Data Protection Policy• Policy prepared by: Dee Gordon Jackson and Rebecca Thomas
• Approved by Trustees: September 2018
• Next review date: September 2019
In order to operate, The Radford Charitable Trust needs to gather, store and use certain forms of information about individuals.
These individuals can include Trustees, Officers, donors, applicants and recipients of grants, applicants and recipients of instrument loans, music teachers and other people the Trust has a relationship with or regularly needs to contact.
This policy explains how this data is collected, stored and used in order to meet The Radford Charitable Trust’s data protection standards and comply with the law.
Why is this policy important?
This policy ensures that The Radford Charitable Trust:
- Protects the rights of Trustees, Officers, donors, applicants and recipients of grants, applicants and recipients of instrument loans, music teachers and relevant others.
- Complies with data protection law and follows good practice.
- Is protected against the risks of a data breach.
Who and what does this policy apply to?
This applies to all those handling data on behalf of The Radford Charitable Trust i.e.:
It applies to all data that The Radford Charitable Trust holds relating to individuals, including:
- Email addresses
- Postal addresses
- Phone numbers
- Any other personal information held (e.g. financial)
Roles and responsibilities
Everyone who has access to data as part of The Radford Charitable Trust has a responsibility to ensure that they adhere to this policy.
The Data Controller for The Radford Charitable Trust is the Administrator, Sarah Rogers. Together with the Trustees of The Radford Charitable Trust, she is responsible for why data is collected and how it will be used, and for maintaining a Data Register. Any questions relating to the collection or use of data should be directed to the Data Controller.
1. We fairly and lawfully process personal data
The Radford Charitable Trust will only collect data where lawful and where it is necessary for the legitimate purposes of the Trust.
- The name and contact details of individuals will be collected when they first contact the Trust and will be used to contact the individual regarding donations, grant applications, instrument loans and relevant Trust administration and activities. This includes Current recipients of grants and instrument loans. Other data may also subsequently be collected in relation to their involvement with the Trust.
- The name and contact details of Trustees will be collected when they are first associated with The Radford Charitable Trust and will be used to contact them regarding administration related to their role.
2. We only collect and use personal data for specified and lawful purposes
When collecting data, The Radford Charitable Trust will always explain to the subject why the data is required and what it will be used for.
We will never use data for any purpose other than that stated or that can be considered reasonably to be related to it. For example, we will never pass on personal data to third parties without the explicit consent of the subject.
3. We ensure any data collected is relevant and not excessive
The Radford Charitable Trust will not collect or store more data that the information reasonably required for its intended purpose.
4. We ensure data is accurate and up-to-date
The Radford Charitable Trust will ask its Trustees, donors and current recipients of grants or instrument loans to check and update their data on an annual basis.
Any individual will be able to update their data at any point by contacting the Data Controllers.
5. We ensure data is not kept longer than necessary
The Radford Charitable Trust will keep data on individuals for no longer than 12 months after our involvement with the individual has stopped, unless there is a legal or business requirement to keep records (for example, a record of donations within our financial records, which are kept for 6 years according to current HMRC rules).
We will need to maintain records of grants awarded and instrument loans for at least 20 years to ensure that people do not apply for and receive more financial help or instrument loan for longer than they are eligible to under the Trust’s policy.
We process data in accordance with individuals’ rights.
The following requests can be made in writing to the Data Controllers - those concerned can:
- Request to see any data stored about them. Any such request will be actioned within 14 days of the request being made.
- Request that any inaccurate data held on them is updated. Any such request will be actioned within 14 days of the request being made.
- Object to any storage or use of their data that might cause them substantial distress or damage or any automated decisions made based on their data. Any such objection will be considered by the Trustees, and a decision communicated within 30 days of the request being made.
6. We keep personal data secure
The Radford Charitable Trust will ensure that data held by us is kept secure.
Electronically-held data will be held within a password-protected and secure environment. Anyone who records any contact details must ensure this happens. The Trustees and Officers of The Radford Charitable Trust store the data, mostly digitally, according to their roles in running the Trust.
- Passwords for electronic data files will be re-set each time an individual with data access leaves their role/position.
- Physically-held data (e.g. application forms, Trustees’ and donors’ contact details) will be stored in a locked cupboard.
- Keys for locks securing physical data files should be collected by the Data Controller from any individual with access if they leave their role/position. The codes on combination locks should be changed each time an individual with data access leaves their role/position.
Access to data will only be given to relevant Trustees and Officers where it is clearly necessary for the running of the Trust. The Data Controllers will decide in what situations this is applicable and will keep a master-list of who has access to data
Sharing Data with Third Parties
The Radford Charitable Trust may share student information with third parties, if the individual’s consent has been expressly given but this will be limited to music teachers, music education providers, educational establishments, other funding organisations, music shops and our insurance company. We only contact people and organisations within Great Britain.
Details of grant applicants’ financial circumstances will only be held by the Administrator, and the Trustees will only be given access to an anonymous summary of such details for the purposes of considering a grant application.