This information relates to the collection and storage of data from members of the public and supporters of the charity.
What is personal and sensitive data?
Personal data is data which can be used to identify you. This may include your name, date of birth, address, telephone number etc.
Sensitive data is information related to any of the following: racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sexuality, offences and/or convictions.
Under the General Data Protection Regulation (GDPR) there are six provisions given in Article 6 for the lawful processing of personal data:
Consent of the data subject
Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
Processing is necessary for compliance with a legal obligation
Processing is necessary to protect the vital interests of a data subject or another person;
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
Our fundraising and marketing activity ensures that we have full consent (point one) of supporters to process their personal information.
Where will you store my data?
HARP gathers a variety of information from different sources. Much of your data held by HARP is stored securely on electronic systems accessed by members of HARP. Where paper-based or other data is held, this is stored securely on HARP premises and accessed by HARP.
We have a clear data retention and destruction policy and do not hold data for longer than is necessary.
How do we look after your data?
We will always make sure you know why we need information and how it will be used.
We will keep your information safe and make sure nobody sees it who should not.
We will take it very seriously if your information is not used properly or kept safe.
We will follow the Data Protection Act and any other relevant legislation about keeping your data secure.
We will not share your information without your permission unless required to do so by law or it is absolutely necessary.
We will not sell your data or share it with commercial organisations.
What is a Data Controller?
A Data Controller is someone who is responsible for your data and who must make sure that your data is processed according to the law. For example they are responsible for making sure that the information held about you is accurate and that it is kept secure.
What does Data Controller in Common mean?
For the purpose of the Data Protection Act the members of HARP are Data Controllers in common. This means that the members of HARP are responsible jointly for your data.
For example if you are receiving help from two different HARP sites then both sites may record your personal data and sensitive data. They will both have responsibility for ensuring your data is processed according to the law.
Can I withhold my consent?
Yes you can withhold your consent for future contact. This may however affect our ability to communicate with you effectively about your support.
If you donate to HARP, we will store information about your donations for reporting purposes. If you wish for us to not store this information, please contact us.
We will not share your information with anyone else without your consent, unless required to do so by law.
Complaints handling procedure
HARP has a Feedback policy which outlines the complaints handling procedure. Full details of the complaints procedure are available on request.