DATA PROTECTION POLICY
Contents
Introduction
Information covered by the Act
Data Protection Principles
Conditions
Individuals’ Rights
Legal Requirements
No commercial disposal to third parties
Our commitment to Data Protection
Further information
Introduction
In order to operate efficiently, we must collect information about people with whom we work or contact for the day to day running of our business. This may include current and past clients, members of the public, current, past and prospective employees, funded bodies and suppliers. In addition, we may be required by law to collect and use information in order to comply with the requirements of government bodies.
From 25th May 2018 this personal information must be handled, processed and secured properly according to the General Data Protection Regulation 2018 (“GDPR”).
We consider that the correct treatment of personal data is integral to our successful operations and to maintaining trust of the persons we deal with. We fully appreciate the underlying principles of the Act and support and adhere to its provisions.
Information covered by the Act
The Act uses the term ‘personal data’. For information held by Bodhizone, personal data essentially means any recorded information held by us and from which a living individual can be identified. It will include a variety of information including names, addresses, telephone numbers, email addresses and other personal details. It will include any expression of opinion about a living individual or any indication of our intentions about that individual.
Data protection principles
We will comply with the eight enforceable data protection principles by making sure that personal data is:
fairly and lawfully processed
processed for limited purposes
adequate, relevant and not excessive
accurate and kept up to date
not kept longer than necessary
processed in accordance with the individual’s rights
secure
not transferred to countries outside the European Economic area unless the country to which the data is to be transferred has adequate protection for the individuals
Conditions
We will ensure that at least one of the following conditions is met before we process any personal data:
the individual has consented to the processing
the processing is necessary for the performance of a contract with the individual
the processing is required under a legal obligation (other than one imposed by a contract)
the processing is necessary to protect vital interests of the individual
the processing is necessary in order to pursue our legitimate interests or those of third parties (unless it could unjustifiably prejudice the interests of the individual)
Under the Act, one of a set of additional conditions must be met for ‘sensitive personal data’. This includes information about racial or ethnic origin, political opinions, religious and other beliefs, trade union membership, physical or mental health condition, sex life, criminal proceedings or convictions. We will ensure that one of the following additional conditions is met before we process any sensitive personal data:
the individual has explicitly consented to the processing
we are required by law to process the information for employment purposes
we need to process the information in order to protect the vital interests of the individual or another person
the processing is necessary to deal with the administration of justice or legal proceedings
Individuals’ rights
We will ensure that individuals are given their rights under the Act including:
the right to obtain their personal information from us except in limited circumstances
the right to ask us not to process personal data where it causes substantial unwarranted damage to them or anyone else
the right to claim compensation from us for damage and distress caused by any breach of the Act
Legal requirements
While it is unlikely, Bodhizone may be required to disclose your data by a court order or to comply with other legal requirements. We will use all reasonable endeavours to notify you before we do so, unless we are legally restricted from doing so.
No commercial disposal to third parties
Bodhizone shall not sell, rent, distribute or otherwise make data commercially available to any third party, except as described above or with your prior permission.
Our commitment to data protection
We will ensure that:
everyone managing and handling personal information understands that they are responsible for following good data protection practice
there is someone with specific responsibility for data protection in the organisation
staff who handle personal information are appropriately supervised and trained
queries about handling personal information are promptly and courteously dealt with
people know how to access their own personal information
methods of handling personal information are regularly assessed and evaluated
any disclosure of personal data will be in compliance with approved procedures.
we take all necessary steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure
all contractors who are users of personal information supplied by Bodhizone will be required to confirm that they will abide by the requirements of the Act with regard to information supplied by us.
We have appointed a head of information compliance to lead on data protection for Bodhizone. This person is responsible for ensuring that the policy is effectively implemented.
Newsletter and Marketing
All people signing up to our marketing and newsletters will have opted in to be part of the list
We use MailChimp as our email marketing provider and they also comply with the GDPR regulations. Read their policy here: https://mailchimp.com/legal/privacy/
To opt out of our Newsletter please use the unsubscribe button at the bottom of the newsletter you receive from us.
Corrections and errors
If you receive any communication from Bodhizone that was not intended for you or if there is an error in our communication, please accept our apologies and email us back so that we can rectify the error.
Cookies Policy
Bodhizone uses cookies on https://www.bodhizone.com , by using the Service you consent to the use of cookies.
Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.
What are cookies?
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognise you and make your next visit easier and the Service more useful to you.
Cookies can be “persistent” or “session” cookies.
