Privacy & Cookies
Data Protection Policy
DATA PROTECTION POLICY
Introduction
Dundonald Foodbank Limited is registered with the Information Commissioner as a
controller [ZA354195] and is governed by the Data Protection Act 2018, the EU
General Data Protection Regulation (GDPR) and the Privacy and Electronic
Communications Regulations 2003 (PECR).
Who this policy applies to
Dundonald Foodbank Limited employees and volunteers are required to adhere to
this policy which is designed to protect the personal data of Dundonald Foodbank
Limited data subjects – our supporters, volunteers, employees and trustees.
Written Data Protection Guidance is provided to help staff and volunteers comply
with this policy and relevant data protection legislation.
Key definitions
Data protection law applies to how we process people’s personal information. The
key terms that we need to understand are:
Controller – Dundonald Foodbank Limited is a controller as it collects and decides
how personal information will be used.
Principles – These are the rules that we must follow when processing personal
information
Processing – This is what we do with personal information. It includes how we
collect, record, store, share and use personal information
Personal information – This includes personal data and special category personal
data
Personal data – This is information about people and held in computer systems,
mobile devices including laptops, tablets, telephones, or in manual records such in
paper files and notebooks. For example, name, address, date of birth, bank account
details, interests
It also includes opinions about a person. For example, notes on how you think
someone has behaved, performed or appears
Special category personal data – this is information about a person’s health,
religion, political opinion, trade union membership, race or ethnic origin, sexuality
A data subject – this is the person whose personal information is being processed.
For example, a supporter, employee, volunteer, trustee
A privacy policy – this is how we inform people about how their personal
information will be used. Dundonald Foodbank Limited privacy policy is provided on
our website
A privacy notice – this is a short notice when we collect personal information from
people to inform them how their personal information will be used and to look at our
privacy policy for more detail
Data processor – this is an organisation that we use to process personal
information on behalf of the Trust. For example, a print and mailing house
Information Commissioner’s Office (ICO) – this is the government body
responsible for enforcing data protection law in the UK
Data protection principles
All staff and volunteers are responsible for complying with the principles of data
protection legislation which states that personal information must be:
1. Collected and processed in a fair, lawful and transparent way
2. Used only for the reasons it was collected
3. Relevant and not excessive
4. Kept accurate and up to date, and corrected or deleted if there are mistakes
5. Kept for no longer than it is needed
6. Kept safe to protect it from being lost, stolen or used inappropriately
7. Processed in accordance with people’s rights
In addition, the GDPR provides rules relating to the transfer of personal data to
countries outside of the European Economic Area.
See Dundonald Foodbank Limited’s ‘Data Protection Guidance for Dundonald
Foodbank Limited’s data protection working practices.
Data subjects
Dundonald Foodbank Limited’s data subjects include supporters, employees,
volunteers, trustees and beneficiaries.
Data processing purposes
Dundonald Foodbank Limited needs to process personal information about our
different data subjects to:
Process donations and gift aid claims
Process legacies and pledges
Enable supporters to fundraise for us
Enable supporters to participate in events
Manage relationships with our supporters
Provide supporters with information about us and the work that we do
Manage marketing and communication preferences of our supporters
Provide support to people who need to use the food bank
Develop case studies and stories about our beneficiaries to promote and
report on the work that we do
Recruit and employ members of staff
Recruit and manage volunteers
Fulfil our legal and governance obligations as a registered charity and
company
Legal basis for processing personal information
Dundonald Foodbank Limited’s legal basis for processing personal information is
documented in detail in our ‘Record of Processing Activity’. Personal information is
processed with consent where appropriate, in order to meet our legal obligations as
an employer, registered charity and company, and for our legitimate interests.
Dundonald Foodbank Limited may process some personal information based upon
our legitimate interests. This is where the processing is required to fulfil our
organisational objectives, is not to the detriment of our data subjects, and will not
cause them damage or distress. We undertake legitimate interest assessments to
balance the rights and interests of our data subjects with that of Dundonald
Foodbank Limited in order to make a judgement as to whether the legitimate
interest condition applies to our processing.
Responsibilities of staff and volunteers
Dundonald Foodbank Limited’s Data Protection Lead, who is also Project Manager, &
Chairperson of Directors, is required to:
1. Provide compliance advice to staff
2. Ensure that staff receive appropriate data protection training and guidance
3. Ensure that Dundonald Foodbank Limited’s data protection policies and
documents are appropriate and up to date
4. Be the focal point for the administration of any subject access requests
5. Deal with data subject rights in relation to erasure, objection, restriction and
rectification that staff feel unable to manage themselves
6. Log and assess all personal data breaches at Dundonald Foodbank Limited
7. Refer data breach assessments to the board of Trustees for a final decision
on whether they should be reported to the ICO
8. Renew and ensure that Dundonald Foodbank Limited’s notification with the
ICO is accurate
9. Keep a central register of all organisations that Dundonald Foodbank Limited
shares personal information with
10. Advise staff on the interpretation of this policy and guidelines and to monitor
compliance with the policy.
All staff and volunteers are responsible for:
1. Working in compliance with the data protection principles as set out in this
policy and Dundonald Foodbank Limited’s ‘Data Protection Guidance’
2. Ensuring that any personal information that they provide Dundonald
Foodbank Limited in connection with their employment, volunteering or other
contraction agreement is accurate
3. Informing Dundonald Foodbank Limited of any changes to any personal
information which they have provided, e.g. changes of address
4. Responding to requests to check the accuracy of the personal information
held on them and processed by Dundonald Foodbank Limited
Data subject rights
Dundonald Foodbank Limited respects the rights of its data subject including the
right to:
To be informed – we do this by including appropriate privacy notice
information when collecting personal information
Subject access – the right to view their personal information which we hold
Object and / or withdraw consent – where the processing of personal data
could cause them significant damage or distress.
Rectification – we must correct any inaccurate or incomplete personal
information when asked
Erasure – deletion or the removal of their personal information where there is
no compelling reason for its continued processing
See Dundonald Foodbank Limited’s ‘Data Protection Guidance’ for information on
how to respond to data subject rights.
Data security
It is the responsibility of all staff and volunteers authorised to access personal data
processed by Dundonald Foodbank Limited to ensure that data, whether held
electronically or manually, is kept securely and not disclosed unlawfully, in
accordance with this Policy. Unauthorised disclosure will usually be treated as a
disciplinary matter and could be considered as constituting gross misconduct in
some cases.
Policy awareness
Data protection awareness will be included as part of induction. Changes to policy on
data protection policy or guidance will be circulated to all staff and volunteers. All staff and volunteers are expected to be familiar with and comply with the policy at
all times.
Redress
Anyone who considers that this policy has not been followed in respect of personal
data about themselves should raise the matter with the Data Protection Lead.
Status of this policy
This policy does not form part of the formal contract of employment, but it is a
condition of employment that employees will abide by the rules and polices made by
Dundonald Foodbank Limited from time to time.
Compliance is the responsibility of all staff and volunteers. Any breach of this policy
may lead to disciplinary action being taken, or even a criminal prosecution.
Any questions or concerns about the interpretation or operation of this policy should
be taken up with the Data Protection Lead.
This Policy was agreed to by the Board of Directors on Tuesday 23 rd April 2024
This Policy will be reviewed in May 2025.