If you have any comments or questions about this policy, feel free to contact us at firstname.lastname@example.org
1. GENERAL PROVISIONS
- The Interlink Foundation is committed to protecting your privacy. This policy outlines how we keep your personal data safe.
- This policy applies to all personal data processed by The Interlink Foundation
- The Responsible Person shall take responsibility for the Charity’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually
- This policy is complainant with the rules set out by the General Data Protection Regulation (the GDPR), relevant other legislation and regulations of the Information Commissioner’s Office (the ICO)
- The Interlink Foundation is registered with the Information Commissioner’s Office as an organisation that processes personal data. Registration number: ICO: 00010349025
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person.
Responsible Person – Mrs Rivka Benedikt
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data
3. ABOUT OUR CHARITY
The Interlink Foundation is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are email@example.com. For all data matters please contact our Responsible Person: Mrs Rivka Benedikt at firstname.lastname@example.org
4. THE PURPOSE(S) OF PROCESSING YOUR PERSONAL DATA
If you request or receive services or products, or become involved in our campaigns, we may collect and process the personal information that you’ve provided. We may also collect information from you when you report a problem with our website or if you complete a survey which we use for research purposes.
This personal information may include your name, email address, postal address, telephone or mobile number and date of birth, financial details, UK Tax payer information (for Gift Aid), credit/debit card information and records of responses to campaigns, as well as how you came to find us or about our services or events.
We may also collect details of your visits to our website, for example your location data, other sites you’ve visited and the resources that you access. We use this to provide you with the information, services or products that you’re interested in and/or are most relevant to you.
5. THE CATEGORIES OF PERSONAL DATA COLLECTED
With reference to the categories of personal data described in the definitions section, we may process the following categories of your data: name, email address, postal address, telephone or mobile number and date of birth, financial details.
We only process your personal data if it has been directly supplied by you in the course of using our services and our website.
6. WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
- All data processed by the The Interlink Foundation must be done on one of the following lawful basis: consent, contract, legal obligation, vital interests, public task or legitimate interests. This is in accordance the Article 6 of the GDPR. More information on lawful processing can be found on the ICO website.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Charity’s systems
a) Personal data
- Our lawful basis for processing your general personal data is that it has been provided with your consent, necessary for the performance of our services to you.
b) Special categories of personal data (article 9 of GDPR)
- We do not routinely process special categories of personal data.
7. SHARING YOUR PERSONAL DATA
We will never share your personal data with a third party without your prior consent or unless required by law.
8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data for no longer than reasonably necessary or legally required. Our policy is as follows:
- Donations you’ve made to us
- for 7 years since the date of your last donation
- Information collected while providing you with membership services
- For 12 years, unless otherwise specified by you. This is because holding this data is valuable to our members who often want us to retrieve data provided during the course of service provision.
- Service user information collected through Interlink Foundation or Interlink Community Services C.I.C.
- For 3 years after the end of contract
- Employee and volunteer information
- for 6 years after the end of contract
9. PROVIDING US WITH YOUR PERSONAL DATA
You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so may limit our ability to provide you with services.
10. YOUR RIGHTS
If you wish to exercise any of your rights, as listed below please contact the Responsible Person, email@example.com. Unless subject to an exemption under the GDPR, you have a right of:
- Access to your personal information;
- Objection to processing of your personal information;
- Objection to automated decision-making and profiling;
- Restriction of processing of your personal information;
- Your personal data portability (the ability to move, copy or transfer data easily from one database, storage or IT environment to another);
- Rectification of your personal information; and
- Erasure of your personal information.
If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be excessive in nature.
Upon successful verification of your identity you are entitled to obtain the following information about your own personal information:
- The purposes of the collection, processing, use and storage of your personal data.
- The source(s) of the personal information, if it was not obtained from you.
- The categories of personal data stored about you.
- The recipients or categories of recipients to whom your personal data has been or may be transmitted, along with the location of those recipients.
- The envisaged period of storage for your personal data or the rationale for determining the storage period.
- The use of any automated decision-making and/or profiling.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
11. TRANSFER OF DATA ABROAD
We do not transfer personal data outside the EEA.
12. AUTOMATED DECISION MAKING
We do not use any form of automated decision making in our organisation.
13. FURTHER PROCESSING
A cookie is a small file of letters and numbers that is sent and stored on your computer and/or mobile device which provides us with information in relation to your website usage, and allows us to recognise that you have used our website before.
16. HOW TO MAKE A COMPLAINT
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer – Mrs Rivka Benedikt; email: firstname.lastname@example.org.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.