DATA PRIVACY NOTICE
Your personal data - what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller's possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the "GDPR")
Who are we?
Moray Reach Out is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
How do we process your personal data?
- Moray Reach Out complies with its obligations under [the GDPR] by keeping personal data up to date;
- by storing and destroying it securely; by not collecting or retaining excessive amounts of data;
by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: -
- To administer membership records;
- To fundraise and promote the interests of the charity;
- To manage our employees and volunteers;
- To maintain our own accounts and records.
- To operate the Moray Reach Out website and deliver the services that individuals have requested.
- To inform individuals of news, events, activities or services running at Moray Reach Out.
- To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered.
What is the legal basis for processing your personal data?
Moray Reach Out will keep and process information about its;
Employees - for normal employment purposes and to satisfy legal obligations eg HMRC and Equality Act.
Volunteers - where it is necessary to protect the vital interests of staff and trainees who may be physically or legally incapable of giving consent
Trainees - to ensure that the individuals contractual aims and objectives are met.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with SAGE [https://www.sage.com/en-gb/legal/privacy-and-cookies/], the Bank Of Scotland [http://business.bankofscotland.co.uk/business-home/legal/personal-and-business-data/] and where applicable GoCardless [https://gocardless.com/legal/], for the purposes of processing payroll and The Pensions Trust [http://www.tpt.org.uk/privacy-policy] for pension administration.
We will only share your data with third parties outside of the organisation with your consent.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary and we only retain your data for the following purposes and use the following criteria to determine how long to retain your personal data:
Recruitment Data - 6 months
Payroll Data - 3 years from the end of the financial year of leaving
Employee Data - 5 years after employment ceases
Your rights and your personal data
Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which Moray Reach Out holds about you;
- The right to request that the Moray Reach Out corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Moray Reach Out to retain such data;
The right to request that Moray Reach Out provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
NB. Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioner's Office.?li>
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Where and whenever necessary, we will seek your prior consent to the new processing. Contact details to exercise all relevant rights, queries of complaints please in the first instance, contact us at:
Moray Reach Out
23 East Church St,
Moray AB56 1ET
Tel. No. 01542 834434