Privacy and Data Protection Policy

The Wiltshire Bobby Van Trust (WBVT) is committed to protecting the privacy of staff, volunteers, clients and supporters under the new General Data Protection Regulation (GDPR) (May 2018).

1. Personal Data

This is any personal data you share with us, and could include: your name, your postal address, your email address and your telephone number. This may be used for the following purposes:

  • to respond to your queries;
  • to provide services where requested;
  • to keep you informed about our work, news and campaigns and fundraising;
  • to claim Gift Aid on your donations where applicable; and,
  • to measure trends in the visitors to our website and to improve the web experience for our visitors.

You have the right to request to see or amend any personal information we hold about you. See section 2: Your Rights below.

Confidentiality and data protection

We do not sell or swap your details with any third parties. If further services are required your explicit consent will be required before being actioned. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Breach Notification

A personal data breach may mean that someone other than the data controller gains unauthorised access to personal data. However, a personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.

All breaches of the GDPR are to be reported without undue delay to the Information Commissioners Office (ICO) within 72 hours, unless the breach is unlikely to result in any risk to the rights and freedoms of data subjects, and to the data subjects without undue delay unless a specified exemption applies.

Notifications to the data subjects will provide name and contact details of the data controller where more information can be obtained, the likely consequences of the personal data breach and the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

2. Your Rights

Data Subject Rights and Subject Access Requests

The WBVT is fully committed to respecting individuals’ rights to access personal information held about them in accordance with Article 17 of the GDPR.

Subject access rights

Any individual who makes a valid subject access request is entitled to be:

  • told whether their personal data is being processed;
  • given a description of the personal data, reason for processing and whether it has been shared with any other organisations or persons;
  • given details of the source of the data (where this is available);
  • given the right to rectify, object to, or restrict processing of personal data;
  • given the ‘right to be forgotten’ as set out in Article 17 of the GDPR; and,
  • given details of how long their information will be retained for.

Individuals are only entitled to their own personal data, and not to information relating to other people, unless they are acting on behalf of that person. In these circumstances, written consent will be required.

Exempt information

The WBVT may not be able to release some information. Information which is exempt from a subject access request includes:

  • personal data where disclosure could prejudice the prevention or detection of crime; and,
  • personal data identifying another person (a third party) whose details cannot be disclosed without their permission.

How to make a request

In order to make a valid subject access request the following must be provided:

  • a clear written request by letter or email.

Proof of identification may be requested to ensure that the personal information requested is provided to the right person. Two forms of ID will be required. One must be name identification (e.g. Driving Licence, Passport or Birth Certificate) and the other a form of address identification dated in the last three months.

The WBVT will comply with requests for access to personal information within one month, as required by the Act. All subject access requests should be addressed to:

The Data Controller, The Wiltshire Bobby Van Trust,
Devizes Police Station,
New Park Street,
Devizes,
Wiltshire,
SN10 1DZ

Email: bobbyvan@wiltshire.org.uk

Changes to this policy

The Wiltshire Bobby Van Trust reserves the right to make any changes to this Privacy and Data Protection Policy, and other aspects of this site at any time. Please check this page regularly for any changes.