Cornwall’s leading grant giving health charity for the promotion of health and wellbeing
and the prevention of sickness in Cornwall and The Isles of Scilly
can apply for grants to help reach their objectives
Introduction
This Privacy Policy relates to our use of any personal data we collect from you and the practical application of the regulations that are to be complied with by anyone in our organisation who manages or has responsibility for personal data.
Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data, including the Data Protection Act 2018 (DPA) and The General Data Protection Regulation (GDPR).
Compliance with data protection principles
Duchy Health Charity is committed to processing data in accordance with its responsibilities under GDPR.
All data is:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and not used for any other purpose.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept for no longer than is necessary. We understand what data we need to retain, for how long and why.
- Our retention periods are dictated by the Data Protection Laws and/or business need. Further information is available by submitting a written request using the contact details provided in this Policy.
- Our retention periods are dictated by the Data Protection Laws and/or business need. Further information is available by submitting a written request using the contact details provided in this Policy.
- Processed to ensure appropriate security, not only to protect against unlawful use, but also loss or damage.
- Data is held securely, so that it can only be accessed by those who need to do so. For example, paper documents are locked away, access to online folders in shared drives is restricted to those who need it and IT systems are password protected.
- Data is kept safe – our IT systems have adequate anti-virus and firewall protection that is up-to-date. Staff understand what they must and must not do to safeguard against cyber-attack, and that passwords must be strong and not written down or shared.
- Data is recoverable – we have adequate data back-up and disaster recovery processes.
- Data is held securely, so that it can only be accessed by those who need to do so. For example, paper documents are locked away, access to online folders in shared drives is restricted to those who need it and IT systems are password protected.
The data we collect
Information about companies or public authorities is not personal data.
However, information about employees, partners and company directors where they are individually identifiable and the information relates to them as an individual may constitute personal data.
The data we collect, and process will include name, email address, IP address and cookies of your visit to our website.
Individual rights
We recognise that individuals’ rights include the right to be informed, of access, to rectification, erasure, restrict processing, data portability and to object.
Use of imagery/video
All imagery is protected by copyright and cannot be used without the consent of the owner, usually the person who took the image.
Consent will always be sought from the subjects for any imagery we use.
Data breach
The circumstances leading to any breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data will be investigated fully to identify if any action needs to be taken.
Action might include changes in procedures, where there will help to prevent a re-occurrence or disciplinary or other action, in the event of negligence.
We are aware that if unaddressed such a breach is likely to have a significant detrimental effect on individuals. For example:
- Result in discrimination.
- Damage to reputation.
- Financial loss.
- Loss of confidentiality or any other significant economic or social disadvantage.
We will notify the ICO within 72 hours, of a breach if it is likely to result in a risk to the rights and freedoms of individuals.
Changes
We keep our Privacy Policy under regular review and you may wish to check back regularly to ensure you are aware of any changes to it.
Complaints
You have the right to complain about the processing of your personal data.
Please contact us using the details below. If you are still unsatisfied you have the right to complain to the Information Commissioners Office.
Who we are and how to contact us
For the purpose of the Data Protection Laws, the Data Controller is Duchy Health Charity Limited, registered company number 01268926. If you would like to request more information regarding data protection please contact us using the details provided below:
FAO: Administrator
Duchy Health Charity Limited
PO Box 352
St Austell
Cornwall PL25 9JE
Email: info@duchyhealthcharity.org.uk
Telephone: 07884 556106