GDPR Privacy Statement
North Wales Society for the Blind (NWSB) is committed to ensuring that your personal data is held in accordance with the law. For the purposes of the act:
- The Data Controller is NWSB – a charity registered in Wales under registration
- number1143368 . Our address is 325 High Street Bangor Gwynedd LL571YB.
- If you want to request your information please contact the Chief Executive, at the above address
- Personal data on individuals is held either to allow us to provide our services, or because we are required to do so by law, or with your consent (for example for fundraising or marketing purposes).
- Personal data is held in accordance with the Data Protection principles below, and for the reasons specified
- If at any point you are concerned that we are not complying with Data Protection rules you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
Data Protection Principles
We endorse and adhere to the principles of the Data Protection Act 2018 which specify that data must:
- be fairly and lawfully processed;
- be obtained for a specified and lawful purpose and not be processed in any manner incompatible with that purpose;
- be adequate, relevant and not excessive for those purposes;
- be accurate and, where necessary, kept up to date;
- only be kept for as long as necessary for the purpose for which it was obtained;
- be processed in accordance with the data subject’s rights;
- be kept secure from unauthorized or unlawful processing and protected;
- not be transferred to a country or territory outside the European Union without adequate protection.
Handling of Personal/Sensitive Information
NWSB will, through appropriate management and the use of strict criteria and controls:-
- Observe fully the conditions concerning the fair collection and use of personal information;
- Specify the purpose for which information is used;
- Collect and process information only to the extent that it is needed to fulfil operational needs or legal requirements;
- Ensure that data is only passed to a third party where there is a legitimate or lawful reason for doing so (for example, passing bank details to our payroll bureau in order to pay staff; passing service user details to a local authority as part of our contract with them)
- Endeavour always to ensure the quality of information used;
- Not keep information for longer than required operationally or legally;
- Always endeavour to safeguard personal information by physical and technical means (i.e. keeping paper files and other records or documents containing personal/sensitive data in a secure environment; protecting personal data held on computers and computer systems by the use of secure passwords which, where possible, are changed periodically and ensuring that individual passwords are not easily compromised);
- Ensure that personal information is not transferred abroad without suitable safeguards;
- Ensure that the lawful rights of people about whom the information is held can be fully exercised.
- Ensure that CCTV images, if applicable, are used solely for the purposes of safety and security
In addition, NWSB will ensure that:
- There is a designated person with specific responsibility for data protection in the organisation.
- Reasonable steps are taken to ensure the reliability of employees having access to personal information;
- All staff managing and handling personal information understand that they are contractually responsible for following good data protection practice;
- All staff managing and handling personal information are appropriately supervised and made aware of their legal responsibilities;
- Computer terminals are placed in such a way that screens displaying personal information are not in public view and cannot be seen by passers-by;
- That laptops and other portable devices are protected so that information cannot be accessed if they are lost or stolen;
- A clear procedure is in place for anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public and that such enquiries are promptly and courteously dealt with;
- Methods of handling personal information are regularly assessed and evaluated;
By law NWSB has to provide employee liability information to any organisation that employees are transferred to in line with the Transfer of Undertakings Regulations (TUPE).
NWSB does not use automated software for decision-making processes (e.g. sifting for recruitment or volunteers)
Access to Personal Data
All individuals who are the subject of personal data held by us are entitled to:
- Ask what information we hold about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Have inaccurate personal data corrected or removed
- Prevent us from processing information or request that it is stopped if the processing of such data is likely to cause substantial, unwarranted damage or distress to the individual or anyone else
- Be informed of what we are doing to comply with our obligations under the DPA
This right is subject to certain exemptions which are set out in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing to the Chief Executive
There is no fee payable for each subject access request. If personal details are inaccurate, they will be amended upon request. If by providing this information we would have to disclose information relating to or identifying a third party, we will only do so provided the third party gives consent, otherwise we may edit the data to remove the identity of the third party.
We aim to comply with requests for access to personal information as quickly as possible but will ensure it is provided within 30 days of receipt of a written request.
We are entitled to refuse to comply with a subject access request if you make repeated, unfounded or excessive requests.
Personal information will only be released to the individual to whom it relates. The disclosure of such information to anyone else without their consent may be a criminal offence. Any employee who is in doubt regarding a subject access request should check with the Chief Executive. Information must under no circumstances be sent outside of the UK without the prior permission of the Chief Executive.