The Wiltshire Bobby Van Trust (WBVT) is committed to protecting the privacy of staff, volunteers, clients and supporters under the new General Data Protection Regulation (GDPR) (May 2018). The WBVT is registered with the Information Commissioners Office (ICO), which is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
1. Personal Data
This is any personal data you share with us, and could include: your name, your postal address, your email address and your telephone number. This may be used for the following purposes:
- to respond to your queries;
- to provide services where requested;
- to keep you informed about our work, news and campaigns and fundraising;
- to claim Gift Aid on your donations where applicable; and,
- to measure trends in the visitors to our website and to improve the web experience for our visitors.
You have the right to request to see, amend or remove any personal information we hold about you. See section 2: Your Rights below.
Confidentiality and data protection
We do not sell or swap your details with any third parties. If further services are required your explicit consent will be required before being actioned. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. This includes designated Data Controller/s who are responsible for the safeguarding of your personal data.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
A personal data breach may mean that someone other than the data controller gains unauthorised access to personal data. However, a personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.
All breaches of the GDPR are to be reported without undue delay to the Information Commissioners Office (ICO) within 72 hours, unless the breach is unlikely to result in any risk to the rights and freedoms of data subjects, and to the data subjects without undue delay unless a specified exemption applies.
Notifications to the data subjects will provide name and contact details of the data controller where more information can be obtained, the likely consequences of the personal data breach and the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
2. Your Rights
Data Subject Rights and Subject Access Requests
The WBVT is fully committed to respecting individuals’ rights to access personal information held about them in accordance with Article 17 of the GDPR.
Subject access rights
Any individual who makes a valid subject access request is entitled to be:
- told whether their personal data is being processed;
- given a description of the personal data, reason for processing and whether it has been shared with any other organisations or persons;
- given details of the source of the data (where this is available);
- given the right to rectify, object to, or restrict processing of personal data;
- given the ‘right to be forgotten’ as set out in Article 17 of the GDPR; and,
- given details of how long their information will be retained for.
Individuals are only entitled to their own personal data, and not to information relating to other people, unless they are acting on behalf of that person. In these circumstances, written consent will be required.
The WBVT may not be able to release some information. Information which is exempt from a subject access request includes:
- personal data where disclosure could prejudice the prevention or detection of crime; and,
- personal data identifying another person (a third party) whose details cannot be disclosed without their permission.
How to make a request
In order to make a valid subject access request the following must be provided:
- a clear written request by letter or email.
Proof of identification may be requested to ensure that the personal information requested is provided to the right person. Two forms of ID will be required. One must be name identification (e.g. Driving Licence, Passport or Birth Certificate) and the other a form of address identification dated in the last three months.
The WBVT will comply with requests for access to personal information within one month, as required by the Act. All subject access requests should be addressed to:
The Data Controller, The Wiltshire Bobby Van Trust,
Devizes Police Station,
New Park Street,
Changes to this policy
The Wiltshire Bobby Van Trust reserves the right to make any changes to this Privacy and Data Protection Policy, and other aspects of this site at any time. Please check this page regularly for any changes.
Policy updated: 10/01/2018
Policy review date: 10/01/2019