Privacy and GDPR Policy

Version Date Completed By Notes of changes
Version 1.0 August 2022 VT First Version

NDSSG is a registered charity No.1198404

Introduction

NDSSG is dedicated to obtaining, handling, processing, transporting, and storing all personal data, whether held on computer, or paper, lawfully and correctly, in accordance with the safeguards contained in the UK GDPR Act 2016 and the Data Protection Act 2018. This policy applies to anyone who has access to and/or is a user of NDSSG’s ICT systems, including staff, trustees, volunteers, parents / carers, contractors, and other community users. NDSSG undertakes to obtain and process data fairly and lawfully by informing all data subjects of the reasons for data collection, the purposes for which data is held, the likely recipients of the data and the data subjects’ right of access. Information about the use of personal data is printed on the appropriate collection form, or in our Privacy Notices. If details are given verbally, the person collecting the data will explain the issues before collection the information.

Terms used in the Policy

  • Processing, obtaining, recording, or holding the information or data or carrying out a set of operations on the information or data.
  • data subject means an individual who is the subject of personal data or the person to whom the data relates.
  • personal data means data which relates to a living individual who can be identified. Addresses and telephone numbers are examples.

NDSSG has a responsibility to protect such personal data, especially sensitive personal data that it collects from data subjects. NDSSG is committed to helping and supporting the Down syndrome community. To successfully achieve this, we need to collate and store data including personal information to create, analyse, and report on subjects, including but not limited to the names and addresses of our members and their families. Submitting such data is entirely at the discretion and choice of each data subject. We believe in establishing a clear, transparent, and accountable approach to our data protection to ensure that all those who support and engage with NDSSG can do so safe in the knowledge that we will apply the same values to our data protection as we do to all our work and will handle their personal data in a secure, transparent, and responsible manner with full respect for their privacy, in line with all relevant legal obligations. NDSSG follows the principles of data protection as detailed in the UK GDPR Act 2016.

Data must:

  • be fairly and lawfully processed. This means that an organisation must be truthful about what personal data they wish to collect and what they want to use it for.
  • be obtained for specified and lawful purposes. This means that an organisation cannot use personal data for any purpose other than that stated when they collected the data.
  • be adequate, relevant, and not excessive. This means that an organisation cannot ask for any data that is not immediately needed.
  • be accurate and up to date. If data held about you is wrong or out of date, you have the right to have it corrected or deleted.
  • not be kept for longer than is necessary. As soon as an organisation no longer needs your data, they must delete it.
  • be processed in line with your rights. Your rights include the right to see any data held on you, and the right to correct inaccurate data.
  • be held securely. This means safe from unauthorised access (e.g. with usernames and passwords), but also safe from accidental loss (by making backups).
  • not be transferred to other countries outside the European Economic Area unless those countries have similar data protection laws.

Data we collect & how we use it

NDSSG collects data that data subjects provide to us, which is information that can be used to identify someone as an individual. NDSSG will only do this when the data subject has agreed to the request for personal data. Data may include the following:

  • Name and address
  • Date of birth
  • Contact details

NDSSG follow applicable privacy and data security laws. Appropriate and legal measures will be in place to protect the confidentiality and security of data. NDSSG will follow strict procedures and have many security features in place to protect data. However, as data transmission is not 100% secure, NDSSG cannot guarantee the security of any information you transmit to us and therefore do so at your own risk.

By providing personal data the charity may use your data to:

  • Improve our services
  • Provide newsletters and updates
  • Notify you of new events, training, or services we provide
  • Ask for feedback
  • Respond to your requests
  • Keep in touch with our members / users

NDSSG will:

  • only collect personal data to serve a specific purpose and only gather the minimum amount needed
  • will use only fair and lawful means to obtain the personal data.
  • will be transparent with data subjects whose personal data we collect
  • will obtain a data subject’s consent to process personal data
  • will not use personal data for a different purpose without getting the data subject’s consent
  • will update personal data where it is incorrect.
  • ensure only authorised staff, trustees, and volunteers of NDSSG will process personal data

SHARING PERSONAL DATA

NDSSG will only share personal data in compliance with applicable law. Special cases include:

• to identify, contact or bring legal action against someone
• any request in connection with a criminal investigation by law enforcement authorities

NDSSG will not sell or license your personal data to other third parties.

Media

PHOTOGRAPHY AND FILM

NDSSG wishes to use photography, images, and film with your consent. The images can potentially be used across all media (such as newspapers, magazines, websites), or broadcast outlets, on social media, in publications, on our website, in printed or online fundraising materials, in fundraising, training resources and awareness resources or by our partners who help fund raise and/or raise awareness to support NDSSG. You can ask us to stop using this any time.

Marketing & Communications

We use marketing communications to keep you up to date with what we are doing, how you can get involved, and news and features about NDSSG which we feel will be of interest to you. This may include but is not limited to newsletters, surveys, financial appeals, raffle appeals, fundraising opportunities, or updates about DSUK.

Social Media

NDSSG uses social media to communicate with you and share information about campaigns or events. This may include, but is not limited to: Facebook, Twitter,
TikTok, LinkedIn and Instagram. We do this through advertising on our social media or through posting messages and information on our own social media pages which you may choose to “like”, “follow” or interact with. We take your privacy and rights seriously but still deem your interest to us important. For this reason, we use our legitimate interest to use your information and communicate with you in this way. Therefore, we will not ask for your permission to market to you through socialmedia, but you are always free to inform us that you do not want us to contact you in this way. You can also update your preferences within the social media site to stop receiving marketing.

Cookies

Our websites use cookies, as almost all websites do, to provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone that distinguish you from other users of the website. By continuing to browse the website, you are agreeing to our use of cookies. Our cookies help us:

• Make our website work as you’d expect.
• Remember your settings between visits.
• Improve the speed and security of the site.

We do not use cookies to:

• Collect any personal information (without your express permission).
• Collect any sensitive information (without your express permission).
• Pass data to advertising networks.
• Pass personal information to third parties.
• Pay sales commissions.

Turning Cookies off

You can configure your web browser to refuse cookies, to delete cookies, or to be informed if a cookie is set. You can find out how to do this by clicking `help` on your browser menu. You should note that by deleting or blocking cookies, the website may not function correctly, and you may not be able to access certain areas. It may be that your concerns around cookies relate to so called `spyware`. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive. We use Google Analytics to help monitor and analyse use of our websites. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

Changes to Cookies

We may change this Cookie Statement at any time. If we make material changes to the way in which we use cookies, we will let you know either by posting the changes on the Website and/or in this Policy Statement. It is important that you review any of these changes. If you do not wish to agree to these changes, then we cannot continue to provide the website to you, and your only option is to stop accessing the website. For more information on cookies please visit www.aboutcookies.org

LINKS TO OTHER WEBSITES

The NDSSG website may provide links to other websites. If you navigate to another site via the NDSSG website, NDSSG is not responsible for how these websites collect and use your personal data or the content of the websites. Please view the data protection policies for the website you are on before entering any data. This Policy does not apply to any other websites.

Further information

SUBJECT ACCESS

The Data Protection Acts entitles all data subjects a right of access to their own personal data. Anyone who has personal data held by the Charity has the right to
make a subject access request. This could be to update, correct or remove your personal data at any time. NDSSG will deal promptly with subject access requests.

CHANGES

NDSSG will continually update this policy to ensure it follows all changes in applicable laws.

COMPLAINTS

NDSSG is always seeking to implement best practice and strives for the highest standards. NDSSG operates an “open door” policy to discuss any concerns about the implementation of this policy or related issues – see Complaints Policy There is a right to make a complaint to the Information Commissioner’s Office (ICO), but under most circumstances the ICO would encourage the complainant to raise the issues in the first instance with NDSSG The ICO is contactable at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.

LEGISLATION AND GUIDANCE

This policy considers the following:

• The General Data Protection Regulation (GDPR) 2018
• The Data Protection Act (DPA) 2018.
• The Protection of Freedoms Act 2012
• Guidance published by the Information Commissioner’s Office

Our contact details

If you have any questions or queries about this Privacy Notice, please cont act: info@ndssg.org.uk

We will regularly review and update this document.

Significant changes will be notified through an announcement on our website.