policy

Data Protection

Learn about Giving Back Generation's Data Protection Policy. Discover how we safeguard personal data and ensure compliance with GDPR to protect your privacy.

Policies

Terms & Conditions
Arrow - Elements Webflow Library - BRIX Templates
Privacy Policy
Arrow - Elements Webflow Library - BRIX Templates
Cookies Policy
Arrow - Elements Webflow Library - BRIX Templates
Data Protection
Arrow - Elements Webflow Library - BRIX Templates
Health & Safety
Arrow - Elements Webflow Library - BRIX Templates
Inclusivity
Arrow - Elements Webflow Library - BRIX Templates
Transparency
Arrow - Elements Webflow Library - BRIX Templates
Sponsorships
Arrow - Elements Webflow Library - BRIX Templates
Foundraising
Arrow - Elements Webflow Library - BRIX Templates
Social Media
Arrow - Elements Webflow Library - BRIX Templates
Member's Handbook
Arrow - Elements Webflow Library - BRIX Templates
Trustee's Handbook
Arrow - Elements Webflow Library - BRIX Templates
Volunteer's Handbook
Arrow - Elements Webflow Library - BRIX Templates

1. Introduction

Giving Back Generation ("GBG") is committed to protecting the privacy and personal data of all individuals involved with the organisation, including donors, volunteers, staff, and beneficiaries. This Data Protection Policy outlines the principles, responsibilities, and procedures that ensure compliance with the UK General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Objectives of the Policy

The purpose of this policy is to:

  • Ensure the lawful, fair, and transparent processing of personal data.
  • Protect the rights and privacy of individuals whose data we collect and process.
  • Safeguard GBG from risks associated with data breaches and non-compliance.

3. Scope of the Policy

This policy applies to:

  • All personal data collected, stored, and processed by GBG.
  • All employees, volunteers, Trustees, and contractors handling personal data on behalf of GBG.
  • Data in both digital and physical formats.

4. Principles of Data Protection

GBG adheres to the following principles:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.
  • Purpose Limitation: Data will only be collected for specified, explicit, and legitimate purposes.
  • Data Minimisation: Only data that is necessary for the intended purpose will be collected and processed.
  • Accuracy: Personal data will be accurate and kept up to date.
  • Storage Limitation: Data will be retained only as long as necessary for its intended purpose.
  • Integrity and Confidentiality: Data will be processed securely to protect against unauthorised access, loss, or damage.

5. Types of Data Collected

GBG collects and processes the following types of personal data:

  • Donor Information: Name, contact details, donation history, and preferences.
  • Volunteer and Staff Information: Name, contact details, background checks, and training records.
  • Beneficiary Information: Data required for programme participation, such as contact details and relevant needs.
  • Website Users: IP addresses, cookies, and analytics data to enhance user experience.

6. Data Subject Rights

Individuals whose data is processed by GBG have the following rights:

  • Right to Access: Request a copy of the personal data held by GBG.
  • Right to Rectification: Request corrections to inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data where it is no longer needed.
  • Right to Restrict Processing: Limit the use of their personal data under certain circumstances.
  • Right to Data Portability: Request a copy of their data in a machine-readable format.
  • Right to Object: Object to the processing of their data for specific purposes, such as direct marketing.

Requests can be submitted to contact@givingbackgeneration.org.uk.

7. Data Security Measures

GBG implements the following measures to protect personal data:

  • Use of encryption for sensitive data.
  • Secure storage of physical and digital records.
  • Regular training for staff and volunteers on data protection practices.
  • Access controls to ensure only authorised personnel can access personal data.
  • Regular audits and reviews of data security practices.

8. Data Breaches

In the event of a data breach:

  • GBG will assess the scope and impact of the breach immediately.
  • Affected individuals will be informed promptly if their rights or freedoms are at risk.
  • GBG will report the breach to the Information Commissioner’s Office (ICO) within 72 hours, if required.

9. Third-Party Data Sharing

GBG will only share personal data with third parties:

  • When required by law.
  • When necessary to fulfil GBG’s mission (e.g., with service providers or partners), subject to appropriate data protection agreements.
  • With the explicit consent of the data subject.

10. Data Retention Policy

GBG retains personal data only as long as necessary for the purposes it was collected. Specific retention periods include:

  • Donor records: Retained for six years for financial reporting purposes.
  • Volunteer and staff records: Retained for the duration of their involvement and a reasonable period thereafter.
  • Beneficiary records: Retained for the duration of the programme and as required by funders or regulations.

11. Monitoring and Compliance

  • GBG will regularly review and update its data protection practices to ensure ongoing compliance with GDPR and other regulations.
  • Any non-compliance or concerns should be reported to the Data Protection Officer at contact@givingbackgeneration.org.uk.

12. Contact Information

For questions or concerns about this policy, or to exercise your data protection rights, please contact:

Giving Back Generation Limited
662 High Road, N12 0NL
contact@givingbackgeneration.org.uk

By adhering to this Data Protection Policy, GBG demonstrates its commitment to safeguarding personal data and respecting the rights of all individuals.