GDPR Privacy Notice

Pembrokeshire Mencap Ltd

Data Protection Privacy Notice

Introduction – The Society has reviewed it Policy on Data Protection in the light of the General Data Protection Regulations (GDPR) that came into effect in May 2018. In general terms this has required that we publish a schedule of information we hold and our reason for holding it. The way in which we deal with that data and the level of security we employ are largely as exercised under previous legislation and the key points are summarised below. In all respects we will endeavour to follow the terms of the Regulations, full details of which are available on the Information Commission’s Web Site at http://ico.org.uk

  1. Key Points of the Society’s Policy are as follows
    1. The Society will have a Privacy Notice on Public Display that will identify the following,
      1. What we collect
      2. Why we collect it
      3. The Authority under which it is collected – where appropriate e.g. HMRC, etc
      4. For how long we keep personal data
      5. Who to contact for further information
    2. Information we hold shall be purely for the effective operation of the Society.
    3. Information will be held for the minimum period of time commensurate with good practice and any legal requirements.
    4. Information will not be passed to third parties for the purposes of marketing.
  2. Storage of personal data will be with the agreement of the person involved.
  3. Requests from individuals for copies of the personal information we hold shall be dealt with promptly and within the 1-month time scale referred to in the GDPR.
  4. Storage of personal records will be held in an appropriately secure manner. If on computer, they will be password protected, and if on paper copy they will be in filing cabinets with limited access in secure premises.
  5. In the event that information is passed to third parties (e.g. wages & salaries), the Society will ensure that the level of security of data is at least equal to that provided in-house.
  6. Individuals shall have a right to lodge a complaint. In the first instance it is preferred if the individual follows the Society’s complaints procedure, but they should also be advised that they may refer an issue to the Information Commissioner on worker@ico.org.uk

GDPR 2018 Schedule

General Data Protection Regulations 2018
In accordance with the 2018 GDPR the Society records below the status of information held by the Society.

GroupData ControllerData ProcessorReason for holdingMethod of storageDuration of storage
EmployeesPembrokeshire MencapRees and HaydenCompliance with employment law and HMRC requirementsComputer disc password protected in secured office premises7 years minimum
EmployeesPembrokeshire MencapPembrokeshire MencapPersonal details for purposes of holiday and sickness records, staff appraisals & H and S needsMix of paper and computer records in secure storage or password protected computer6 years minimum
StudentsPembrokeshire CollegePembrokeshire MencapFor the provision of appropriate training and health and safety requirementsMix of paper and computer records in secure storage or password protected computer6 years minimum
CLIENTSPembrokeshire County Council, Carmarthen CC, Bramble Bay Care, Elliots Hill CarePembrokeshire MencapFor the provision of appropriate training and care and health and safety requirementsMix of paper and computer records in secure storage or password protected computer6 years minimum
VolunteersPembrokeshire MencapPembrokeshire MencapFor appropriate communication and H & S needs and DBS requirementsMix of paper and computer records in secure storage or password protected computer6 years minimum
TrusteesPembrokeshire MencapPembrokeshire MencapFor appropriate communication and effective operation of the charity and requirments of companies house and charities commissionMix of paper and computer records in secure storage or password protected computerFor 6 years after ceasing to practice as a trustee
Public 1Pembrokeshire MencapPembrokeshire MencapFor operation of gift aid comprising name and address onlyMix of paper and computer records in secure storage or password protected computerFor 7 years for the purpose of meeting any HMRC audit
CustomerPembrokeshire MencapPembrokeshire MencapCredit card transactionsBoxed file of copy receipts held in secured office3 months
Members 200 ClubPembrokeshire MencapPembrokeshire MencapAdministation of LotteryMix of paper and computer records in secure storage or password protected computer12 months

Notes

  • Duration may be extended in the case of any issue being subject of a legal proceeding or insurance claim
  • A copy of the Society’s Data Protection Policy can be made available on request