General Data Protection Policy

The General Data Protection Regulation (GDPR) is a new EU law effective from 25th May 2018 to replace the current Data Protection Act. Under the GDPR the charity has to explain why it collects personal data and how it intends to use it. If you do not give your consent the charity may not be able to contact you again.

Introduction: This policy describes how contact data is held and used by the Sudbury Common Lands Charity (SCLC). The policy has been agreed by SCLC Trustees.

Personal Data Held: The charity holds the following information:

Names of Trustees and Volunteers

Trustee and Volunteer Addresses

Trustee and Volunteer email contacts

Next of Kin contact details for Riverside Project Team members

The primary purpose of holding this information is for SCLC to contact the above with agenda, minutes, health & safety matters and programme details.

SCLC will use the data in the following ways: To contact the above by email, phone or mail.

SCLC does not store ‘sensitive personal data’ as defined by the GDPR. SCLC does not buy or sell data or use records other than to contact the relevant individual.

Storage of Personal Data: The Trustee and Volunteer data is held on the charity’s computer.

Access to Personal Data: Trustee and Volunteer data is only available to the Clerk to the Trustees but Trustee data is provided to all Trustees. Volunteer data is not circulated.

Changes to personal Data: Trustees and Volunteers may request changes (such as change of address) in writing and must include proof of identity such as providing an old address or by forwarding new details by the email address that is held by SCLC.

Deletion of Personal Data: When there has been a lapse in contact due to resignation, death or termination of volunteering, the details of the individual will be deleted after two years. If a valid request to delete individual details is received, this will be done as soon as it is confirmed by the Trustee or Volunteer.

Policy: May 2018