This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Policy from time to time without notice to you, so please check it regularly.
DEX holds personal data about employees and service users for a variety of business purposes. We gather and use information or ‘data’ as part of our business and to manage our relationship with you.
We intend to comply with all our legal obligations under the Data Protection Act 2018 and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
The principles of GDPR are that data must:
- be collected and processed only for specified, explicit and legitimate purposes.
- be adequate, relevant and limited to what is necessary.
- be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay.
- not be kept for longer than is necessary for the purposes for which it is processed; and be processed securely and confidentially, protecting against unauthorised / unlawful processing, accidental loss, destruction or damage.
- be processed lawfully, fairly and transparently.
- We will only ask you what we really need to know.
- We will collect and use the personal data that you share with us transparently, honestly and fairly.
- We will always respect your choices around the data that you share with us and the communication channels that you ask us to use.
- We will put appropriate security measures in place to protect your personal data.
- We will never sell your data.
What is personal data?
Personal data relates to information about a living person (a ‘data subject’) who can be identified from that data on its own, or when stored together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person.
This policy applies to all personal data whether it is stored electronically, on paper or on other materials.
What information do we have?
This personal data will be provided to us by you when using DEX’s services so we will require information to effectively provide our service. It could also be provided or created during the recruitment process.
Data gathered may include name, address, contact details, dates of birth, gender, marital status and family details, information detailed on a CV including educational history, employment history, financial details such as pay and bank details, references, identification documents such as driving licence. The level of information will vary depending on the service that we provide.
We may use your personal information to:
- Enable you to use and and/or all of the services we offer;
- Send you information about our work and any other information, products or services that we provide;
- Provide you with the services, products or information you have requested;
- Handle the administration of any donation or other payment you make via credit/debit card, cheque, standing order or BACS transfer;
- Collect payments from you and send statements and/or receipts to you;
- Handle the administration of your employment and/or volunteering application;
- Deal with enquiries and complaints made by or about you relating to us.
- Where you have provided us with your address, mobile/telephone and email, with targeted communications to let you know about our events and/or activities that we consider may be of particular interest; about the work of DEX; and to ask for donations or other support.
- We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing and fundraising emails, for targeted publicising, and if you ever share sensitive personal information with us.
We keep your personal data in an identifiable form for as long as we have a legitimate reason to use the data and as required by law. If you claim Gift Aid on a donation you make, we are required by HMRC to keep data related to your donation for six years after the tax year in which the donation was made.
If you choose not to provide us with certain personal data, you should be aware that we may not be able to carry out certain parts of the agreement between us.
We will never sell your information to another party, nor will it be used for any other purpose than the one we have agreed.
Additional information for job applicants:
Applicant data is held and stored within our Fast Drive online shared drive. Applicant data will be kept up to and including 180 days of inactivity, after which point the data will be cleansed.
How long do we keep your data?
We will only retain your personal data for as long as:
- it is needed for the purposes set out in this document.
- the law requires us to.
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at email@example.com
Information we process because we have a legitimate reason
Wherever possible, we aim to obtain your explicit consent to process this information.
We will disclose your personal information where required to do so by law or in accordance with any safeguarding concerns.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact another person, we may decide to give to that other person some of the information contained in your complaint.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify anyone.
Retention and Review (or update or remove personally identifiable information)
We will only keep personal data for as long as necessary for the purposes required by us to provide the services you have requested, in accordance with any retention period prescribed by law.
- You have the right to information about what personal data we process, how and on what basis.
- You have the right to access your own personal data. There is no fee for this.
- You have the right to rectification of any inaccuracies in your personal data.
- You have the right to be forgotten and request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.
- You have the right to restrict the processing of personal data whilst it is being corrected, erased or are contesting the lawfulness of our processing.
- You have the right to request portability of data.
- You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
- You have the right to object if we process your personal data for the purposes of direct marketing.
- With some exceptions, you have the right not to be subjected to automated decision-making.
- You have the right to be notified of a data security breach concerning your personal data.
Security and access of your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisation measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of or access to your personal information.
All personal information related to members we work with is stored securely on the Fast Drive cloud-based storage, which is a UK provider and is compliant with GDPR standards. Staff are all DBS checked, and have their own individual log-in details and passwords for the Fast Drive system. No-one else has access to this information.
How to deal with data breaches
We have many procedures in place to minimise and prevent data breaches from taking place. Should a breach of personal data occur (whether in respect of you or someone else) then we would take detailed notes and keep evidence of that breach and notify all parties concerned. If the breach is likely to result in a risk to the rights and freedoms of individuals, then we must also notify the Information Commissioners Office within 72 hours.
You are entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (ICO). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/your-data-matters/
Queries or concerns:
Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by either emailing us at firstname.lastname@example.org or by writing to us at the following address:
7 South Parade, Wakefield, West Yorkshire WF1 1LR