Introduction
Police Children’s Fund (the Fund) complies with the UK General Data Protection Regulation (UK-GDPR) and Data Protection Act 2018 and is registered as a ‘Data Controller’ with the Information Commissioner’s Office Reg No: ZA084340
This policy is written in accordance with the seven key principles set out by UK GDPR:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Lawful Basis for Processing Data
The data protection law specifies reasons for which an organisation may collect and process personal information.
Consent – the Fund collects and processes personal information when consent is required for communication and data retention purposes; for example, when a beneficiary ticks a box to accept emails from us.
Legitimate Interest – the Fund collects and processes personal information for the purpose of carrying out our charitable services; for example, when collecting bank details in order to pay grants to our beneficiaries.
Contractual Obligation – the Fund collects and processes personal information to comply with our contractual obligations; for example, when a beneficiary provides financial information in order for us to assess need.
Collecting Personal Data
The Fund collects personal information for specified, explicit and legitimate purposes and is not used for any purposes other than those specified.
The Fund collects personal information when:
- a beneficiary, a trustee, a member of the public or registered contact visits our website
- a beneficiary, a trustee, a member of the public or registered contact makes an enquiry about our services
- a beneficiary, a trustee, a member of the public or registered contact completes a form
- a beneficiary, a trustee, a member of the public or registered contact has given permission to a third party to share their information with us
Types of Personal Data Collected
The Fund collects the following types of personal information:
- Contact details (name, address, telephone number, email etc)
- Copies of personal documents (birth/death/DBS certificates)
- Technical information (IP addresses, browsers, operating systems)
- Financial information (bank details, financial income/expenditure)
How We Use Personal Data
Personal information is collected to enable the Fund to:
- contact members of the public
- register beneficiaries, trustees and police force contacts
- assess financial need for the purposes of awarding grants
- keep beneficiaries, trustees, members of the public and registered contacts informed about the Fund and its services
- maintain up to date information on our database
- personalise and enhance browser experience when visiting our website
- inform force representatives of any outcomes (consent only)
- comply with our legal obligations to share information with law enforcement
Cookies
The Fund uses cookies to track and report on Fund website activity. Cookies are text files placed on a computer to collect standard website visitor behaviour information. Removal of cookies from a browser may result in reduced functionality of the Fund’s website features.
These cookies form part of Google Analytics and do not contain any personal information other than the IP address of your device. These cookies are provided and set by Google Analytics.
For further information visit: www.allaboutcookies.org.
The Fund’s website contains links to other websites. This policy only applies to the Fund’s website so when you link to other websites you should read their privacy & data protection policy.
Disclosure & Safeguarding of Data
The Fund may disclose your personal data in the following circumstances:
- to a regulatory or governmental body to which the Fund is responsible for example the Charity Commission, Companies House, HM Revenue & Customs, with whom we are required to share information
- to our professional advisers for example the Fund’s accountant/auditor or legal adviser
- to trustees and subscribing forces to ensure that an appropriate level of assistance is being provided
- in the prevention or detection of crime or money laundering and where the Fund is otherwise required to do so by law.
Data subjects have a duty to keep the Fund informed of changes relating to their personal data. It is important that the personal data we hold is current and accurate.
The Fund recognises its responsibility for the protection and privacy of personal information. We will treat personal data with care and take all reasonable and appropriate steps to keep it secure. The Fund does not disclose or share sensitive or confidential information without your explicit consent, except where disclosure is required by law, or where we have reason to believe that failing to do so would put someone at risk
The Fund will not, under any circumstances, sell personal information
The Fund will only share personal information with a third party where it is strictly necessary and with explicit consent in order to deliver our charitable services. Third parties may only use your data for the exact purposes specified in our contract with them and the information is processed securely and deleted once the purpose is fulfilled.
The Fund engages a freelance marketer who is provided with controlled and monitored third party access to personal data for the purposes of marketing and promoting the Fund’s aims and objectives.
Whenever the Fund collects or processes personal information, we will retain it for as long as is necessary for the purpose for which it was collected and no longer.
In the event of a personal data breach, the Fund’s staff will refer to the Information Commissioner’s Office (ICO) guidance and the affected parties will be informed without undue delay. Where necessary, the ICO will be informed within 72 hours.
Rights of Data Subjects
UK Data Protection Law guarantees certain rights to data subjects and the Fund will make every effort to meet these rights.
Data subjects have the right to be informed about the personal information held about them.
Data subjects have the right to request rectification of incorrect personal data
Data subjects have the right to request deletion of personal information held about them which is no longer necessary for a legitimate purpose
Data subjects have the right to object to their personal information being processed in any way by the Fund.
Data subjects have the right to withdraw consent for the use of their personal data on which they previously gave consent.
Data subjects have the right to request a copy of the personal information that the Fund holds about them. The Fund will respond without delay and at the latest within one month of receipt of a request.
If the Fund chooses not to comply with a request relating to personal data, the data subject will be provided with the reasons for refusal.
Data subjects’ rights may be waived if they significantly inhibit the Fund’s legitimate need to process data for scientific, historical, statistical and archiving purposes
Data subjects have the right to file a complaint to the ICO at any time.
Review of Policy
This Policy will be subject to regular review as part of the Fund’s Risk Assessment and also in the following circumstances:
- when there are changes in legislation and / or government guidance
- as a result of any other significant change or event
How to Contact Us
If you have any questions about this policy please contact the Fund’s Data Protection Officer, Sherral Keywood
Telephone 01903 237256
Email sherral@policechildrensfund.org
Write to Police Children’s Fund, 9 bath Rd, Worthing BN11 3NU
If you have a complaint regarding the handling of personal information held by the Fund, please contact us and we will try to resolve the issue. The ICO can be contacted directly via the ICO website www.ico.org.uk