General Data Protection Regulation Policy

Overview
We are committed to protecting your right to privacy and to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable physical, digital and managerial procedures to safeguard and secure the information we collect.
.
We will always adhere to the Data Protection Act 1998 (UK) and any other applicable data protection laws, such as the GDPR 2018, in relation to our use of your information.
.
.
Information that we collect
We collect information about users to continually help improve our service.
.
To operate effectively and fulfil its legal obligations, our Charity needs to collect, maintain and use certain personal information about current, past and prospective Members, Suppliers and other individuals with who we have dealings.  All such personal information, whether held on computer, paper or other media, will be obtained, handled, processed, transported and stored lawfully and correctly, in accordance with the safeguards contained in both the Data Protection Act 1998 and GDPR 2018.
.
We are committed to the eight principles of data protection as detailed in the Data Protection Act 1998. These principles require that personal information must:
.

  • Be fairly and lawfully processed and not processed unless specific conditions are met.
  • Be obtained for specified, lawful purposes and not processed in any manner incompatible with those purposes.
  • Be adequate, relevant and not excessive for the purposes.
  • Be accurate and, where necessary, kept up to date.
  • Not be kept for longer than is necessary.
  • Be processed in accordance with the data subject’s rights under the DPA.
  • Be secure from unauthorised/unlawful processing and protected against accidental loss, destruction or damage.

.
Not to be transferred to countries outside the European Economic Area, unless the country or territory ensures adequate protection for the rights and freedoms of the data subjects.
.
.
How we use information that we collect
We may use the information we collect from you to fulfil your requests and contact you.
.
When you contact us, we keep a record of your communication to help solve any issues you might be facing. We may use your email address if you show interest in our services to inform you about our services, such as letting you know about upcoming events or improvements in your Membership.
.
.
How long will we store your data?
When Maidstone Mencap Charitable Trust Limited receives/provides any payment for the supply of goods or services, we are required under UK tax laws to keep your basic personal data (name, address, contact details) for a minimum of 6 years (after 12 months paper copies will be securely destroyed/shredded). A digital copy of our transaction will be archived on our computer system for reference or tax investigation purposes.
.
.
Protecting personal information
To the extent that sensitive personal data is processed about you, we will employ appropriate security measures given the nature of that data.
.
Where we collect information about children we will always get the consent of their parents before giving out any personal information or using our services.
.
We only provide certain employees with access to customer data and ensure that these employees are contracted to do so under relevant data protection policies.  Breach of these policies is regarded as a disciplinary offence and will be dealt with under formal disciplinary procedures.
.
.
Information that we share
We may need to disclose your data to appropriate persons where required or permitted by law (For example, to enforcement authorities in relation to the investigation of a suspected criminal offence or in a medical emergency and to the HMRC if you have elected to gift aid your donation or subscription).
.
.
Access to your personal information
You can submit for the removal, update or a request of your personal information we hold about you at any time by contacting us in writing (letter or email).