Data Protection Policy – Summary Statement
Our Data Protection Values:
We only collect personal data that we need and use
Whenever we design a new data collection tool we think carefully about why each question is included and what we’ll use the resultant data for. We limit the amount of the personal data we collect by asking ourselves whether the data could be collected anonymously.
We’re open and clear about what we use personal data for
The individuals we collect personal data from have the right to know what we plan to do with that data. We use clear privacy notices and statements at the point of collection and make sure we don’t stray beyond these intended uses.
We make sure only people who need access to personal data see it
We only share the personal data we collect with others if there’s an important reason to and we never sell on personal data. We let people know in advance if we need to share their data externally and why. On a local level, this means we don’t pass on individuals’ details to other organisations or individuals without asking them first, and we store the data we collect in ways that limit who has access to it.
We make our Data Protection processes user-friendly and easy to follow
We try hard to ensure processes aren’t unnecessarily complex or burdensome. Wherever possible, we provide systems and hardware with Data Protection safeguards built-in, so compliance with our legal obligations is a straightforward and intrinsic thing. And we strive to make it as easy as possible for those we collect data from to contact us and exercise their data rights*.
We follow our procedures because we know they’re the best way to keep us and others safe
Our Data Protection procedures have been designed to safeguard our group members, volunteers and all others we hold information on. Following these procedures not only protects these individuals but means we can be confident we’re doing the right thing. We don’t take shortcuts with the processes and we
don’t create new systems or collection methods without approval and advice from our Data Compliance Manager.
We understand that Data Protection is everyone’s responsibility
Everyone has a part to play in making sure we’re sticking to our values and living these out in what we do. We support a culture of openness and healthy challenge and encourage everyone to let us know if there’s something we could be doing better.
We ask for help and advice when we need it
If we’re not sure of what to do or say we ask our Data Compliance Manager for support and advice. At an organizational level we’ll make the most of advice from experts and the ICO to ensure we’re doing the right thing.
We know our legal responsibilities and play our part
We view Data Protection primarily as a way to demonstrate respect towards and safeguard the interests of those we hold data on. But we also understand that this is underpinned by a legal obligation. We report any data breaches to our Data Compliance Manager as soon as we become aware of them, cooperate with the ICO and deal with complaints and concerns promptly.
The Reader and Data Protection
The Reader takes the protection of individuals’ personal data very seriously. We are committed to ensuring that everything we do with personal data protects the rights and freedoms of group members, volunteers, staff, customers and other stakeholders. We understand our legal obligations under the General Data Protection Regulation (GDPR) but – more than this – see best practice in the field of Data Protection as a fundamental expression of our values.
What data falls under the Data Protection Policy?
The Data Protection Policy covers personal data: information which relates to living individuals who could be identified from the information. Individuals may be identifiable even if their name is not collected. Personal data can include phone numbers, email addresses, photographs and film recordings, as well as forms which ask for a number of types of information about a named individual.
Know who to contact:
Got a question about The Reader’s Data Protection procedures? Want to see the full Data Protection Policy or understand what data we hold on you contact our Data Compliance Manager: email@example.com 0151 729 2200
The Reader, Calderstones Mansion House, Calderstones Park, Liverpool, Merseyside L18 3JB
*Individuals’ personal data rights:
- The right to be informed – To know why data is being collected, what will be done with it, how long it will be kept for and who it will be shared with (‘privacy information’).
- The right of access – To receive confirmation that your data is being processed, reasons for the processing (broadly in line with privacy notice information) and – where requested – access to what data is held about you.
- The right to rectification – To request (verbally or in writing) for inaccurate or
incomplete data to be corrected/added, to be completed within one month of request.
- The right to erasure – The right for personal data to be erased (‘the right to be
- The right to restrict processing – The right to limit usages of stored data.
- The right to data portability – To ask for personal data to be transferred to another controller
- The right to object – To object to processing if there are grounds relating to the individual’s particular situation
- Rights in relation to automated decision making and profiling.