Data protection policy

Effective 25 May 2018

This policy document explains how Banbury Food for Charities collects personal information, how it is used and stored and how we respond to enquiries.

Overview

Banbury Food For Charities (BFFC)’s volunteers collect excess food from supermarkets and delivers this to Charities within Banbury. Thus BFFC holds personal and operational information of volunteers, food suppliers and client Charities. We also hold information about occasional donors and Trustees which is retained in accordance with UK Legislation.

Roles and Access to Personal Data

The Administration Trustee acts as Data Controller and oversees collection, use and protection of personal information and personal information rights. Requests to access, update, correct, restrict personal date held should be addressed to the Data Controller at the Charity registered address.

Due to simplicity and size of the business structure, The Trustees have decided not to appoint a separate Data Protection Officer.

Personal Data Held

BFFC collects personal information from volunteers when they complete and sign a Volunteer Agreement Form consisting of name and contact details. This data is retained on paper and on excel spreadsheet.

Supplier information consists of contact details necessary for the purpose fulfilling our contracts to collect excess food and is provided by suppliers to enable BFFC operations. This data is retained on paper and on excel spreadsheet.

Charity information has been collected from own web pages and by a completed and signed Donation Agreement and is used to fulfil those Agreements and to enable BFFC operations. This data is retained on paper and on excel spreadsheet.

Personal Donor information is retained on paper and in accordance with UK legislation for HMRC.

Personal Trustee information is retained on paper and in accordance with UK legislation for the Charity Commission.

Use of Personal Data

Personal data is not shared outside BFFC and is used purely to achieve BFFC operational objectives: i.e. enabling collections and deliveries, disseminating internal news, rotas and round information. Personal data is not used for fund raising.

Consent

Volunteers have the right to access, correct, delete and restrict personal information used.

Volunteers have agreed to share e-mail addresses to enable collection/delivery information sharing and rota amendments and this specific permission is included on Volunteer Agreement Form.

The Volunteer Agreement Form is reviewed and checked by volunteers annually. Return of completed agreements monitored. This data is retained on paper and on excel spreadsheet.

Photographs are used purely for BFFC promotion and with the permission of subjects.

Risks

Risks assessed as low impact with low likelihood of breach of contact information. No health, age or attitudinal data is held. Volunteers agree not to pass on any volunteer’s details to third parties without specific permission.

Security of Data

Excel spreadsheets, emails, rotas and rounds are held in UK on a standalone anti-virus and password protected PC and backed up to USB drive regularly. USB and original documents are retained by Data Controller at UK occupied premises.

Retention of Data

Personal data of Volunteers is retained for 3 years after cessation of involvement in BFFC. This is in case of query or request for references.
Replaced contact details of Charities or suppliers are deleted immediately.
Personal Trustee, Financial and Donor details are retained in accordance with UK legislation.

Breaches and Complaints

Individuals have the right to object to how BFFC processes personal information and to complain to both BFFC and the data protection regulator.

The Data Controller holds records of any data breaches or complaints.

As at 1 April 2018 there are neither.