{"id":272,"date":"2022-03-29T15:12:17","date_gmt":"2022-03-29T15:12:17","guid":{"rendered":"https:\/\/chirp.srgry.com\/?page_id=272"},"modified":"2022-07-25T10:42:45","modified_gmt":"2022-07-25T10:42:45","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\n<p><strong>INTRODUCTION<\/strong><br><br>The CHIRP Charitable Trust holds personal data in the form of names, addresses and contact details of members of the Trust, reporters and recipients of FEEDBACK.\u00a0 We are required to ensure compliance with the EU General Data Protection Regulations (GDPR), which are designed to ensure more robust security and more transparency in the use of personal data.<br><br>The GDPR places specific legal obligations on CHIRP. \u00a0We will have legal liability if we are responsible for a breach of confidential data. Members, reporters and recipients of FEEDBACK newsletters have a right to request sight of the data we hold on them, how it is used and, if necessary, to request that data is removed from our systems.<br><br><strong>OVERALL POLICY<\/strong><br><br>CHIRP\u2019s policy is to hold the minimum amount of data necessary to operate an independent confidential reporting programme.\u00a0 Data on members of the Trust are held for the duration of membership and contact details for recipients of FEEDBACK are held until a reader unsubscribes.\u00a0 Data on reporters is held until the case file is closed, at which point the data is erased within 30 days.\u00a0 \u00a0<br><br>For the most part, CHIRP operates a \u2018paperless office\u2019 in a serviced office building with controlled access. Clear desk procedures and lockable security containers provide physical security.\u00a0 Electronic data is held at a remote site using industry standard security procedures. CHIRP will promptly inform anyone affected should any breach occur.\u00a0<br><br>CHIRP will not circulate any personal information to third parties without prior consent.<br><br><strong>WHAT WE HOLD<\/strong><br><br>We currently hold data which is pertinent to GDPR in 4 areas:<br><br>Members of the Trust (Trustees and Advisory Board Members)<br><br>Names, addresses and contact details are held electronically.\u00a0 Career profiles and photographs of the Trustees are held and posted on the CHIRP website. Personal bank account details are held for some Trustees.\u00a0 Dates of birth are held for Trustees whose duties include operating the Trust\u2019s bank accounts.\u00a0 The names of the Trustees are also held in hard copy on annual audit reports.<br><br>Reporters personal details provided in reports<br><br>Reports submitted to CHIRP include personal details: name, address, email address and phone number.\u00a0<br>The majority of reports are received electronically.\u00a0 Reports received in hardcopy are scanned for processing electronically and the hard copy destroyed.\u00a0 Personal details are only kept whilst the report is open and are deleted on closing; report data and correspondence with reporters are disidentified of personal information for storage in the database.\u00a0 \u00a0<br><br>Reporter\u2019s personal information is not shared with anyone outside of the CHIRP salaried staff and contractors without the reporter\u2019s specific permission.\u00a0<br><br>Address lists for emailing FEEDBACK<br><br>FEEDBACK is mailed electronically to lists of licence holders provided by the CAA.\u00a0 Licence holders opt in to receiving FEEDBACK (3rd party safety information) by ticking a box on their licence applications to the CAA.\u00a0 The lists are e-mailed to CHIRP in encrypted format and deleted after the details have been uploaded to MailChimp for distribution.\u00a0\u00a0<br><br>FEEDBACK is also e-mailed to anyone who asks to be added to the distribution list.\u00a0 E-mail addresses of these recipients are stored electronically by CHIRP.\u00a0\u00a0<br><br>Comments on FEEDBACK are encouraged. Personal details of commentators are deleted after the comment has been relayed to the relevant Advisory Board and a reply sent to the commentator.\u00a0<br><br>Employee Information<br><br>CHIRP holds the names, addresses, contact numbers and e-mails, ages, bank details, tax and salary information, as well as working records, for members of staff and contractors. The information is accessible<br>only by the Chief Executive and Administration Manager.\u00a0\u00a0<br><br>It is noted too that every staff member and contractor holds personal information which comes under the jurisdiction of the GDPR, in the form of e-mails and transactional records. All staff and contractors are required to read and sign a security brief annually. \u00a0All e-mails contain a standard confidentiality notice.<br><br><\/p>\n\n\n\n<p><strong>OVERSIGHT<\/strong><br><br>The GDPR requires that public authorities and large-scale data processing organisations designate a Data Protection Officer to take responsibility for data protection compliance. The size and structure of CHIRP does not justify a dedicated post. However, data security has been identified as a risk for the Trust. The Trustees review this risk and the procedures for protecting against it annually.&nbsp;<br>&nbsp;<\/p>\n\n\n\n<p><strong>PRIVACY<\/strong><br><br>Members of the Trust who meet regularly.&nbsp; Nevertheless, the privacy of members will be protected by using the BCC facility on e-mail distributions for meetings.&nbsp; &nbsp;&nbsp;<br><br><strong><\/strong><\/p>\n\n\n\n<p><strong>INDIVIDUALS\u2019 RIGHTS<\/strong><br><br>The GDPR includes the following rights for individuals: The right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision-making including profiling.<br><br>We are confident that current CHIRP procedures fulfil the GDPR and we do not operate any data profiling processes. We will regularly review our procedures to ensure they cover areas such as the deletion of personal data and will provide individuals with the data we hold on them, if requested, in electronic format. The Chief Executive will make any final decisions about deletion or release of information.<br><br>The demonstration of the Right to Be Informed will be fulfilled by a MailChimp distribution. This CHIRP data policy will also be available on the CHIRP website.&nbsp; Any further updates will be communicated in a similar manner.&nbsp;<br><br><strong><\/strong><\/p>\n\n\n\n<p><strong>SUBJECT ACCESS REQUESTS<\/strong>\u00a0<br><br>We acknowledge that individuals have a right to seek access to information held in CHIRP databases or if they think there is a problem with the way we are handling their data. We will comply with any such request within the new statutory one month period. However, we can refuse or charge for requests that are manifestly unfounded or excessive.\u00a0<br><br>Individuals will have the right to have their personal data deleted when they believe it is being held without a practical or lawful basis.\u00a0 If we refuse a request, we must tell the individual why and that they have the right to complain to the ICO and to seek a judicial remedy. We must do this, at the latest, within one month.<br><br><\/p>\n\n\n\n<p><strong>CHILDREN<\/strong><br><br>There is a requirement to put systems in place to verify individuals\u2019 ages and to obtain parental or guardian consent for any data processing activity. This is unlikely to affect CHIRP.\u00a0\u00a0<br><br><\/p>\n\n\n\n<p><strong>DATA PRIVACY IMPACT ASSESSMENT (DPIA)<\/strong>&nbsp;<br><br>CHIRP systems, using remote offsite servers fulfil the GDPR recommended \u2018privacy by design\u2019 approach. \u2018Data Protection Impact Assessments\u2019 will be carried out if a new technology is being deployed; or if there<br>is processing on a large scale of the special categories of data held. While this is unlikely to directly affect CHIRP, we will work with our IT contractors to ensure that awareness of this is included in any future development programmes.<br><br><br><strong>BREACHES OF DATA<\/strong><br><br>Should we become aware of any personal data breach, we will notify members, reporters, recipients of FEEDBACK, staff members and contractors rapidly as possible, notifying the ICO if a breach is likely to result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage to those concerned.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>INTRODUCTION The CHIRP Charitable Trust holds personal data in the form of names, addresses and contact details of members of the Trust, reporters and recipients of FEEDBACK.\u00a0 We are required to ensure compliance with the EU General Data Protection Regulations (GDPR), which are designed to ensure more robust security and more transparency in the use [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"CBBTypography":[],"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"sector":[],"class_list":["post-272","page","type-page","status-publish","hentry"],"acf":[],"mb":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Privacy Policy - CHIRP<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/\" \/>\n<meta property=\"og:locale\" content=\"ar_AR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Policy - CHIRP\" \/>\n<meta property=\"og:description\" content=\"INTRODUCTION The CHIRP Charitable Trust holds personal data in the form of names, addresses and contact details of members of the Trust, reporters and recipients of FEEDBACK.\u00a0 We are required to ensure compliance with the EU General Data Protection Regulations (GDPR), which are designed to ensure more robust security and more transparency in the use [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"CHIRP\" \/>\n<meta property=\"article:modified_time\" content=\"2022-07-25T10:42:45+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/\",\"url\":\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/\",\"name\":\"Privacy Policy - CHIRP\",\"isPartOf\":{\"@id\":\"https:\/\/chirp.co.uk\/ar\/#website\"},\"datePublished\":\"2022-03-29T15:12:17+00:00\",\"dateModified\":\"2022-07-25T10:42:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/#breadcrumb\"},\"inLanguage\":\"ar\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/chirp.co.uk\/ar\/privacy-policy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/chirp.co.uk\/ar\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/chirp.co.uk\/ar\/#website\",\"url\":\"https:\/\/chirp.co.uk\/ar\/\",\"name\":\"CHIRP\",\"description\":\"Confidential Human Factors Incident Reporting Programme\",\"publisher\":{\"@id\":\"https:\/\/chirp.co.uk\/ar\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/chirp.co.uk\/ar\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ar\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/chirp.co.uk\/ar\/#organization\",\"name\":\"CHIRP\",\"url\":\"https:\/\/chirp.co.uk\/ar\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/chirp.co.uk\/ar\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/chirp.co.uk\/app\/uploads\/2024\/07\/chirp-logo-blue.svg\",\"contentUrl\":\"https:\/\/chirp.co.uk\/app\/uploads\/2024\/07\/chirp-logo-blue.svg\",\"caption\":\"CHIRP\"},\"image\":{\"@id\":\"https:\/\/chirp.co.uk\/ar\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy Policy - CHIRP","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/","og_locale":"ar_AR","og_type":"article","og_title":"Privacy Policy - CHIRP","og_description":"INTRODUCTION The CHIRP Charitable Trust holds personal data in the form of names, addresses and contact details of members of the Trust, reporters and recipients of FEEDBACK.\u00a0 We are required to ensure compliance with the EU General Data Protection Regulations (GDPR), which are designed to ensure more robust security and more transparency in the use [&hellip;]","og_url":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/","og_site_name":"CHIRP","article_modified_time":"2022-07-25T10:42:45+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/","url":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/","name":"Privacy Policy - CHIRP","isPartOf":{"@id":"https:\/\/chirp.co.uk\/ar\/#website"},"datePublished":"2022-03-29T15:12:17+00:00","dateModified":"2022-07-25T10:42:45+00:00","breadcrumb":{"@id":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/#breadcrumb"},"inLanguage":"ar","potentialAction":[{"@type":"ReadAction","target":["https:\/\/chirp.co.uk\/ar\/privacy-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/chirp.co.uk\/ar\/privacy-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/chirp.co.uk\/ar\/"},{"@type":"ListItem","position":2,"name":"Privacy Policy"}]},{"@type":"WebSite","@id":"https:\/\/chirp.co.uk\/ar\/#website","url":"https:\/\/chirp.co.uk\/ar\/","name":"CHIRP","description":"Confidential Human Factors Incident Reporting Programme","publisher":{"@id":"https:\/\/chirp.co.uk\/ar\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/chirp.co.uk\/ar\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ar"},{"@type":"Organization","@id":"https:\/\/chirp.co.uk\/ar\/#organization","name":"CHIRP","url":"https:\/\/chirp.co.uk\/ar\/","logo":{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/chirp.co.uk\/ar\/#\/schema\/logo\/image\/","url":"https:\/\/chirp.co.uk\/app\/uploads\/2024\/07\/chirp-logo-blue.svg","contentUrl":"https:\/\/chirp.co.uk\/app\/uploads\/2024\/07\/chirp-logo-blue.svg","caption":"CHIRP"},"image":{"@id":"https:\/\/chirp.co.uk\/ar\/#\/schema\/logo\/image\/"}}]}},"wpml_current_locale":"en_UK","wpml_translations":[],"mfb_rest_fields":["title","yoast_head","yoast_head_json","wpml_current_locale","wpml_translations"],"_links":{"self":[{"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/pages\/272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/comments?post=272"}],"version-history":[{"count":0,"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/pages\/272\/revisions"}],"wp:attachment":[{"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/media?parent=272"}],"wp:term":[{"taxonomy":"sector","embeddable":true,"href":"https:\/\/chirp.co.uk\/ar\/wp-json\/wp\/v2\/sector?post=272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}