General Data Protection Regulation (GDPR) Policy
Scope
This policy defines how TouchdownUK (TDUK) will comply with the General Data Protection Regulation (GDPR) that came into force on 25th May 2018.
Overview
GPDR requires that TDUK is only allowed to use and share personal information if it has proper reason to do so.
TDUK will only do this if one of the more following criteria is met:
· To fulfil a legal contract
· TDUK has a legal obligation to do so
· When it is in TDUK’s legitimate interest
· When it is in the vital interest of the person to share the information
· When the person consents to it
Data Controller
The Data Controller for TDUK shall be the TDUK Secretary
Collection of Personal Information
TDUK may collect the following personal information:
Type of Personal Information |
Example Descriptions |
Contact |
Address, Phone Number, e-mail address |
Transactional |
Details of payments made to/received from the person |
Contractual |
Details regarding any contract that has been made with the person |
Communications |
Information provided by the person in letters, emails and conversations between the person and TDUK |
Consents |
Any permissions provide by the person to TDUK to use their personal information |
TDUK may collect data from the following sources:
· Correspondence in e-mail and letters
· Conversations either in person or on the phone between elected members of TDUK and the person
· Information provided by the person at TDUK meetings
Data Sharing
TDUK shall not share data without the consent of the person.
TDUK shall not send data outside the European Economic Isa (EEA).
Data Retention
TDUK will normally only retain personal data for a maximum of 1 year, unless a longer period is required by law such as with PVG or Trustee information. After 1 year, if TDUK wish to retain the personal data, TDUK will seek the persons consent to retain the personal information for a further 1 year.
Data Security
TDUK shall store data on a password protected secure network. Only the security controller and data processors authorised by the data controller shall have access to the network.
Where hard copy personal data is held, TDUK shall keep the data in a lockable storage facility. Access to this storage facility will be limited to the data controller and any data processors authorised by the data controller.
Requests for a copy of Personal Information
A person may request a copy of the personal information that TDUK holds about them by contacting the secretary of TDUK at the following e-mail address:
TDUK shall respond to any requests for information within 4 calendar weeks. Information shall be given only when the identity of person making the request has been verified and shall not be sent electronically but by Royal Mail.
Withdrawal of Consent
A person may withdraw their consent from TDUK to hold their personal data at any time. Requests to remove personal data from the TDUK records shall be sent to the following e-mail address:
The request must specify which data the person wishes to have removed.
Complaints
Complaints regarding TDUK’s holding of personal data should be made to the following e-mail address:
Complaints may also be held by the Information Commissioner’s Office (IOC). Details on how to report a concern can be found on their website.
TDUK Data Protection 2018
Guardian/Participant information Consent Form
I give permission to have the following information held about me on file by TDUK:
1. My contact details, including name, address, email and telephone number. Yes / No
2. Any medical details pertinent to my child taking part in TDUK sessions. Including emergency contact details. Yes / No
3. Record of my childs’ attendance at TDUK sessions.
Yes / No
4. Record of my permission to allow photographs of my child to be taken and used for to evidence the work of TDUK for funding applications and for promotion of TDUK projects.
Yes/No
5.
Name…………………………………………………………………………………………
Signed……………………………………………………Date…………………………..