top of page

PRIVACY POLICY

We take your data seriously.  Here is our privacy policy, which we will update as the organisation develops.  Please don't hesitate to contact us if you have any questions about this policy or how we manage it. 

Policy Details

Introduction

This is the data protection policy for Bearwood Community Hub. As part of our work we need to collect information from the people we work with and who wish to be in contact with us. The collection of that data creates an obligation to ensure that we have informed consent to collect information and a transparent plan for managing that information within the scope of data protection regulations.

This policy sets out how we will collect information, store information and seek consent from individuals in relation to the data we store on their behalf.

This policy ensures that Bearwood Community Hub complies with all legal obligations to:-

  • Recognise that individuals that provide us with data are the owner of that data

  • To store data in a method that ensures security of that data is the most important consideration

  • Provide individuals access to all information that is held by us on request

  • Protect itself and individuals from the risk of data breach

 

This policy has been developed in order to comply with General Data Protection Regulations (GDPR) and UK data protection legislation such as the Data Protection Act 2018. As such Bearwood Community Hub commits to embed the five Data Protection principles in its business:

  • Personal data should be processed fairly and lawfully

  • Data should be collected for a clear purpose

  • Collection should be adequate for that purpose

  • Data shouldn’t be kept for too long

  • People supplying data should understand their rights

 

This policy is designed to mitigate risks that might result from data breaches. Through the implementation of this policy, in its entirety, Bearwood Community Hub seeks to reduce the risk that:-

  • Consent is not informed when data is collected ensuring that individuals know the purpose of data collection

  • Breaches of confidentiality occur and that the only people, within the company that have access to data, are appropriate for the agreed processing

  • Data is not being maintained in a secure environment to stop loss or theft.

Policy Scope

This policy applies to:-

  • The board

  • All offices within the company

  • All employed staff

  • Any person acting under contract to the company

  • Any person acting in a volunteer capacity for the company

 

The policy applies to all information/data that is collected by the company and is not restricted to electronic information. The range of information collected by the company is contained within the data schema attached within Appendix 1.

 

The policy also applies to data that is not obtained through direct contact with individuals. For example, this could be data that comes into the company’s possession through the operation of a contract or through a transaction with a third-party organisation. All data obtained in such a manner will be treated in the same way as that obtained directly from individuals and the company will not assume that consent for processing activities have been secured by third party organisations.

Policy Scope

This policy applies to:-

  • The board

  • All offices within the company

  • All employed staff

  • Any person acting under contract to the company

  • Any person acting in a volunteer capacity for the company

 

The policy applies to all information/data that is collected by the company and is not restricted to electronic information. The range of information collected by the company is contained within the data schema attached within Appendix 1.

 

The policy also applies to data that is not obtained through direct contact with individuals. For example, this could be data that comes into the company’s possession through the operation of a contract or through a transaction with a third-party organisation. All data obtained in such a manner will be treated in the same way as that obtained directly from individuals and the company will not assume that consent for processing activities have been secured by third party organisations.

bottom of page