Coram’s Fields recognises the importance of demonstrating our compliance with Data Protection Legislation by aiming to meet service users, supporters and staff expectations on the security and use of their personal information.
Our success is dependent on the quality of our reputation and the trust that all those involved or working for us have in the way we conduct ourselves. We are committed to doing our very best to ensure the security of our website and the confidentiality of all the personal records we hold.
We only collect information that is voluntarily provided by these groups and visitors to our website, which only recognises a domain name and not email addresses. Personal information will only be seen if an online or other form is completed.
A. What Is Personal Data?
Personal data is all information concerning or relating to any living individual. This includes personal data held in electronic records and also in manual records (e.g., paper files, microfilm and other media). This applies to personal data held not only by us but also to personal data held or processed on our behalf by third parties.
B. Our commitment to each of the Data Protection Principles is as follows:
- We will process personal data in a lawful and fair way, so that those whose personal information is collected will have it used in a transparent way, with a clear explanation available for its use.
- Our Annual Notification to the Information Commissioner’s Office (ICO) will be checked to ensure that it represents our current use of personal information. An audit will be carried out each year to achieve this.
- No data will be used for purposes other than those notified to the ICO. In the event that there is a requirement to change the usage of the data, all those about whom the data is held will be informed and given the opportunity to consent to this amendment.
- Personal information will be adequate, relevant, and not excessive for the purpose for which it is processed. Sufficient data will be obtained for clarity of recognition and to undertake the required administration of personal records. We will only hold the minimum personal details required to achieve this.
- Every effort will be made to keep records accurate and where necessary updated.
- Updates of user and supporter records usually will be made within 28 days of change notification.
- In general, all personal information records will be retained for 6 years, with any exceptions detailed in our Retention Policy.
- We give data security the highest priority so that appropriate measures are in place to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
C. Good Practice
- Personal information will only be processed when necessary.
- Individuals whose information is obtained will be informed of the purpose for which their data is held.
- Records will be kept of the categories of personal and sensitive data processed.
- Individuals about whom data is held have the right of ‘subject access’ to see and/or amend any relevant errors or omissions.
D. The Rights of Data Subjects
- The right to make subject access requests about their personal data which is held and to rectify any errors/omissions.
A data subject will be entitled to the following:
- A copy of his/her personal data
- The purpose of processing the data
- The organisations to whom we disclose data
- A copy of recorded opinions about him/her, unless given in confidence
2. Any such information to be made available within one month of the original request. No charge can be made for this provision. The request must be made on our form for this.
Consent for the processing of personal information will be:
- Freely given
This can be provided in a written statement, or by affirmative action such as an online tick box offering an opt-in facility.
Consent can be withdrawn at any time.
We will provide an opt-out facility for supporters to stop postal mailings
and an opt-in one to indicate their agreement to receive email communication.
F. Data retention and disposal
This is determined on the basis of necessity and is documented in the Data Retention Policy.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
– Strictly necessary cookies. These are cookies that are required for the operation of the site. They include, for example, cookies that enable you to log into secure areas of the site e.g. online donations.
– Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way the site works, for example, by ensuring that users are finding what they are looking for easily.
– Functionality cookies. These are used to recognise you when you return to the site. This enables us to personalise its content for you, greet you by name and remember your preferences
– Targeting cookies. These cookies record your visit to the site, the pages you have visited and the links you have followed.
Should you wish to block, delete or deactivate cookies, you will be required to do so at device level. You can do this by amending the settings on your browser. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Site.
H. Future Policy
Whilst we do not envisage any alterations to this Policy, should circumstances, legislation or technology change, the Charity may need to update this. In such an event, any revisions will be posted on the website and staff will receive adequate briefing of any revisions.
These should be addressed to the Data Protection Officer:
Coram’s Fields, 93 Guilford Street, London, WC1N 1DN
In the event that a complaint is not dealt with satisfactorily, the matter can be made to the Information Commissioner’s Office:
Wycliffe House, Water Lane, Wilmslow SK9 5AF