The Suffolk Punch Trust (The Trust) is committed to ensuring that the privacy of staff, volunteers, friends of The Trust and donors and anyone else who supports The Trust is protected. The Trust is a registered charity (1100596).
This Privacy Notice explains in detail the type of personal data we may collect, how we collect it and what we do with it and why. It also explains how we will store and handle that data and keep it safe.
What do we mean by Personal Data?
By personal data we mean any information that might allow you to be identified, e.g. your name, address, date of birth, credit card details etc. It does not apply to information about organisations, companies and agencies but applies to named persons, such as individual volunteers or employees within The Trust
How do we collect personal data from you?
We currently collect personal information under the new General Data Protection Regulation. The Trust will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, by completing a form or by writing to us.
When collecting data, The Trust will ensure that the Data Subject:
Clearly understands why the information is needed
Understands what it will be used for and what the consequences are should the Data Subject decide not to give consent to processing
As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed
Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
Has received sufficient information on why their data is needed and how it will be used
What type of information is collected about you?
The personal information we collect about you for the purposes of fundraising, could include your name, address, email, telephone number, date of birth, I.P. address, photo and financial information such as credit card details. You may appear in still images or video footage using Closed Circuit Television (CCTV) and publicity information about the Trust.
How we use your information
We may use your information for any of the following:
Staff: We collect personal information of employees for administrative and payroll purposes and in order to comply with employment legislation. This could be bank details and information relating to the Disclosure and Barring Service (DBS).
Volunteers: We collect personal information of volunteers for administrative purposes. We may also hold bank details if appropriate and information relating to the DBS.
Job applicants: We collect personal information of applicants for administrative purposes and in order to comply with employment legislation.
Fundraisers: We collect personal information for administrative purposes and to ensure you are kept up to date with our products, services and events. We may use this information if you have made a donation or if we send you communication about The Trust.
General: We will process information to identify and prevent fraud and to ensure the security of our communication and information systems.
Website: We will store date about your internet browser, I.P. address and the pages you look at if you visit our website.
Who can access your information?
We may share data you provide with our regulators, auditors, and with relevant legal bodies.
We will never provide your details to third parties unless there is a legitimate reason for doing so. The Data Subject will be made aware in most circumstances how and with whom their information will be shared. The Trust regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.
The Trust will, through appropriate management, strict application of criteria and controls:
Observe fully conditions regarding the fair collection and use of information
Meet its legal obligations to specify the purposes for which information is used
Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements
Ensure the quality of information used,
Ensure that the rights of people about whom information is held, can be fully exercised under the Act. These include:
The right to be informed that processing is being undertaken,
The right of access to one’s personal information
The right to prevent processing in certain circumstances and
The right to correct, rectify, block or erase information which is regarded as wrong information),
Take appropriate technical and organisational security measures to safeguard personal information,
Set out clear procedures for responding to requests for information.
Information and records relating to service users will be stored securely and will only be accessible to authorised staff and volunteers. Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately.
Data access and accuracy
All Data Subjects have the right to access the information The Trust holds about them. The Trust also takes reasonable steps ensure that this information is kept up to date and at times in the future you may be asked to review your details.
In addition, the Trust will ensure that:
It has a Data Controller with specific responsibility for ensuring compliance with Data Protection,
Everyone processing personal information understands that they are contractually responsible for following good data protection practice,
Everyone processing personal information is appropriately trained,
Everyone processing personal information is appropriately supervised,
Anybody wanting to make enquiries about handling personal information knows what to do,
It deals promptly and courteously with any enquiries about handling personal information,
It describes clearly how it handles personal information,
It will regularly review and audit the ways it hold, manage and use personal information
It regularly assesses and evaluates its methods and performance in relation to handling personal information
All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.
The Data Protection Policy is fully supported by the Chief Executive and Managers and has been agreed by the Trustees and will be reviewed and when necessary amended every 3 years.
Whenever we process data we will ensure that we always maintain your Personal Data rights and take account of your rights. You have the right to object to processing and also access to your information if you wish by emailing firstname.lastname@example.org
If you have any questions about this privacy statement or our privacy and data processing in general, please contact us on 01394 411327 or write to use at the following address:
The Suffolk Punch Trust
Cookies are small files saved to the user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
If you wish to access and/or request us to make corrections to the Personal Information that you have stored with us, or wish to request a list of what Personal Information (if any) pertaining to you we disclosed to third parties for direct marketing purposes, feel free to send us an e-mail to email@example.com and we will respond within a reasonable timeframe and in accordance with any applicable law.
The Suffolk Punch Trust has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. Among other things, we offer HTTPS secure access to most areas on our Services; the transmission of sensitive payment information (such as a credit card number) through our designated purchase forms is protected by an industry standard SSL/TLS encrypted connection; and we regularly maintain a PCI DSS (Payment Card Industry Data Security Standards) certification.
We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third Party Services for further enhancing the security of our Services and protection of our Visitors’ and Users’ privacy.
However – regardless of the measures and efforts taken by The Suffolk Punch Trust, we cannot and do not guarantee the absolute protection and security of your Personal Information, your Users-of-Users’ Information or any other User Content you upload, publish or otherwise share with The Suffolk Punch Trust or anyone else.