How the Friends of Tetherdown uses your Personal Information
Introduction:
In the following document references to ‘FoT’ or ‘we’, means the Friends of Tetherdown, which is the trading name for the TETHERDOWN PRIMARY SCHOOL PARENT STAFF ASSOCIATION, a registered charity in England, with Charity Registration Number 1054520.
Information we hold:
FoT may hold the following details about you:
- Personal Information, such as your name, address and contact details (see Schedule 1 below for the formal definition of Personal Information)
- Details of when you contact us and when we contact you
If you provide us with personal information we will keep this information for as long as is necessary to comply with any statutory or legal obligations or for audit purposes.
Sensitive personal data:
We will not collect or process any information which the Data Protection Act and GDPR define as “sensitive”.
Confidentiality:
At times you may wish to make an informal request to see part of your information because you want to check specific activities you may have conducted on our website. We will be happy to discuss these requests with you but, as you appreciate, there is a need for us to protect your confidentiality. One of the ways to protect your confidentiality is to check that anyone asking for personal information has the right to receive it. Sometimes we may ask you to prove your identity or provide a written authorization before making information available.
Data storage:
FoT will only store your details and documentation in digital formats which will only be stored in an encrypted password protected database.
Use of your personal information
FoT will only use your information for two purposes:
- To facilitate commercial payments and transactions resulting from purchases and donations to the Tetherdown Primary School (the “School”) that you will make via our website;
- To facilitate GiftAid claims where you have indicated that you would like us to do so with regards to donations you have made to the school via the FoT.
Processing information outside of the UK
FoT may process information outside of the UK (for example – when we use 3rd party providers who have their computer servers outside the UK), and will ensure that it is secure and protected from unauthorised access. Where personal information is processed outside the UK, FoT will ensure your information is protected to the same level as required in the UK.
Sharing your details:
Within FoT
Information about you may be used by FoT personnel for all purposes necessary for performing our duties as a registered charity to the benefit of the School, as well as for legal and regulatory compliance as required by law and applicable regulations.
With other organisations
FoT may disclose your personal information to other people or organisations only if any of the following applies:
- We have your prior written consent;
- We are required to do so as part of our regular activities as a charity (e.g. when we use 3rd party providers to enable electronic payments, such as iZettle, GoCardless etc.) – and only after verifying they apply similar policies and safeguards to the processing of your personal information;
- We are required or permitted to do so by applicable law.
FoT does not share or give any information to 3rd parties for their own marketing purposes.
Social Networking Sites:
We may monitor and respond to comments or opinions on social networking sites e.g. Facebook, Twitter, and others.
FoT may also maintain a presence on selected social networking/media platforms, such as Twitter, Facebook and others, at its discretion. At no time will any personal information be shared on or made accessible to such platforms.
Access to your details:
Correction of details
You have the right to have any inaccurate information corrected. Please write to the FoT to do this.
How to request your details
You have the right to receive a copy of any personal information we hold on you. To request a copy of the personal information we hold on you, please write to the FoT.
GDPR and EU citizens:
The General Data Protection Regulation (GDPR) came into effect on May 26th 2018.
FoT is fully GDPR compliant, and for this purpose, we have undertaken the following actions:
- We have created a process to follow for notifying the ICO and you in case of a data breach that impacts your personal details.
- We have created different authorization levels for different FoT Committee Members, to limit access to personal information only to those who need it to carry out their individual functions within the FoT.
- We have created a process to obtain your agreement for processing your personal data, whereby your submission of such personal information constitutes your agreement for us processing it.
- We have created a data security procedure.
- We have put in place information backup procedures and disaster recovery plans.
- We have created a data breach register.
- We password protect and encrypt all files that may contain personal information.
Right to be forgotten
Under the GDPR regulation you have the right to be forgotten. We therefore commit to removing any data we hold on you, should you ask us to do so in writing, so long as there is no superseding regulation that requires us to retain your data.
Schedule 1: Personal Information
Personal Information is described in Article 4 of the GDPR regulation. A summary of personal data is described below. Also, there is a sensitive personal data category that should be noted (see below).
“Personal Data” is information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier:
- Name;
- Identification number;
- Location data;
- Online identifier (e.g., email address);
- Physical and/or physiological;
- Genetic;
- Economic;
- Cultural or ethnic
- IP address data – when it can be used with other data to identify an individual
Note: of the above, the FoT will only collect and process items 1 (name), 3 (address) & 4 (email).
Sensitive Personal Data includes: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
Note: the FoT will not collect or process any Sensitive Personal Data.