Privacy Policy

Review Frequency: Annually

Date of last review: August 2024

Date of next review: August 2025

Privacy Policy

1. Aims

At Happyfields Animal Sanctuary, we aim to ensure that all data collected is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 which came into force on 25th May 2018.

This policy applies to all personal data, regardless of whether it is in paper or electronic format.

2. Legislation and Guidance

This policy meets the requirements of the General Data Protection Regulation (GDPR), and is based on guidance published by the Information Commissioner’s Office and model privacy notices published by the Department for Education.

3. Definitions

Term Definitions

Personal data Data from which a living person can be identified, including data that, when combined with other readily available information, leads to a person being identified.

Sensitive personal data

Data such as:

• Contact details

• Racial or ethnic origin

• Political opinions

• Religious beliefs, or beliefs of a similar nature

• Where a person is a member of a trade union

• Physical and mental health

• Sexual orientation

• Whether a person has committed, or is alleged to have committed, an offence

• Criminal convictions

Processing Obtaining, recording or holding data

Data subject The person whose personal data is held or processed

Data controller

A person or organisation that determines the purposes for which, and the manner in which, personal data is processed

Data processor

A person, other than an employee of the data controller, who processes the data on behalf of the data controller

4. The Data Controller

Our charity processes personal information relating to visitors and is therefore a data controller. Our charity delegates the responsibility of data controller on a day-to-day basis to administration staff.

5. Data Protection Principles

The GDPR is based on the following data protection principles or rules for good data handling. Data will be:

● processed lawfully, fairly and in a transparent manner in relation to individuals

● collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes will not be considered to be incompatible with the initial purposes

● adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

● accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

● kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals and

● processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or

organisational measures

6. Roles and responsibilities

The Trustees Partners have overall responsibility for ensuring that the charity complies with its obligations under the GDPR. Day-to-day responsibilities rest with the Trustees. The Trustees will ensure that all volunteers are aware of their data protection obligations and oversee any queries related to the storing or processing of personal data.

Trustees are responsible for ensuring that they collect and store any personal data in accordance with this policy. Volunteers must also inform the charity of any changes to their personal data, such as a change of address.

We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected. We will not share information about staff with third parties without consent unless the law allows us to.

Where a data subject challenges the accuracy of his/her data the sanctuary will correct the records. In the case of any dispute, we will try to resolve the issue informally, but if this proves impossible, disputes will be referred to the ombudsman.

7. Storage of records:

● Paper-based records and portable electronic devices, such as laptops and hard drives, that contain personal information are kept under lock and key when not in use

● Papers containing confidential personal information should not be left out where there is general access

● Passwords that are at least 8 characters long containing letters and numbers are used to access computers, laptops and other electronic devices. Trustees and volunteers are Required to change their passwords at regular intervals

● Encryption software is used to protect all portable devices and removable media, such as laptops and USB devices

● Staff, students or governors who store personal information on their personal devices are expected to follow the same security procedures for school-owned equipment

8. Disposal of Records

Personal information that is no longer needed, or has become inaccurate or out of date, is disposed of securely. For example, we will shred or incinerate paper-based records, and override electronic files.

9. Training

Trustees and Volunteers will be provided with data protection training as part of their induction process and this is refreshed annually each September. Data protection will also form part of continuing professional development, where changes to legislation or the school’s processes make it necessary.

10. Monitoring Arrangements

The Charity Trustee is responsible for monitoring and reviewing this policy.

This document will be reviewed when the General Data Protection Regulation comes into force, and then every year At every review, the policy will be shared with the trustees and volunteers.

11. Refunds

Due to the nature of our services, we are unable to offer refunds for donations made. We will however look at each individual case independently if a genuine error has been made during the donation process.

12. Contact us

For any further clarification on our refund policy please write to us at [email protected] with your details