INTRODUCTION
The CHIRP Charitable Trust holds personal data in the form of names, addresses and contact details of members of the Trust, reporters and recipients of FEEDBACK.
GDPR is designed to ensure robust security, transparency and accountability in the use of personal data. We are committed to all aspects of data protection and take our duties to comply with GDPR regulations seriously.
GDPR places specific legal obligations on CHIRP. We will have legal liability if we are responsible for a breach of confidential data. Members, reporters, recipients of FEEDBACK newsletters and anyone applying to CHIRP for a voluntary or paid role, have a right to request sight of the data we hold on them, how it is used and, if necessary, to request that data is removed from our systems.
WHY INFORMATION IS COLLECTED AND HELD
Personal Information is limited to that required to run the Trust including:
- Details for the various stakeholders – name, telephone, postal and e-mail address contact details.
- Staff and contractor information includes home address and payroll information.
- Details in order to process reports.
Whilst corporate contact details may be provided to process reports or share safety information, no further personal data is collected without the individual’s consent. Such data will be kept accurate and up to date whenever possible.
HANDLING OF INFORMATION
A data subject may e-mail mail@chirp.co.uk from the data subject’s email address for details of the information held. All data requests submitted will be dealt with promptly and the Data subject notified within one month of the outcome of the request. Requests can cover the following rights,
- To be informed
- Access
- Rectification
- Erasure
- Restricting processing
- Data portability
- Right to object
- Right to automated decision-making including profiling
No marketing information will be sent without consent.
Personal information will be held securely in accordance with Chirp’s confidentiality policy and Security Directive.
Information is processed with certain third parties for the purposes of running the charity. Information will not otherwise be transferred to third parties without consent except where there is a legal or statutory requirement to do so.
Data will be deleted when no longer required in line with CHIRP’s Records Retention policy.
Access to personal data is restricted to those who need it for the conduct of their job.
The GDPR policy documents the procedure to handle any breach of personal information including ensuring the Data subject is informed of any breach and action taken.
ENQUIRIES
For enquiries about CHIRP’s privacy policy please e-mail mail@chirp.co.uk