Find out all the places in Gateshead which provide free or cheap food

Data Protection

Data Protection Policy

Download: Data Protection Policy

Introduction

Gateshead Foodbank is registered with the Information Commissioner as a controller ZA152053 and is governed by the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).

Who this policy applies to

Gateshead Foodbank employees, volunteers, trustees, and contractors are required to adhere to this policy which is designed to protect the personal data of data subjects – our beneficiaries, supporters, volunteers, employees, and trustees.

Written data protection guidance is provided to help staff and volunteers comply with this policy and relevant data protection legislation in the document titled “Understanding Your Responsibilities For Data Protection”.

Key definitions 

Data protection law applies to how we process people’s personal information. The key terms that we need to understand are:

Controller – Gateshead Foodbank is a controller as it collects and decides how personal information will be used.

Principles – These are the rules that we must follow when processing personal information

Processing – This is what we do with personal information. It includes how we collect, record, store, share and use personal information

Personal information – This includes personal data and special category personal data

Personal data – This is information that can be used to identify a person. Held in computer systems, mobile devices, laptops, tablets, or in manual records such in paper files and notebooks.

Personal data might include but is not limited to; name, address, date of birth, bank account details, interests.

It may also includes opinions about a person.  For example, notes on how you think someone has behaved, performed or appears

Special category personal data – this is information about a person’s health, religion, political opinion, trade union membership, race or ethnic origin, sexuality

A data subject – this is the person whose personal information is being processed. For example, a supporter, employee, volunteer, trustee

A privacy notice – this is a short notice when we collect personal information from people to inform them how their personal information will be used and to look at our privacy policy for more detail

A privacy policy – this is how we inform people about how their personal information will be used. Gateshead Foodbank privacy policy is provided on our website: https://gateshead.foodbank.org.uk/data-protection/privacy-policy/

Data processor – this is an organisation that we use to process personal information on behalf of the organisation. For example, an IT service provider.

Information Commissioner’s Office (ICO) – this is the government body responsible for enforcing data protection law in the UK

Data protection principles

All staff and volunteers are responsible for complying with the principles of data protection legislation which states that personal information must be:

  1. Collected and processed in a fair, lawful and transparent way
  2. Used only for the reasons it was collected
  3. Relevant and not excessive
  4. Kept accurate and up to date, and corrected or deleted if there are mistakes
  5. Kept for no longer than it is needed
  6. Kept safe to protect it from being lost, stolen or used inappropriately
  7. Processed in accordance with people’s rights

In addition, the GDPR provides rules relating to the transfer of personal data to countries outside of the UK.

See Gateshead Foodbank’s data protection guidance “Understanding Your Responsibilities For Data Protection” for additional information about our data protection working practices.

Data subjects

Gateshead Foodbank’s data subjects include: Supporters, employees, volunteers, trustees and beneficiaries.

Data processing purposes

Gateshead Foodbank needs to process personal information about our different data subjects to:

  • Process donations and gift aid claims
  • Process legacies and pledges
  • Enable supporters to fundraise for us
  • Enable supporters to participate in events
  • Manage relationships with our supporters
  • Provide supporters with information about us and the work that we do
  • Manage marketing and communication preferences of our supporters
  • Provide support to people who need to use the food bank
  • Develop case studies and stories about our beneficiaries to promote and report on the work that we do
  • Recruit and employ members of staff
  • Recruit and manage volunteers
  • Fulfil our legal and governance obligations
  • Facilitate safeguarding and to comply with relevant legislation

Legal basis for processing personal information

Gateshead Foodbank’s legal basis for processing personal information is documented in detail in our ‘Record of Processing Activity’ which contains an inventory of all key personal data processing activities.

Personal information is processed for our legitimate interests, where appropriate with consent, and in order to meet our legal obligations.

Gateshead Foodbank may process some personal information based upon our legitimate interests. This is where the processing is required to fulfil our organisational objectives, is not to the detriment of our data subjects, and will not cause them damage or distress. We undertake Legitimate Interest Assessments to balance the rights and interests of our data subjects with that of Gateshead Foodbank in order to make a judgement as to whether the legitimate interest condition applies to our processing.

Responsibilities of staff and volunteers 

Gateshead Foodbank’s Data Protection Lead, Will Macdonald, who is also a Trustee, is required to:

  1. Provide compliance advice to staff
  2. Ensure that staff receive appropriate data protection training and guidance
  3. Ensure that Gateshead Foodbank’s data protection policies and documents are appropriate and up to date
  4. Be the focal point for the administration of any subject access requests
  5. Deal with data subject rights in relation to erasure, objection, restriction and rectification that staff feel unable to manage themselves
  6. Log and assess all personal data breaches
  7. Report applicable data breaches to the ICO within the statutory 72-hour time limit
  8. Renew, and ensure that Gateshead Foodbank’s controller registration with the ICO is accurate annually.
  9. Keep a central register of all organisations that Gateshead Foodbank shares personal information with
  10. Maintain and update the organisation’s Records of Processing Activity, Privacy Notices, and any associated data protection assessments (e.g., DPIAs or LIAs).
  11. Advise staff on the interpretation of this policy and guidelines and to monitor compliance with the policy.

All staff and volunteers are responsible for:

  1. Working in compliance with the data protection principles as set out in this policy and Gateshead Foodbank’s data protection guidance as set out in the document titled “Understanding Your Responsibilities For Data Protection”
  2. Ensuring that any personal information that they provide to Gateshead Foodbank in connection with their employment, volunteering or other contraction agreement is accurate
  3. Informing Gateshead Foodbank of any personal data breach which they become aware of immediately
  4. Responding to any data subject requests to erase, access, correct or object to the personal information held and processed by Gateshead Foodbank.

Gateshead Foodbank’s Data Protection Lead can be contacted on [email protected].

Data subject rights

Gateshead Foodbank respects the rights of its data subject including the right to:

  • To be informed – we do this by including appropriate privacy notice information when collecting personal information
  • Subject access – the right to view their personal information which we hold
  • Object and / or withdraw consent – where the processing of personal data could cause them significant damage or distress.
  • Rectification – we must correct any inaccurate or incomplete personal information when asked
  • Erasure – deletion or the removal of their personal information where there is no compelling reason for its continued processing

See Gateshead Foodbank’s data protection guidance set out in “Understanding Your Responsibilities For Data Protection” for information on how to respond to data subject rights.

Data security

It is the responsibility of all staff, contractors and volunteers authorised to access personal data processed by Gateshead Foodbank to ensure that data, whether held electronically or manually, is kept securely and not disclosed unlawfully, in accordance with this Policy and any associated policies. Unauthorised disclosure will usually be treated as a disciplinary matter and could be considered as constituting gross misconduct in some cases.

Where necessary, Gateshead Foodbank works with third party data processors to manage and maintain data. A list of these data processors is available at https://gateshead.foodbank.org.uk/data-protection/processors/

Policy awareness

Data protection awareness will be included as part of induction. Changes to policy on data protection policy or guidance will be circulated to all staff, contractors and volunteers. All staff, contractors and volunteers are expected to be familiar with and comply with the policy at all times.

Redress

Anyone who considers that this policy has not been followed in respect of personal data about themselves should raise the matter with the Data Protection Lead.

Status of this policy

This policy does not form part of the formal contract of employment, but it is a condition of employment that employees will abide by the rules and policies made by Gateshead Foodbank from time to time.

Compliance is the responsibility of all staff and volunteers. Any breach of this policy may lead to disciplinary action being taken, or even a criminal prosecution.

Any questions or concerns about the interpretation or operation of this policy should be taken up with the Data Protection Lead.

Back to Data Protection