Cymraeg Donate
Menu
Large group of children on parade

Valleys Kids Privacy Policy

General Data Protection Regulation

The General Data Protection Regulation  (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

In the UK the Data Protection Act 2018 is the law that implements GDPR.

Introduction

Valleys Kids is committed to maintaining personal information in a manner, which meets the requirements of the Data Protection Act 2018 and will take all reasonable steps to ensure that personal data is kept secure against unauthorised access, loss, disclosure or destruction. Individual’s privacy is important to Valleys Kids and promise to respect individual’s personal information; information will be collected lawfully and in accordance with the Data Protection Act 2018.

Data Protection Principles

In order to respect the individual’s privacy, Valleys Kids manage personal data in accordance with the Data Protection Act’s seven ‘Data Protection Principles’, namely:

  • Personal data shall be processed fairly and lawfully.
  • Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • Personal data should be secure and in a system that permits the easy identification of the DATA Subject.
  • Organisations are responsible for complying with the GDPR and must be able to demonstrate compliance.

When anyone provides personal data Valleys Kids Privacy notice will be available on request and/or via our web site. (See Appendix 1)

The Purpose for Collecting Data

Valleys Kids will use individual personal information to:

  • Confirm, update and improve our records of users of our provision;
  • Assess and statistical analysis the appropriateness of our services;
  • Analyse and develop our relationships with our volunteers and with our service users;
  • Keep records of supporters who make financial contributions to Valleys Kids and to keep them informed of new initiatives undertaken by Valleys Kids;
  • Maintain accurate HR records for all staff so that their personal details are up to date for tax and legal purpose e.g. tax records and contracts of employment.

Sensitive Information

Some of the personal information Valleys Kids require from may be sensitive information (such as information about health or criminal convictions) about you. Valleys Kids will not use sensitive information about individuals except for the specific purpose for which it was provided.

Rights of the individual

Individuals have rights to their data and Valleys Kids will respect and comply with these to the best of its ability. (See Appendix 2)

Subject Access Request

Valleys Kids recognises that if anyone they hold personal data for e.g. service users, supporters or staff, may request to see that information at any time. This request may by via email, letter or verbally.

If a request is received it:

  • must be passed immediately to the Director of Programmes.
  • processed within one month of receipt.

Keeping Records Accurate.

Staff and service users are asked to notify us of any change in personal data e.g. change of address or contact number/s for legal requirements and emergency contact situations. Details for service users and staff will be checked regularly and up dated as necessary.

Registration

Valleys Kids has up to date Data Protection registration with the Information Commissioner’s Office in line with the Data Protection Act 2018.

Appendix 1 – Valleys Kids Privacy Notice

VALLEYS KIDS COMMITMENT TO YOUR PRIVACY

Valleys Kids manages all information that we have in ways that we understand to be compliant with the underlying principles of the General Data Protection Regulation (GDPR). 

However, we continue to work to make those provisions more visible and easier to understand for all those who we work with.

Why we collect your data

We want to provide our supporters and members with the best possible service.  The information we collect helps us do this, as well as allowing us to communicate what we do and how that helps the people we work with.

How we collect your data

We do this in a number of ways, including where you share information with us, when you attend events with us, send us a donation, or when we receive a referral from another agency. We treat your information with the utmost care and take appropriate steps to protect it.

When we’ll share your data

We do not share your data with anyone else unless you have given your specific consent and it’s for a specific purpose.

Know your rights

You have many rights regarding your personal data.  These include seeing what data we hold and updating your information.
If you have any questions or if you need clarification on any aspect of our Data Protection Policy and the information, we hold about you please contact the Director of Programmes via email info@valleyskids.biz or phone on 01443 420870

Appendix 2 – Rights of the Individual

1. Right to be informed

Providing privacy notices which are concise, transparent, intelligible and easily accessible, free of charge, that are written in clear and plain language, particularly if aimed at children.

2. Right of access

Enabling individuals to access their personal data and supplementary information Allowing individuals to be aware of and verify the lawfulness of the processing activities – See Subject Access Request

3. Right to rectification

We must rectify or amend the personal data of the individual if requested because it is inaccurate or incomplete.
This must be done without delay, and no later than one month. This can be extended to two months with permission from the DPO.

4. Right to erasure

We must delete or remove an individual’s data if requested and there is no compelling reason for its continued processing.

5. Right to restrict processing

We must comply with any request to restrict, block, or otherwise suppress the processing of personal data.
We are permitted to store personal data if it has been restricted, but not process it further. We must retain enough data to ensure the right to restriction is respected in the future.

6. Right to data portability

We must provide individuals with their data so that they can reuse it for their own purposes or across different services.
We must provide it in a commonly used, machine-readable format, and send it directly to another controller if requested.

7. Right to object

We must respect the right of an individual to object to data processing based on legitimate interest or the performance of a public interest task.
We must respect the right of an individual to object to direct marketing, including profiling. We must respect the right of an individual to object to processing their data for scientific and historical research and statistics.

8. Rights in relation to automated decision making and profiling

We must respect the rights of individuals in relation to automated decision making and profiling.
Individuals retain their right to object to such automated processing, have the rationale explained to them, and request human intervention.

Exit