Heulwen Trust Privacy & Data Protection Policy
The Heulwen Trust is a Charity that runs the Welshpool Country and Western to fund the cost of running our canal boats for those who suffer from a disability.
We have two websites – one relating to the Boats and one relating to the Country and Western Festival.
We do have links on our website to other websites to assist you. We do not record whether you use such links. We are not responsible for the contents of any third party website and you should please satisfy yourself that you are content with the policies of such third party websites.
Privacy – What we record
When a members of the public makes contact with us we will use their contact information to respond to the enquiry, whether that enquiry is of a general nature or relates to a boat booking or an advance ticket sale for the Country and Western.
To enable us to respond to an enquiry, we may pass on details to the appropriate member of the Trust to respond. Details of enquiries and responses will be retained as a record of both the enquiry and our response.
We will record details of enquiries from people who are interested in and subsequently do use our boats. We will also record details of people who want to buy advance tickets for the Country and Western. These records are retained to record the legal contract entered into.
All personal information is stored on devices which have access restricted to authorised individuals.
Please use the Contact Us page if you wish to ascertain what records we hold for you. If our records are inaccurate we would be delighted to rectify them. Whilst we are happy to erase and amend inaccurately held information or to record your wish that you do not wish to be contacted by us, please be aware that any records of the contractual details will be retained during the statutory contractual limitation period.
Data Protection & How we handle data
The Heulwen Trust is committed to a policy of protecting the rights and privacy of individuals; however, the Trust needs to collect and use certain types of data in order to carry on its work. This personal information must be collected and dealt with appropriately.
General Data Protection Regulation (GDPR) which became law on 25 May 2018 governs the use of information about people (personal data). Personal data can be held on computer or in a manual file, and includes email, minutes of meetings, and photographs.
The Trust will remain the data controller for the information held. The Trust and volunteers will be personally responsible for processing and using personal information in accordance with the GDPR. Trustees, officers, volunteers and contractors involved in the Trust who have access to personal information, will be required to read and comply with this Policy.
The purpose of this policy is to set out the Trust commitment and procedures for protecting personal data. The Trust regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal. The Trust will adopt procedures and manage responsibly all data which it handles, and will respect the confidentiality of the data. In some cases, it will have contractual obligations towards confidential data, but in addition will have specific legal responsibilities for personal and sensitive information under data protection legislation. The Trust will periodically review and revise this policy in the light of experience, comments from data subjects and guidance from the Information Commissioners Office. Protecting Confidential or Sensitive Information The Trust recognises that it must, at times, keep and process sensitive and personal information about trustees, officers, volunteers, contractors and the public; it has therefore adopted this policy not only to meet its legal obligations but to ensure high standards.
The General Data Protection Regulation (GDPR) became law on 25 May 2018 and, like the Data Protection Act 1998 before it, seeks to strike a balance between the rights of individuals and the sometimes competing interests of those such as the Trust with legitimate reasons for using personal information. The policy is based on the premise that Personal Data must be:
- Processed fairly, lawfully and in a transparent manner in relation to the data subject.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.