and final responsibility for data protection lies with Aupeer CIC management board, who are responsible for overseeing activities and ensuring this policy is upheld.

  2. All staff and volunteers are responsible for observing this policy, and related procedures, in all areas of their work for Aupeer CIC.

Aupeer CIC will only collect, store and use data for:

  1. Purposes for which the individual has given explicit consent, or 

  2. purposes that are in our group’s legitimate interests, or

  3. to comply with legal obligations, or

  4.  to protect someone’s life.

Policy Statement

  1. Aupeer CIC needs to keep personal data about its staff, members, volunteers, partners and supporters in order to carry out its activities.

  2. Aupeer CIC will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.

  3. Aupeer CIC will only collect, store and use the minimum amount of data that we need for clear purposes and to deliver our services, and will not collect, store or use data we do not need.

  4. Aupeer CIC will provide individuals with details of the data we have about them when requested by the relevant individual.  Please contact aupeercic@aupeer.org.uk

  5. Aupeer CIC will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.

  6. Aupeer CIC will endeavour to keep personal data up-to-date and accurate.

  7. Aupeer CIC will store personal data securely.

  8. Aupeer CIC will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.

  9. Aupeer CIC will endeavour not to have data breaches. In the event of a data breach, Aupeer CIC will endeavour to rectify the breach by getting any lost or shared data back. Aupeer CIC will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.

  10. To uphold this policy, Aupeer CIC will maintain a set of data protection procedures to follow.