Data Protection Policy


Shannon Trust is committed to protecting the privacy of all the personal information provided to our supporters, volunteers and staff members. This policy explains how we collect, use and store the personal information provided to us.

Data Protection Policy

Shannon Trust is committed to protecting the rights and privacy of individuals (data subjects) including staff, trustees, volunteers, prison staff, supporters, beneficiaries and customers in accordance with the General Data Protection Regulation (GDPR) May 2018. We will be open and honest with individuals whose personal data we hold and we want out staff, trustees and volunteers to be trained and supported so that they can handle personal data confidently and consistently. This policy sets out how we make sure personal data is processed lawfully in accordance with GDPR principles

Shannon Trust Data Protection Policy – GDPR

Introduction

Shannon Trust is committed to protecting the rights and privacy of individuals (data subjects) including staff, trustees, volunteers, prison staff, supporters, beneficiaries and customers in accordance with the General Data Protection Regulation (GDPR) May 2018. We will be open and honest with individuals whose personal data we hold and we want out staff, trustees and volunteers to be trained and supported so that they can handle personal data confidently and consistently.

This policy sets out how we make sure personal data is processed lawfully in accordance with GDPR principles.

Scope

This policy applies to all Shannon Trust staff, trustees and volunteers. Compliance with it is a condition of being a employee, trustee or volunteer.

The policy applies to the processing of data in Shannon Trust offices, when working at home, visiting prisons or attending Shannon Trust events.

Training and acceptance of responsibilities

Staff, trustees and volunteers will receive information and guidance about this policy and their responsibilities during induction to their roles and at least annually thereafter. They will also be updated as and when regulations and / or advice is updated.

All staff, trustees and volunteers confirm they understand and accept their responsibilities which relate to handing personal data when they sign staff contracts or a trustee / volunteer agreement.
 

General Data Protection Regulation (GDPR)

GDPR regulates the processing of personal data. It protects the rights and privacy of all living individuals (including children) for example by giving all individuals who are the subject of personal detail the general right of access to the personal data which relates to them.

Personal data is information relating to an individual and may be in hard or soft copy (paper / manual files, electronic records or photographs) and it may include facts or opinions about a person.

Responsibilities under the GDPR

Shannon Trust is a data controller under the terms of GDPR. This means that charity is responsible for controlling the use and processing of personal data. The charity has appointed a Senior Management Team member who is available to address any concerns regarding the data held by the charity and how it is processed and used. The charity also has a nominated Trustee who oversees this policy. The policy is approved by our Board of Trustees.

The Senior Management Team is responsible for all day-to-day data protection matters and for making sure all staff, trustees and volunteers comply with the policy.

Fair and lawful processing

Shannon Trust will process data fairly and lawfully in accordance with individuals’ rights as prescribed under GDPR. These rights allow an individual to:

(a)     withdraw consent to data processing at any time;

(b)     receive certain information about the Shannon Trust’s data processing activities;

(c)      request access to their personal data that we hold (see Subject Access Request below);

(d)     prevent our use of their personal data for direct marketing purposes;

(e)     ask us to erase their personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data (see (see Right to be forgotten below);

(f)      restrict processing in specific circumstances;

(g)      challenge processing which has been justified on the basis of our legitimate interests;

(h)     request a copy of an agreement under which personal data is transferred outside of the EEA;

(i)      prevent processing that is likely to cause them or anyone else damage or distress;

(j)      be notified of a personal data breach which is likely to result in high risk to their rights and freedoms;

(k)      make a complaint to the supervisory authority (the ICO); and

(l)      in limited circumstances, receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format (see Data Portability below).

The identity of an individual requesting data under any of the rights listed above should be verified before any data is disclosed. No data will be disclosed to a third party without proper authorisation.

Conditions for processing

We will ensure any use of personal data is justified using at least one of the conditions of processing permitted under GDPR and this will be specifically documented. The conditions of processing will be available to individuals in the form of a privacy notice.

The most applicable conditions for processing for the Shannon Trust are:

(a)         the data subject has given his or her consent;

(b)         the processing is necessary for the performance of a contract with the data subject;

(c)          to meet our legal compliance obligations;

(d)         to protect the data subject's vital interests; and

(e)         to pursue our legitimate interests for purposes where they are not overridden because the processing prejudices the interests or fundamental rights and freedoms of data subjects.

Consent as a basis for processing

A data subject consents to processing of their personal data if they indicate agreement clearly either by a statement or positive action to the processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If consent is given in a document which deals with other matters, then the consent must be kept separate from those other matters.

Data subjects must be easily able to withdraw consent to processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if we intend to process personal data for a different and incompatible purpose which was not disclosed when the data subject first consented.

Consent must be evidenced and records of consents must be kept.

Legitimate interests as a basis for processing

All decisions relating to the legitimate interest use of personal data will be taken by the CEO in consultation with the designated Senior Management Team member. Decisions and the reasons for them will be taken and recorded in line with GDPR criteria[1].

GDPR Principles

The legislation places a responsibility on the charity to process any personal data in accordance with 6 GDPR principles. We will:

1.    Process personal data lawfully, fairly and in a transparent manner.
We will ensure that individuals whose personal data we collect are informed of:

·         The identify of the Data Protection Officer

·         The purpose of the processing

·         Any potential disclosures to third parties

·         The length of time their personal data will be kept

2.    Process personal data for the specific and lawful purpose for which it’s been collected.
We will make sure that the reason for which we collected the data is the only reason for which we process that data.

If a new processing purpose is identified for data that has already been collected, the CEO together with the designated Senior Management Team member will make consider its use for the new purpose using the following criteria:

·         Any link between the original purpose and the new processing purpose.

·         The context in which the personal data was collected, in particular, the nature of the relationship between the charity and the data subject.

·         The nature of the personal data, particularly whether it includes any special categories of personal data.

·         Possible consequence of the further processing for the individual(s).

·         The existence of appropriate safeguards such as encryption or using pseudonyms.

If the new purpose is incompatible with the original purpose processing will only take place once a new consent has been obtained or if a legal obligation applies.

If the new purpose is considered compatible with the original purpose the reasons for the decision will be documented.

3.    Ensure that personal data is adequate, relevant and not excessive in relation to the purpose for which it is processed.
We will not collect any personal data which is not strictly necessary for the purpose for which it was obtained.

4.    Keep data accurate and where necessary keep it updated.
Any inaccuracy in personal data bought to the attention of a staff member, trustee or volunteer should be notified to the appropriate staff member or volunteer who is able to correct the data. Corrections will be made to all relevant databases and systems.

Employees must notify their manager or the CEO as soon as possible of any change in their personal circumstances to allow Shannon Trust to be able to contact the employee in the case of an emergency.

5.    Only keep personal data for as long as necessary.
We will not retain personal data for longer than is necessary to ensure compliance with legislation and any other statutory requirements. Retention periods for personal data will be agreed in accordance with these requirements and laid out in our data protection statements.

6.    Ensure the appropriate security of personal data.
Personal data will only be accessible to those who have a valid reason for using it.

We will put appropriate technical and organisational measure in place against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.

Appropriate security measures will be in place such as ensuring hard copy personal data is kept in lockable cabinets with controlled access, personal data held electronically is password protected and that PC screens are not left unattended without a password protected screen-saver being used. Mobile phones, laptops and tablets will be password protected. Login and password details should not be stored on any device that holds personal data or for any portal such as
www.gov.uk or CAF Bank. The full measures are covered in our Data Security Policy.

We will ensure that any third party hosting IT services on behalf of the charity are GDPR compliant.

In addition, we will ensure there are appropriate measures in place for deletion of personal data. Manuals records will be shredded or disposed of as confidential waste using accredited third parties only. Hard drives of redundant computers will be wiped clean before disposal or destroyed physically.

All staff, trustees and volunteers are responsible for ensuring any personal data which they hold is kept securely and not disclosed to any unauthorised third parties.   

Transparency and accountability

We will maintain a register outlining the data processing the charity carries out. We will publish the name and contact detail of the CEO and any other staff member with specific responsibility to ensure compliance with this policy and GDPR.

We will describe the categories of individuals (data subjects). Whatever personal data is collected, individuals will be provided with a data protection statement which states the lawful basis for the personal data we hold, the purposes it will be used for and the period we will retain the information. If we need to share their Personal Data with a third party, this will be stated in the data protection statements and our privacy policy.

 

The statement will also include how individuals can exercise their rights in relation to the data including accessing, rectifying, erasing or restricting its use.

 

Data audit and register

Regular data audits to manage and mitigate risks will inform the data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.

 

Prisoners and ex-prisoners

Monitoring and evaluation data, including monthly data returns and activity reports must preserve the identity of prisoners. Paperwork and data which can identify individuals must not be taken away from prisons.

Correspondence from and to prisoners will be stored securely.

Testimonials, feedback and quotes provided by prisoners and ex-prisoners to Shannon Trust will be used in a way that does not identify individuals. Where a need is identified to identify an individual, Shannon Trust will seek informed consent from individuals and will only use personal information once that informed consent has been received. A prisoner or ex-prisoner can withdraw permission for use at anytime by contacting the CEO or designated Senior Management Team member.

Personal data provided by prisoners and ex-prisoner for evaluation reports will be subject to separate conditions governing in the specific evaluation process and will be used in a way which preserves anonymity.

 

Special Categories of personal data

Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, identifying biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation are considered to be Special Categories of personal data under GDPR.  

 

Special Categories of Personal Data may only be processed if one of conditions set out in Article 9(2) GDPR is satisfied. One of those conditions relates to securing the data subject’s ‘explicit consent’. Explicit consent is not defined in the GDPR, but it is not likely to be very different from the usual standard of consent. Particular care should be taken to ensure the explicit consent is a specific, informed and unambiguous indication of the individual’s wishes.

 

We will only process it if explicit consent has been given by the data subject or if processing is necessary for use to fulfil a statutory function (such as processing maternity pay) or when processing is performed under a legal obligation connected with employment.

Special categories of personal data collected from prospective employees, trustees and volunteers, and from Learners and Mentors, will be treated confidentially and recorded anonymously. Information requested in relation to employee recruitment will be requested on separate forms and not shared with the selection panel unless there is a legal obligation to do so. Special categories of personal data collected from prospective volunteers is automatically separated from the application form and is not shared unless there is a need for such sharing a health issue that may need to be explored with the applicant.

Retention of data

Retention period for data are dependant on the type of data held and whether we have a   statutory or legal requirement to retain it. Retention periods will set out in our Privacy Notices[2] and are summarised on our Data Retention Schedule[3]. Data retention will be reviewed at Senior Management Team meetings and a record of deletion will be kept.

 

Destroying personal data

Where personal data is held manually, records will be shredded or will be destroyed using a certified, confidential waste disposal service. Copies of certificates of destruction will be held by the Office Manager.

 

Subject access rights (SARs)
Individuals have a right to access any personal data relating to them which is held by us. Any individual wishing to exercise this right should apply in writing to the designated Senior Management Team member. If a member of staff, trustee or volunteer receives a SAR they should forward it to the designated Senior Management Team member.

SARs will be complied with within 1 calendar month and in accordance with Shannon Trust’s Subject Access Request Policy.

Data portability

Upon request, a data subject should have the right to receive a copy of their data in a structured format. These requests should be processed within 1 month, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. This will be done for free.

Right to be forgotten

A data subject may request that any information held on there is deleted or removed, and any third parties who process or use that data must also comply with this request. An request to be forgotten will only be refused if an exemption applies.

Disclosure of data

Personal Data will not be share with others except as permitted by applicable law or as follows:

We will share Personal Data as necessary with third parties who provide services or functions on our behalf and who require the information to provide those specific services. These third parties may include social media advertising platforms such as Facebook and Google Adwords for the purpose of custom audience generation and the development of targeting criteria for other audiences.

We have appropriate data privacy safeguards in place with third parties with whom we share personal data as described above and who are providing services or functions on our behalf. 

In no circumstances will the charity rent or sell personal information to a third party.

Privacy by design

A ‘privacy by design’ approach will be applied to all projects and organisational developments to ensure data protection considerations and compliance are included from the outset. The designated Senior Management Team member will be responsible for ensuring Privacy Impact Assessments are conducted at the start of all projects and developments and that they are reviewed as part of the project cycle.

 

Breach notifications

Any breeches of GDPR must be reported to the designated Senior Management Team member  without delay who will then notify the Information Commissioners Office (ICO) within 72 hours of being made aware of the breach unless the breach is unlikely to result in any risk to the rights and freedoms of the an individual. The designated Senior Management Team member will also report any breach to the individual(s) without any undue delay.

Notifications to the ICO and individuals impacted will made in accordance with the GDPR and will include information about the likely consequences of the breach and measures taken or proposed to address the breach including any measures to mitigate any possible adverse effects. 

A register of compliance failures will be kept and reviewed at Senior Management and Board level.

Consequences of failing to comply

We take compliance with this policy very seriously. Failure to comply puts staff, trustees, volunteers and the organisation at risk.

The importance of this policy means that failure to comply with any requirement may lead to disciplinary action under our procedures which may result in dismissal. If you have any questions or concerns about anything in this policy do not hesitate to contact the designated Senior Management Team member.

Policy review

This policy will be reviewed every 3 years or earlier should law or guidance relating to it change.

Policy date:                11th December 2018

Policy review date:     11th December 2018

 

Other relevant policies:

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Privacy by Design Policy

Shannon Trust Subject Access Request Policy
Shannon Trust Breach Notification and Investigation Policy


 

Appendix 1 Legitimate Interest Assessment Template

This template is to be used to support decisions about whether or not a legitimate interest basis can apply to our processing of data. It will be used alongside the ICO’s legitimate interest guidance.

Part 1: Purpose test

Assessing whether there is a legitimate interest behind the processing.

·         Why do we  want to process the data?

·         What benefit do we expect to get from the processing?

·         Do any third parties benefit from the processing?

·         Are there any wider public benefits to the processing?

·         How important are the benefits that we have identified?

·         What would the impact be if we couldn’t go ahead with the processing?

·         Are we complying with any specific data protection rules that apply to your processing (eg profiling requirements, or e-privacy legislation)?

·         Are we complying with other relevant laws?

·         Are we complying with industry guidelines or codes of practice?

·         Are there any other ethical issues with the processing?

 

 

 

 

 

 

 

 

 

 

Part 2: Necessity test

Assessing whether the processing is necessary for the purpose we have identified:

·         Will this processing actually help you achieve our purpose?

·         Is the processing proportionate to that purpose?

·         Can we achieve the same purpose without the processing?

·         Can we achieve the same purpose by processing less data, or by processing the data in another more obvious way?

 

 

 

 

 

 

 

 

 

 

Part 3: Balancing test

Considering the impact on individuals’s interest and rights and freedoms; assessing whether this overrides our legitimate interests.

We will use the Data Protection Impact Assesment  checklist at this point in the process. If any triggers on the list are hit, we ill conduct a DPIA to assess risk in more detail.

Nature of the personal data

·         Is it special category data or criminal offence data?

·         Is it data which people are likely to consider particularly ‘private’?

·         Are  we processing children’s data or data relating to other vulnerable people?

·         Is the data about people in their personal or professional capacity?

 

 

 

 

 

 

 

 

 

 

 

Reasonable expectations

·         Do we have an existing relationship with the individual?

·         What’s the nature of the relationship and how have we used data in the past?

·         Did we collect the data directly from the individual? What did we tell them at the time?

·         If we obtained the data from a third party, what did they tell the individuals about reuse by third parties for other purposes and does this cover us?

·         How long ago did we collect the data? Are there any changes in technology or context since then that would affect expectations?

·         Is our intended purpose and method widely understood?

·         Are we intending to do anything new or innovative?

·         Do we have any evidence about expectations – eg from market research, focus groups or other forms of consultation?

·         Are there any other factors in the particular circumstances that mean they would or would not expect the processing?

 

 

 

 

 

 

 

 

 

 

Likely impact

·         What are the possible impacts of the processing on people?

·         Will individuals lose any control over the use of their personal data?

·         What is the likelihood and severity of any potential impact?

·         Are some people likely to object to the processing or find it intrusive?

·         Would we be happy to explain the processing to individuals?

·         Can we adopt any safeguards to minimise the impact?

 

 

 

 

 

 

 

 

 

 

 

Can we offer individuals an opt-out

Yes / No

 

Making the decision

Answers to Parts 1, 2 and 3 will be used to decide whether or not we can apply the legitimate interest basis.

 

 

Can you rely on legitimate interests for this processing?

 

 

Yes / No

 

Do you have any comments to justify your answer? (optional)

 

 

 

 

 

 

 

LIA completed by

 

Date

 

     

 

Next steps

 

·         A record of the LIA will be kept and will be kept under review

·         The Legitimate Interest Log will be updated with a summary of this LIA


 

Appendix 2 Privacy Notices






Privacy Notice: Shannon Trust Volunteer

We value the crucial role our volunteers play in Shannon Trust’s work. We value the trust you place in us by sharing with us personal information we need to carry out our work. It’s our wish, as well as a legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal  information and sensitive personal information which is held manually and in our computer systems.

How do we obtain your personal information?

As part of our volunteer recruitment process we ask you to provide information that will allow us to process your application. On appointment to a volunteer role, we will ask for additional information that that will allow us to manage your volunteering activities such as paying your expenses or being able to notify your next of kin in the unlikely event of an emergency.


What information do we collect?

·         Personal details – first and last name, address, telephone numbers, email address

·         References – referee details and their opinions on your suitability for the volunteer role you applied for

·         Shannon Trust training records

·         Outcome of the prison security vetting process

·         Details of submissions, evidence and outcomes relating to Shannon Trust’s Safeguarding, Whistleblowing, When Things Go Wrong and Complaints processes.

·         Bank account details

·         Expenses claim forms

·         Ethnic origin, age range and gender – held anonymously and separately from your volunteer file

·         Next of kin emergency contact information

·         Age (if 85 for personal accident insurance purposes only).

·         Details of previous convictions or pending court cases

·         Access requirements

·         Photographs at Shannon Trust events or events attended by Shannon Trust or taken to support our work.

 


Is any data considered as a Special category of personal data collected by us?

During our volunteer recruitment process, we collect information from you relating to your racial or ethnic origin and your health in terms of any access support you may require. This information is considered as Special Categories of personal data under GDPR. We obtain your explicit consent to collect this information for monitoring purposes only. The data that you provide us is stored anonymously and separately to your application from your application form. The information is not shared within the Shannon Trust team unless there is a need for sharing such as a health issue that needs to be explored.

 

We also ask you for information relating to previous criminal convictions. This information is  also considered a Special category of data. This information is used by Shannon Trust to explore suitability for the role you have applied for as previous convictions can impact the prison security vetting process. This information is not shared outside of the staff team. If it is deemed necessary to share this information, we will ask your permission to do so.


How will we use your personal data?

We will use the information we collect from you to:

·         Monitor the recruitment process for enquiry to appointment

·         Assess your suitability for the role you’ve applied for including any potential impact of previous convictions or pending court cases on application and / or the prison security vetting process.

·      Administer payment of expenses

·      Administer and analyse training and induction

·      Consult or communicate with you

·      Comply with Shannon Trust policies

·      Comply with health and safety legislation

·      To analyse for management purposes

·      For use in statutory returns

·      To contact next of kin in emergency situations

·      To provide third party suppliers with information necessary for them to carry out their work

·      To publicise the work of Shannon Trust

How long do we keep your information?

Your personal information will be kept for as long as you are a Shannon Trust volunteer and for such reasonable time afterwards that is necessary to meet our legal obligations. Our Data Retention Schedule (Appendix 3) provides details of retention periods and the reasons for them.

Once you stop being a Shannon Trust volunteer your contact details will be retained for a year from the date you notify us of your resignation. This is to allow us to contact you should we need to clarify or confirm any issues relating to the prison or team you supported. We will keep records of our payments to you including your expenses claims for 7 years from the date of the claim so that we comply with financial legislation. 

All other information including your next of kin details and your application form will be removed from our systems immediately once you stop volunteering for Shannon Trust and will be securely disposed of. If your personal data has been shared with any third party, we will remove it from their systems.

Who do we share it with?
We will not share your information with unauthorised 3rd parties. As part of your volunteer agreement we ask you to give permission for us to share your contact information with other Shannon Trust volunteers, trustees and Reading Plan team members and with courier companies who will deliver resources to your home address from time to time.

 

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy


 

Privacy Notice: Shannon Trust Trustee

We value the crucial role our trustees play in Shannon Trust’s work. We value the trust you place in us by sharing with us personal information we need to carry out our work. It’s our wish, as well as a legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

How do we obtain your personal information?

As part of our trustee recruitment process we ask you to provide information that will allow us to process your application. On appointment to a trustee role, we will ask for additional information that that will allow us to manage your trustee activities such as paying your expenses. We will also ask for additional information that will allow us to comply with legal obligations such as those place on us by the Charity Commission and Companies House.  If your trustee role requires an exemption from the Charity Commission, we will keep information relating to the outcome of that decision.


What information do we collect?

·         Personal details – first and last name, address, telephone numbers, email address

·         References – referee details and their opinions on your suitability for a trustee  role

·         Details of submissions, evidence and outcomes relating to Shannon Trust’s Safeguarding, Whistleblowing, When Things Go Wrong and Complaints processes.

·         Bank account details

·         Expenses claim forms

·         Ethnic origin, age range and gender – held anonymously and separately from your volunteer file

·         Next of kin / emergency contact information

·         Date of birth

·         Details of previous convictions

·         Access requirements

·         Photographs at Shannon Trust events or events attended by Shannon Trust or taken to support our work.


Is any data considered as a Special category of personal data collected by us?

During our trustee recruitment  process, we collect information from you relating to your racial or ethnic origin and your health in terms of any access support you may require. This information is considered as Special Categories of personal data under GDPR. We obtain your explicit consent to collect this information for monitoring purposes only. The data that you provide us is stored anonymously and separately to your application from your application form. The information is not shared within the Shannon Trust team unless there is a need for sharing such as a health issue that needs to be explored.

 

We also ask you for information relating to previous criminal convictions. This information is also considered a Special category of data. This information is used by Shannon Trust to explore suitability for the role you have applied for as previous convictions can impact the prison security vetting process. This information is not shared outside of the staff team. If it is deemed necessary to share this information, we will ask your permission to do so.


How will we use your personal data?

We will use the information we collect from you to:

·         Monitor the recruitment process for enquiry to appointment

·         Assess your suitability for the role you’ve applied for including any potential impact of previous convictions or pending court cases on application and / or the prison security vetting process.

·      Administer payment of expenses

·      Administer and analyse training and induction

·      Consult or communicate with you

·      Comply with Shannon Trust policies

·      Comply with statutory and legal obligations

·      Comply with health and safety legislation

·      To analyse for management purposes

·      For use in statutory returns

·      To contact next of kin in emergency situations

·      To provide third party suppliers with information necessary for them to carry out their work

·      To publicise the work of Shannon Trust

How long do we keep your information?

Your personal information will be kept for as long as you are a Shannon Trust trustee and for such reasonable time afterwards that is necessary to meet our legal obligations. Our Data Retention Schedule (Appendix 3) provides details of retention periods and the reasons for them.

Once you stop being a Shannon Trust trustee your contact details will be retained for a year from the date you notify us of your resignation. This is to allow us to contact you should we need to clarify or confirm any issues relating to your trustee role. We will keep records of our payments to you including your expenses claims for 7 years from the date of the claim so that we comply with financial legislation. 

All other information including your next of kin details and your application form will be removed from our systems immediately once you stop being a Shannon Trust trustee. It will be securely disposed of. If your personal data has been shared with any third party, we will remove it from their systems.

Who do we share it with?
We will not share your information with unauthorised 3rd parties. As part of your trustee declaration  we ask you to give permission for us to share your contact information with other Shannon Trust volunteers, trustees and Reading Plan team members and with courier companies who will deliver resources to your home address from time to time.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy


 

Privacy Notice: Reading Plan Team Members and Prison Staff

We value the crucial role Reading Plan Teams and prison staff play in Shannon Trust’s work. We value the trust you place in us by sharing your personal information we to carry out our work. It’s our wish, as well as a legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We will ask you to provide personal information related to your job role. This can be provided by you verbally or in writing. Your Shannon Trust Reading Plan role may also require to you register for the Network area of our website shannontrust.org.uk. As part of this process, we collect personal information related to your job role. Your personal information will also be collected when your order Shannon Trust resources or when you submit Shannon Trust data or reports.

 

What information do we collect?

·         Name

·         Job role

·         Telephone number

·         Email address

·         Training records

·         Details of submissions, evidence and outcomes relating to Shannon Trust’s Safeguarding, Whistleblowing, When Things Go Wrong and Complaints processes.

·         Photographs at Shannon Trust events or events attended by Shannon Trust or taken to support our work.

 

Is any data considered as a Special category of personal data collected by us?

No, Shannon Trust does not collect any personal information from you which is considered as a special category.

 

How we will use your personal data?

We will use the information we collect from you to:

 

·         Consult or communicate with you

·         Invite you to Shannon Trust events

·         Produce analysis for management purposes

·         Comply with Shannon Trust policies

 

How long do we keep your information?

Your personal information will be kept for as long as you are a Shannon Trust team member or for as long as your job role involves supporting the Shannon Trust Reading Plan.

 

Who do we share it with?

Shannon Trust only keeps information about you which is required for business or legal reasons. Information about you is not released to people outside the organisation unless you have given your written consent except where there is a legal requirement to do so. As a Reading Plan team member or member of prison staff involved in the Shannon Trust Reading Plan, we ask you to consent to your name, telephone number and email address being shared with other Shannon Trust volunteers, staff, trustees and other Reading Plan team members. 

 

We will not share your information with any third party other than courier companies who will deliver resources address to you at your prison from time to time.

 

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

 

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy
Shannon Trust Breach Notification and Investigation Policy


 

Privacy Notice: Shannon Trust Staff and Job Applicants

Shannon Trust has responsibilities under the General Data Protection Regulation (GDPR) May 2018 as controllers of personal data. These cover the personal data we hold on prospective, current and past employees. They cover general personal information as well as sensitive personal data defined as Special categories of personal data. Our responsibilities cover personal information that is held manually as well as payroll files and on our computer systems.

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We obtain your personal information during our recruitment and selection process. This ranges from your application paperwork, your contract and other forms you may have signed during your induction with us. We will update this information throughout your employment with us to include your probationary assessments, performance records and training record. 

 

What information do we collect?

·         Personal identifiers (e.g. payroll numbers)

·         Personal details (e.g. name and address)

·         Selection outcome decisions

·         Immigration status

·         Information provided on job application forms e.g. academic record; qualifications & skills; membership of professional bodies

·         Current employment (e.g. position(s) held with Shannon Trust)

·         Information relating to your salary, benefits and deductions

·         Annual leave & sickness records

·         Medical information

·         Termination details

·         Career history / work record

·         Health & safety record including accident reports

·         Performance appraisal information, probation and other performance documentation

·         Training records

·         Disabilities

·         Racial and ethnic origin (this information is collected for reporting purposes only and is held anonymously to your HR file 

·         Next of kin records

·         Bank account details (for payment of salary and expenses)

·         Expenses claims

·         Homeworking audits

·         Details of submissions, evidence and outcomes relating to Shannon Trust’s Safeguarding, Whistleblowing, When Things Go Wrong and Complaints processes.

·         Photographs at Shannon Trust events or events attended by Shannon Trust or taken to support our work.

Is any data considered as a Special category of personal data collected by us?

During our recruitment  process, we collect information from you relating to your racial or ethnic origin and your health in terms of any access support you may require. This information is considered as Special Categories of personal data under GDPR. We obtain your explicit consent to collect this information for monitoring purposes only. The data that you provide us is stored anonymously and separately to your application from your application form. The information is not shared within the Shannon Trust team unless there is a need for sharing such as a health issue that needs to be explored.

 

We also ask you for information relating to previous criminal convictions. This information is also considered a Special category of data. This information is used by Shannon Trust to explore suitability for the role you have applied for as previous convictions can impact the prison security vetting process. This information is not shared outside of the staff team. If it is deemed necessary to share this information, we will ask your permission to do so.

 

How we will use your personal data?

We will use the information we collect from you to:

·         Monitor of the recruitment process (from enquiry to appointment)

·         Record and monitor the your employment and development including training records

·         Pay your salary and expenses claims

·         Consult or communicate with you

·         Comply with Shannon Trust policies

·         Comply with legislation in relation to health, safety and other employment matters

·         Produce analysis for management purposes

·         Submit statutory returns

 

How long do we keep your information?

Your personal information will be kept for as long as you are an employee of Shannon Trust and for seven years after your employment with Shannon Trust has ended to allow us to meet statutory and legal obligations.

 

If you are unsuccessful in your application, your personal information will be kept for six months after we have informed you that you’re application has been unsuccessful.

 

Who do we share it with?

Shannon Trust only keeps information about you which is required for business or legal reasons, and restricts the availability of that information within the organisation.

 

As a Shannon Trust staff member your name and role details including telephone number and email address will be shared with staff, trustees and other Reading Plan team members. Personal information relating to your role will also be shared with partners and suppliers as necessary. It may also be necessary to share your home address with third parties who are delivering supplies to you.

 

Shannon Trust uses a third party contractor to support  our HR functions. Your personal information will be stored on the contractor’s system and maybe shared with the contractor to allow us to administer HR functions. The contractor and their system’s are GDPR compliant and the appropriate levels of security have been established to protect your information.   

 

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

 

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy

 

 


 

Privacy Notice: People in Prison and Ex-Prisoners

We value the crucial role Shannon Trust Learners, Mentors, prisoners and ex-prisoners play in Shannon Trust’s work. We value the trust you place in us by sharing your personal information with us. It’s our wish, as well as our legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We obtain your personal information when you contact us for information about the Reading Plan. We may also obtain your personal information when we talk to you about your role in the Reading Plan and how it has impacted you. On release, we may obtain your personal information if you contact us about the Reading Plan and how you can continue to be involved.

 

Information we collect from you for evaluation purposes, for example through questionnaires, is subject to specific rules which cover the requirement for us to collect and use the information in a way that can not lead to you being identified.  These rules will be explained at the time the information is requested.

What information do we collect?

·         Name

·         Address

·         Prison Number if provided

·         Testimonials and feedback provided by you

 

Is any data considered as a Special category of personal data collected by us?

During our evaluation process, we collect information from you relating to your racial or ethnic origin. This information is considered as Special Categories of personal data under GDPR. We obtain your explicit consent to collect this information for monitoring purposes only. This data collected, stored and reported on anonymously and it cannot lead to you being identified. These rules are explained when we ask you to take part in Shannon Trust surveys.

 

We do not ask you to share details about your conviction with us. However, if you do share this information, it will be treated confidentially by us.

 

How will we use you personal data?

We will use the information we collect from you to:

·         Respond to letters we receive from you

·         Putt you in touch with Shannon Trust Reading Plan Lead in your prison

·         Advise the Shannon Trust Reading Plan Lead of your transfer to their prison (if you tell us)

Testimonials and quotes provided by you to publicise the Reading Plan will never be published using your full name. They will not identify you unless we have specific permission from you to do so.

How long do we keep your information?

Your personal information will be kept for a year after it’s last use. Testimonials and quotes will be retained for use but will preserve your identity. If you change your mind about allowing us to use your testimonial or quote, please contact the Data Protection Officer at the address below.

If your personal information has been shared with us in error, we will destroy manual and electronic copies of the data and report the sharing as a data breech to the prison service.

 

Who do we share it with?
Shannon Trust only keeps information about you which is required for business or legal reasons. We will share your details with Reading Plan team members where is a need to.

Information about you is not released to people outside the organisation unless you have given your written consent except where there is a legal requirement to do so.

We will not share your information with any third party.

If you are asked to take part in an evaluation or monitoring exercise carried out by a third party such as a University, you will be advise how your personal information may be used. Taking part in any such exercise is voluntary.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy


 

Privacy Notice: Volunteer applicants

Shannon Trust volunteers are at the heart of our work. We value the trust you place in us by sharing your personal information when you apply to volunteer with us. It’s our wish, as well as our legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We obtain your personal information when you apply for a Shannon Trust volunteer role through our website shannontrust.org.uk.

 

What information do we collect?

·         Name

·         Address

·         Email address

 

Is any data considered as a Special category of personal data collected by us?

We ask you to tell us if you have any previous criminal convictions. This allows us to understand if there will be any barrier to you volunteering with us.

 

How will we use you personal data?

We will use the information we collect from you to:

·         To contact you to discuss your application

·         To respond to any questions you may have  

·         To organise an interview

·         To provide feedback following a decision to recruit you or not. 

How long do we keep your information?

We will keep your personal information for one month after we have advised you of the outcome of our application.

 

Who do we share it with?
We will share your information with the volunteer Area Coordinator who manages the Shannon Trust area the vacancy you’ve applied is part of.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy

 


Privacy Notice: Turning Pages Customers

Shannon Trust volunteers are at the heart of our work. We value the trust you place in us by sharing your personal information when you apply to volunteer with us. It’s our wish, as well as our legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We obtain your personal information when you contact us to find out able Turning Pages and when you place an order with us.

What information do we collect?

We collect your:

 

·         Name

·         Email address

·         Telephone number

·         Address

 

Is any data considered as a Special category of personal data collected by us?

We do not collect any Special category of personal data for you.

 

How will we use you personal data?

We will use the information we collect from you to:

 

·         Exchange information about Turning Pages

·         Establish if you might become a customer

·         Process your order

 

Where you have opted in, we will also keep you up to date with news about Turning Pages  including new products and discounts.

 

How long do we keep your information?

If you have not placed an order for Turning Pages we will keep  your data for 18 months following our last contact from you or earlier if you unsubscribe from our mailing list)

If you have ordered Turning Pages we will keep your details for 7 years from your latest purchase date – this is to allow us to comply with statutory and legal obligations.

 

Who do we share it with?
We share your data with a third party who manages the fulfilment of our orders.  The supplier is GDPR compliant.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy


 

Privacy Notice: Subscribers

We value being able to share information about our work with people who subscribe to our mailing list.  We value the trust you place in us by sharing your personal information when you subscribe to it. It’s our wish, as well as our legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We obtain your personal information when you subscribe to our mailing list or when you request that we subscribe you to it.

What information do we collect?

When you subscribe to our email  mailing list, we collect:

 

·         Name

·         Email (if provided)

 

Is any data considered as a Special category of personal data collected by us?

None of the date you provide to Shannon Trust is considered a special category of personal data.

 

How will we use you personal data?

We will use the information we collect from you to share:

·         News about our work

·         Information about our campaigns and fundraising

·         Ideas and suggestions on ways you can support our work

 

How long do we keep your information?

We will keep  your information until you unsubscribe from our mailing list. Where we identify that you have not opened an email from us for 2 years, we will invite you to confirm that you would like to remain on our mailing list. If confirmation isn’t received, we will remove you from the mailing list.

 

Who do we share it with?
We will share your information on an annual basis with a 3rd party who will screen for deceased subscribers. The 3rd party is full GDPR compliant.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy

 


 

Privacy Notice: Funders – Trusts and Foundations

We value the support we receive from Trusts and Foundations.  We value the trust you place in us by sharing your personal information. It’s our wish, as well as our legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.


How do we obtain your personal information?

We obtain your personal information when we are invited to apply for funding from Trusts and Foundations. We will also obtain your personal information through publicly available data found when potential funding opportunities

What information do we collect?

We will collect:

·         Your name

·         Work email

·         Work address

 

Is any data considered as a Special category of personal data collected by us?

We do not hold any data considered as a Special category about you.

 

How will we use you personal data?

We will use the information we collect from you to:

 

·         Administer your donation

·         Meet statutory and legal requirements

 

How long do we keep your information?

We will keep your personal data for the lifetime of the donation / grant and for seven years after the last payment is made.

Who do we share it with?
We do not share your personal data with anyone.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.


Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy

Privacy Notice: Individual Donors

We value the donations made to Shannon Trust by individual donors. We value the trust you place in us by sharing your personal information when you donate to us. It’s our wish, as well as our legal requirement, to explain why and how we process your personal data, how long we retain it for and how you can access and change the information we hold. 

 

All personal data is treated with the appropriate levels of security. The purpose of this notice is to inform you of the type of information we hold, how we obtain it, how we use it and how you can access such information. This covers general personal information and sensitive personal information which is held manually and in our computer systems.

 

How do we obtain your personal information?

We obtain your personal information when you donate either directly to Shannon Trust or when you use a donation platform such as Just Giving or Virgin Money Giving.

What information do we collect?

The information we collect about you is dependant on the information that you provide at the time of your donation and the information  you supply.

 

If you make a direct donation to Shannon Trust we will collect the following if you have supplied it:

·         Name

·         Address

·         Email

 

If you make a donation via a 3rd party fundraising / donating platform such as Virgin Money Giving or Just Giving, they will only pass information to us if you have given them permission to do so.

 

Is any data considered as a Special category of personal data collected by us?

None of the date you provide to Shannon Trust is considered a special category of personal data.

 

How will we use you personal data?

We will use your personal data to:

 

·         Meet statutory or legal obligations

·         Process gift aid claims

If you have opted into receive further contact from us we will also kKeep you up to date with information about Shannon Trust, our work, campaigns, fundraising and ways you can support us.

 

How long do we keep your information?

We hold your personal data for seven years to allow us to meet legal obligations.

 

Who do we share it with?
Your personal information will be used to submit Gift Aid claims. It will also be share d if we are legally obliged to do so.

If you have opted-in to our subscribers list we will share your data on an annual basis with a 3rd party supplier who will screen for deceased subscribers.

Your rights

You have the right to access any personal data relating to you which is held by us. You have the right to request your personal data is updated, amended or removed. You can request access to the personal data we hold about you by contacting our Data Protection Officer at Shannon Trust, The Foundry, 17 Oval Way, London, SE11 5RR, by calling 0203 752 5510 or emailing communications@shannontrust.org.uk.

Please let us know of any changes to your personal information. Full information on your rights can be found on the Information Commissioners Office website.

Privacy and our network - How do we use cookies?
Cookies are small text files that are placed on your computer by websites that you visit. Like most websites, we use cookies to improve and customise your experience, and to track usage and trends. Cookies are harmless, but since they can include personally identifiable information, sometimes people can have concerns about their online privacy.

 

Relevant policies:

Shannon Data Protection (GDPR) Policy

Shannon Trust Privacy Policy

Shannon Trust Cookie Usage Policy

Shannon Trust Data Security Policy (under review following cyber security training – due end Jan-19)
Shannon Trust Subject Access Request Policy
Shannon Trust Privacy by Design Policy

Shannon Trust Breach Notification and Investigation Policy

 

 

 

 

 

 

 

 



Appendix 3 Data Retention Schedule 

 

 

 

 



[1] Appendix 1 Legitimate Interest Assessment (LIA) template

[2] Appendix 2 Privacy Notices

[3] Appendix 3; Data Retention Schedule