USER PERSONAL DATA PROCEDURES
Upon booking certain personal details will be retained belonging to the person booking the beach access equipment out, namely: Name, Address, Post Code, Mobile Phone number.
This information is recorded on a paper sheet by the person who took the booking call. The number used to make the booking, if different from the number given, will not be retained without the booker’s permission.
This information is retained until the end of the ‘loan’.
This may be retained longer in the event of an accident to person or incident to equipment, or in the event of a safeguarding disclosure and may require further personal details to aid in the investigation.
At the end of the loan or end of any investigation, all information on paper will be shredded and any information held on electronic devices will be deleted.
Only the postcode will be retained if permission has been granted to aid with Fundraising applications.
We also require any volunteer’s personal mobile phone information to be deleted by the booker after the loan period has ended. Any contact required with the organisation after this period must be made through the Charity’s phone number 0300 999 4444.
Data Protection Policy
We are covered by the General Data Protection Regulation (2018). This means if we store your data we are obliged to ask your permission to do so, and you have rights over that data at all times, including checking it for accuracy and the right to ask for it to be deleted in a timely fashion as per the regulations.
If we ask you for data to send to a third party we will inform you of this at the time and you have the right to decline.
To comply with the legislation we have a Data Protection Policy document, we have a consent form, we also have data protection procedures including reviews of what data we hold and how/where it is stored.
We will keep a paper record of any consent, which will be destroyed by shredding at the same time as any electronic data is deleted, if you request us to do so or as stipulated in our procedures.
We will conduct annual audits of all personal data: what it is, whether it still required and where it is stored. Anything deemed to be no longer relevant will be immediately destroyed by shredding or deletion.
We will designate a Data Protection Officer.
Our Lawful Bases (as per Article 6(1), Article 6(2) and Recital 40) are: Consent: “the individual has given clear consent for you to process their personal data for a specific purpose” and Legitimate Interest: “the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.”
RECORD OF CONSENT
TO HOLD TRUSTEE/VOLUNTEER PERSONAL DATA
Beach Access North East needs to hold your personal information, namely your full name, address, email address and telephone numbers. We require this information to ensure the smooth running of the organisation. If you are Trustee we ask you to give this information and more directly to NEREO who act as our Disclosure Barring service agency, your privacy is covered by their adherence procedures to the General Data Protection Regulations. We also ask for this information to register you as a Trustee with the Charities Commission.
We do not pass this information on to any other third party.
Our lawful bases as per the Regulations are Consent: “the individual has given clear consent for you to process their personal data for a specific purpose” and Legitimate Interest: “the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.”
We store this information on our google docs platform accessible only to registered users, you will be given an account by our secretary who is the administrator for this platform. Trustees or volunteers may store this information on personal mobiles and other electronic devices and only if they are password protected. They are all bound to remove this information should you request this, within the one month period stipulated in the General Data Protection Regulations. They are all also bound only to use this information in the smooth running of the organisation and for no other purpose. Should you feel this information has been abused or procedures not followed you are entitled to complain to the Data Protection Officer - Caroline Corfield, or should you feel this is not appropriate directly to the Information Commission Office - www.ico.org.uk/concerns/
By signing below you give your permission for your personal data to be held by Beach Access North East.Reg. Charity No. 1172413 according to their Data Protection Policy.
______________________________________. Date: _________________