In our mission to eradicate street-harassment across the UK, we inevitably collect and process some personal data. This document explains our data protection policy, what information we collect, how it’s used, and how it can be managed or deleted inline with UK GDPR regulations.
Definition of Terms:
Personal Data: AHC defines personal data as information about an individual which is identifiable as being about them. This includes basic data such as name, address, emails or telephone numbers as well as photographs of individuals.
Sensitive Data: AHC defines sensitive data as information about an individual that is identifiable but is more complex. This includes information such as their race, ethnicity, gender, sexuality, criminal record, employment history and health information.
Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.
Overall and final responsibility for data protection lies with AHC core committee, who are responsible for overseeing activities and ensuring this policy is upheld.
All volunteers and group members are responsible for observing this policy, and related procedures, in all areas of their work for the group. If they encounter a breach of policy they must raise it with the core committee, in writing to the firstname.lastname@example.org
Overall policy statement
AHC needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities.
We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.
We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
We will only collect, store and use data for:
purposes for which the individual has given explicit consent, or
purposes that are in our our group’s legitimate interests (such as members contact details), or
contracts with the individual whose data it is, or
to comply with legal obligations, or
to protect someone’s life, or
to perform public tasks.
We will provide individuals with details of the data we have about them when requested by the relevant individual.
We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.
We will endeavor to keep personal data up-to-date and accurate.
We will store personal data securely.
We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.
We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported by AHC to the Information Commissioner’s Office within 72 hours, and to the individual concerned.
To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.
This policy will be reviewed every two years.
Data protection procedures
In order to help us uphold AHC’s data protection policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.
Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored online in a third party website (e.g. Google Drive) we will ensure the third party comply with the GDPR.
When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that any paper data is shredded.
We will keep records of consent given for us to collect, use and store data. These records will be stored securely.
We may choose to maintain a mailing list in the future. This will include the names and contact details of people who wish to receive updates, publicity and fundraising appeals from AHC.
When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give separate consent to receive publicity and fundraising messages, and will only send them messages which they have expressly consented to receive.
We will not use the mailing list in any way that the individuals on it have not explicitly consented to.
We will provide information about how to be removed from the list with every mailing.
We will use mailing list providers who store data in accordance with UK GDPR guidelines.
From time to time, individuals contact the Group to ask us to help them resolve an issue they are having with their health, the council, or police in relation to an incident of harassment.
We will request explicit written consent before sharing any personal details with the council or any other relevant third party.
We will not keep information relating to an individual’s personal situation for any longer than is necessary for the purpose of providing them with the support they have requested.
Personal data relating to trauma or therapy related issues will be stored securely by a member of the well-being committee, and not shared among the rest of the committee or with other volunteers unless necessary for the purpose of providing the support requested.
Details relating to an individual’s circumstances will be treated as strictly confidential.
We make and sell tote bags, t-shirts and badges featuring our logo, hashtags and prints from local artists.
To order merchandise, people complete an order form on our website, which includes providing a name and address for the items to be delivered to.
When ordering, people will be asked if they wish to be added to our mailing list. If they do not opt to be on the mailing list, their details will be deleted within one month of processing their order, and will not be used for any purpose other than communicating with them about their order.
Local people may volunteer for AHC in a number of ways.
We will maintain a list of contact details of our recent volunteers. We will share volunteering opportunities and requests for help with the people on this list.
People will be removed from the list if they have not volunteered for the group for 12 months.
When contacting people on this list, we will provide a privacy notice which explains why we have their information, what we are using it for, how long we will keep it, and that they can ask to have it deleted or amended at any time by contacting us.
To allow volunteers to work together to organise for the group, it is sometimes necessary to share volunteer contact details with other volunteers. We will only do this with explicit consent.
Contacting committee members
The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met.
Committee contact details will be shared among the committee.
Committee members will not share each other’s contact details with anyone outside of the committee, or use them for anything other than Anti-Harassment Club business, without explicit consent.