Privacy Policy

Finnbar's Force Data Protection Policy

Version 1.2

Effective Date: 1st September 2023

Review Date: 1st September 2025

Purpose

 

This policy outlines Finnbar’s Force’s commitment to protecting the personal data of individuals involved with our organisation, including donors, volunteers, families supported, and staff members. It is designed to comply with the UK General Data Protection Regulation (UK GDPR) and other relevant data protection laws.

 

Scope

 

This policy applies to all personal data processed by Finnbar’s Force, whether collected electronically, in writing, or verbally. It covers data collected from individuals residing within the UK.

 

Data Protection Principles

 

Finnbar’s Force is committed to processing personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency: Data is processed lawfully, fairly, and transparently in relation to the individual.
  • Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and is not processed in a way incompatible with those purposes.
  • Data minimisation: Only the necessary personal data is collected and retained.
  • Accuracy: Data is accurate, up-to-date, and complete.
  • Storage limitation: Data is not kept for longer than necessary for the purposes for which it was collected.
  • Integrity and confidentiality: Data is processed securely to protect against unauthorised access, alteration, disclosure, or destruction.

Types of Data Collected

 

Finnbar’s Force may collect the following types of personal data:

  • Contact information (name, address, phone number, email)
  • Demographic information (age, gender)
  • Financial information (donation details)
  • Medical information (if relevant for supported individuals)
  • Volunteer or staff information (e.g., qualifications, experience)

 

Data Processing Activities

 

Finnbar’s Force processes personal data for the following purposes:

  •  Fundraising and donor management
  • Providing support to families affected by childhood cancer
  • Managing volunteers and staff
  • Communicating with stakeholders
  • Complying with legal and regulatory requirements

 

Lawful Basis for Processing

 

Finnbar’s Force processes personal data based on the following legal grounds:

  • Legitimate interest: For most processing activities, such as fundraising and providing support.
  • Consent: For specific activities where explicit consent is required (e.g., sharing data with third parties).
  • Legal obligation: To comply with legal and regulatory requirements.

 

Data Retention

 

Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected. We will regularly review and delete data that is no longer required.

 

Data Security

 

Finnbar’s Force implements robust technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Sensitive data is encrypted both at rest and in transit.
  • Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis.
  • Regular security reviews: We conduct regular security assessments and implement necessary updates and patches.
  • Employee training: Staff members receive training on data protection best practices and are required to adhere to our security policies.

 

Third-Party Data Processors

 

We may engage third-party service providers to process personal data on our behalf. In such cases, we ensure that they have appropriate data protection measures in place and that they comply with our instructions and the UK GDPR.

 

Data Subject Rights

 

Individuals have the right to:

  •  Access their personal data
  • Rectify inaccurate data
  • Erase their personal data
  • Restrict processing of their personal data
  • Data portability
  • Object to processing
  • Withdraw consent (where applicable)

International Transfers

 

If Finnbar’s Force transfers personal data outside the UK, we will ensure appropriate safeguards are in place to protect the data, such as the Standard Contractual Clauses approved by the European Commission.

 

Data Breaches

 

In the event of a data breach, Finnbar’s Force will take prompt action to investigate the incident, notify affected individuals as required by law, and implement corrective measures.

 

Contact Information

 

For any data protection inquiries, please contact:

 

Info@finnbarsforce.org

 

Review and Updates

 

This policy will be reviewed annually to ensure its continued compliance with applicable laws and regulations.