The Mentor Ring (TMR) is committed to complying with all relevant laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information TMR collects and processes in accordance with General Data Protection Regulations (GDPR).
Purposes of data held by TMR:
Data may be held by TMR for the following purposes:
1. Staff Administration
3. Realising the Charitable Objectives of TMR
4. Accounts & Records
5. Advertising, Marketing & Public Relations
6. Information and Database Administration
7. Journalism and Media
8. Processing for ‘Not for Profit’ Organisations
Data Protection Principles:
In order to comply with the 8 principles of data protection TMR ensures it has:
1. Fairly and lawfully processed personal data:
TMR will always put its logo on all paperwork, stating our intentions on processing the data and state if, and to whom, we intend to give the personal data. TMR will also provide an indication of the duration for which the data will be kept.
2. Processed for limited purpose:
TMR will not use personal data for a purpose other than that agreed by data subjects (voluntary and community group members, staff and others).
If the personal data held by us is requested by external organisations for any reason, this will only be passed on if the data subjects agree.
Personal data collected and retained by TMR for the purposes stated above will not be released for direct marketing purposes, whether or not the data subjects agree.
Wherever possible (e.g. reports to funders, auditors etc.) all personal data will be de-personalised and aggregated to reduce the likelihood of individual identification.
3. Adequate, relevant and not excessive:
TMR’s nominated data controller will proactively monitor the personal data we hold for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data is held. If data given or obtained is excessive for such purpose, it will be immediately deleted or destroyed.
4. Accurate and up-to-date:
We will regularly review all personal data to ensure it remains accurate and up-to-date and will provide relevant data subjects (e.g. staff, volunteers, beneficiaries) with a copy of their personal data once for information and updating where relevant.
All amendments will be made immediately and data no longer required will be deleted or destroyed.
It is the responsibility of individuals and organisations to ensure the data held by TMR is accurate and up-to-date. Completion of an appropriate form (provided by us) will be taken as an indication that the data contained within is accurate.
Individuals should notify TMR of any changes, to enable records to be updated accordingly. It is the responsibility of the nominated TMR Data Controller to act upon notification of changes to data, amending where relevant.
5. Not kept longer than necessary:
We actively discourage the retention of data for longer than it is required. All personal data will be deleted or destroyed by TMR after one year of retention unless further retention can be legally justified (e.g., ongoing employment or volunteering, ongoing casework or necessary for financial or other records).
6. Processed in accordance with the individual’s rights:
All individuals that TMR holds data on have the right to:
• Be informed on request of all the information held about them within 40 days;
• Prevent the processing of their data for the purpose of direct marketing;
• Compensation if they can show that they have been caused damage by any contravention of the Data Protection Act;
• The removal and correction of any inaccurate data about them.
Appropriate technical and organisational measures shall be taken to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of data. This includes mandatory data protection and confidentiality training provided as part of TMR’s induction processes and awareness of this policy.
All TMR computers have a password protected log-in system and our Contact Database is also password protected, which allows only authorised staff to access personal data.
Passwords on all computers are changed frequently and all PC users are strongly encouraged to log off when away from their workstations to ensure ICT security is maintained.
All hard copies of personal and financial data are kept in a locked filing cabinet and can only be accessed by authorised officers.
When staff members or volunteers are using TMR laptop computers out of the office care will always be taken to ensure that personal data on screen is not visible to unauthorised individuals.
8. Not transferred to countries outside the UK unless the country has adequate protection for the individual:
Personal data will not be transferred to countries outside the UK without the explicit consent of the individual.
TMR takes particular care to be aware of this when publishing information on the Internet, which can be accessed from anywhere in the globe. This is because transfer includes placing data on a web site that can be accessed from outside the UK.
Right to object – the right to object to our use of data including where TMR use it for legitimate interests.
Enquiries – To make enquiries please contact us via firstname.lastname@example.org
Complaints – If you are not satisfied with the way a complaint you make in relation to your data is handled by us, you may be able to refer your complaint to the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/.
It is important that the data TMR hold is accurate and current. Please keep us informed if data changes during the period for which TMR hold it at email@example.com.
This Privacy Statement will be reviewed annually.