Data Protection Policy

Henbury Millennium Green Trust
Registered Charity Number 1072953

Data Protection Policy
Date First Issued : 29/09/2018
Version: 4.0 Reviewed on 30/09/2019 and Issued on 09/10/2019
Last Updated By: J R Cousin
Review Date: Annually at the September Trust meeting

Contents
• Introduction
• Purpose
• Objectives
• Scope
Introduction
The nature of the Henbury Millennium Green Trust (HMGT) and the personal information it records means that it is exempt from Registration under the Data Protection Act 1998 and the European General Data Protection Regulation (GDPR) effective from 25th May 2018 as defined at ( Although exempt from registration, HMGT is committed to the lawful and correct treatment of any personal information and undertakes to comply fully with the data protection principles of good practice outlined in the GDPR, whether processed on paper or by computer. In addition to knowing what HMGT is doing to comply with data protection law, trustees, donors and volunteers are also entitled to know their rights under data protection law and how to use them.
Purpose
This policy supports HMGT compliance with its obligations as a Data Controller and where applicable, a Data Processor under data protection law. HMGT is responsible for, and must be able to demonstrate, compliance with the following
Data Protection Principles:
1. Personal information must be fairly and lawfully processed
2. Personal information must be processed for limited purposes
3. Personal information must be adequate, relevant and not excessive
4. Personal information must be accurate and up to date
5. Personal information must be secure
6. Personal information must not be kept for longer than is necessary
7. Personal information must be processed in line with the data subjects' rights

Objectives
HMGT will apply the Data Protection Principles and other requirements of data protection law to the management of all personal data throughout the information life cycle by adopting the following policy objectives.

Data are fairly and lawfully processed
This means that the HMGT will:
• Have legitimate grounds for collecting and using the personal data
• Data will only be used where either (a) the trustee , donor , volunteer or contact has given his or her consent, or
(b) it is necessary to pursue the legitimate interests of HMGT.
• Be transparent about how it intends to process or use the data, providing clear information when collecting it.
• Deal with trustees', donors', volunteers' or contacts' personal data only in ways they would reasonably expect
• Make sure HMGT does not do anything unlawful with the data
Data are processed for limited purposes
This means that:
• Data will only be used in connection with HMGT's activities in owning and maintaining Henbury Millennium Green in accordance with its Trust Deed Dated 1st September 1998.

Data are adequate, relevant and not excessive
• Personal data held by HMGT about a trustee or contact will be restricted to:-

Name
Address
Date of Birth (Trustees only)
Telephone number
Email address

• Financial data relating to gift aid and other donations will be retained as required by HMRC and for preparation of accounts.

Data are Accurate and kept up to date
This means that HMGT will:
• Take reasonable steps to ensure the accuracy of any personal data it obtains
• Ensure that the source of any personal data is clearly identifiable
• Review whether it is necessary to update the information

Data must be secure
This means that HMGT will:
• Hold computer data on securely protected computers and ensure that the data is non-recoverable from any PC or device that is to be passed on or sold.
• Hold paper data, for example volunteer lists, in a secure environment so that they cannot reasonably fall into unauthorised hands.

Data are not to be kept for longer than is necessary
This means that HMGT will:
• Regularly review the personal data held, and delete anything no longer needed. .
Data are processed in line with the data subjects' rights
This means that HMGT will:
• Not disclose personal data to any person or organisation outside the HMGT without the specific permission of the individuals concerned.
• Provide any trustee, donor, volunteer or contact who requests details of their personal data held by HMGT with a copy of their computer record.
• Be fully aware that it is strictly an offence for any personal data about a member to be given to another individual except for the purpose of conducting legitimate HMGT activities.
Scope:
This policy applies to all Trustees, donors, volunteers and contacts of HMGT.
This policy applies to all personal data created or received in the course of HMGT business in all formats. Personal data may be held or transmitted in paper and electronic formats.