PRIVACY/DATA PROTECTION POLICY
Data Protection is an issue the Swindon Social Enterprise Network (SSEN) takes very seriously. Beyond compliance, we aim to observe best practice to protect and reassure our various contacts and customers. In short, we commit to procedures that protect sensitive data at all times and files that are regularly reviewed, updated and, if necessary, deleted.
Our Data Protection Policy refers to our commitment to treat information about employees, customers, stakeholders and other interested parties with the utmost care and confidentiality. Through this policy, we will ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. It is presented to all staff and volunteers as part of the induction and is available to customers and stakeholders upon request.
This policy refers to all parties (employees, job candidates, members, customers, suppliers etc.) who provide any amount of information to us. Employees of our organisation must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or who acts on our behalf and may need occasional access to data.
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.
Our organisation collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the rules below apply.
Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the organisation within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
- Made available only to individuals with a legitimate reason to see and use it
- Within a reasonable timescale, accessible to individuals to whom the data relates
- Largely kept electronically and paper files will be held securely
Our data will not be:
- Communicated informally
- Stored for more than a specified amount of time or longer than it is needed
- Transferred to organisations, states or countries that do not have adequate data protection policies
- Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling the data the organisation has direct obligations towards people to whom the Data belongs.
- Be transparent so people know which of their data is collected
- Provide information to people about how we’ll process their data
- Be clear about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
DATA WE KEEP
SSEN currently keeps data for the following purposes:
- Bookkeeping, raising/paying invoices, administrating tax, etc.
- Communications with all stakeholders including members, customers, suppliers and consultants
- Population of the members directory on the website; swindonsocialenterprise.com
- Sales, marketing and general trading purposes
- To ensure good governance of the business and to comply with legal requirements
- To ensure SSEN delivers its social purposes as a social enterprise
- Personnel, checking references and monitoring equal opportunities, and emergency contact details
Data subjects include:
- Members, directors, consultant workers (staff, in future)
- Customers who have traded with SSEN and prospective customers
- Suppliers who have provided (or may provide) products and services to SSEN
- End users of products, e.g. newsletter readers and subscribers to online services
The kinds of details we keep are:
- Contact and other personal details
- Personnel information such as application details, training and personal development information
- Information on gender, race, health conditions, offences/criminal record
- Payroll information
- Accountancy information such as charges made to customers and charges paid to suppliers
Some information is made available to the following bodies:
- People whose data the organisation holds
- HMRC, Companies House and other government and legal authorities
- Staff and managers who need to see information to undertake their duties for SSEN
- The organisation’s accountant and, when appropriate, legal advisors
- Funders who have a legitimate need to see evidence of activities
To exercise Data Protection we will:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Build secure networks to protect online data from cyber attacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Where appropriate establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)
- Publicise our data protection provisions on our website
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
Swindon Social Enterprise Network has taken steps to become compliant with the new General Data Protection Regulations enforced in May 2018.
Our data processing is compliant with the lawful basis of ‘Consent’. As the law specifies, we “can show that an individual has performed a clear affirmative action to allow us to process their personal data for a specific purpose”.
All of our electronic communications request affirmative action in order to continue receiving contact from Swindon Social Enterprise Network.
Individuals who choose to sign up to Swindon Social Enterprise Network’s communications in person at an event or similar via paper sign up, will be required to indicate their consent to be contacted before we add the individual to our database.
Swindon Social Enterprise Network ensures that contacts can exercise the right to be in informed about the use of their data via clearly labelled disclaimers at the point providing personal data.
All of our contacts have the right to request access to, rectify, restrict and erase their data.
Any contact may exercise any of their rights above, by contacting Swindon Social Enterprise Network directly through clearly signposted methods on swindonsocialenterprise.com.