Version 1.2
Effective Date: 1st September 2023
Review Date: 1st September 2025
Purpose
This policy outlines Finnbar’s Force’s commitment to protecting the personal data of individuals involved with our organisation, including donors, volunteers, families supported, and staff members. It is designed to comply with the UK General Data Protection Regulation (UK GDPR) and other relevant data protection laws.
Scope
This policy applies to all personal data processed by Finnbar’s Force, whether collected electronically, in writing, or verbally. It covers data collected from individuals residing within the UK.
Data Protection Principles
Finnbar’s Force is committed to processing personal data in accordance with the following principles:
Types of Data Collected
Finnbar’s Force may collect the following types of personal data:
Data Processing Activities
Finnbar’s Force processes personal data for the following purposes:
Lawful Basis for Processing
Finnbar’s Force processes personal data based on the following legal grounds:
Data Retention
Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected. We will regularly review and delete data that is no longer required.
Data Security
Finnbar’s Force implements robust technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:
Third-Party Data Processors
We may engage third-party service providers to process personal data on our behalf. In such cases, we ensure that they have appropriate data protection measures in place and that they comply with our instructions and the UK GDPR.
Data Subject Rights
Individuals have the right to:
International Transfers
If Finnbar’s Force transfers personal data outside the UK, we will ensure appropriate safeguards are in place to protect the data, such as the Standard Contractual Clauses approved by the European Commission.
Data Breaches
In the event of a data breach, Finnbar’s Force will take prompt action to investigate the incident, notify affected individuals as required by law, and implement corrective measures.
Contact Information
For any data protection inquiries, please contact:
Review and Updates
This policy will be reviewed annually to ensure its continued compliance with applicable laws and regulations.