Social Enterprise Kent is committed to protecting and respecting your privacy. As an organisation, we comply with obligations under the General Data Protection Regulation (GDPR), which takes effect from 25th May 2018, by keeping personal data up to date, storing and destroying it securely, protecting data from loss, misuse, unauthorised access or disclosure and by ensuring appropriate technical measures are in place to protect personal data.
Your personal data will not be shared with third parties or other organisations other than as set out below. The information you have provided Social Enterprise Kent will be strictly used for the sole intention expressed. Any personal information Social Enterprise Kent holds will only be kept for the duration it is needed for. Details and retention periods are included in our policy on Data Protection, which is available on our website: www.sekgroup.org.uk.
Under GDPR (General Data Protection Regulation), there are six privacy principles for why personal information is processed, stored and kept, for the time that is needed:
- Consent: This has been given by an individual through our website, via email or via telephone
- Contract: The processing is required to fulfil contractual obligations or to provide a quote before entering into a contract
- Legal obligation: Information required by the CQC, Ofsted, HMRC or other legal or regulatory body (eg Health and Safety executive, DWP, HM Courts, insurance claims)
- Vital interests: The processing is required to protect someone’s life
- Legitimate interests: Individuals who would normally expect their data to be processed with minimal impact
- Public task: This covers public functions and powers that are set out in law, or to perform a specific task in the public interest that is set out in law
For more information on these privacy principles, you can visit The Information Commissioners Office at www.ico.org.uk.
Your personal data will be treated as strictly confidential. Social Enterprise Kent uses personal data for the following purposes in accordance with the General Data Protection Regulation:
- To manage our employees, learners, volunteers and participants of projects, and ensure we meet all legal obligations relating to employees, learners, volunteers and participants
- To provide evidence of projects, training and other services being delivered, to fulfil contractual obligations
- To inform individuals of training, news, events or services (with consent)
- To promote the organisation with photographs used from events, training and activities on social media, our website and in marketing leaflets, banners, publications, articles and flyers (with consent)
Social Enterprise Kent has a contract with a third-party IT organisation who help to maintain the infrastructure of technology used which processes personal data. This organisation may be provided with access to Social Enterprise Kent’s information and IT Services where there are business reasons to do so. Information security risks associated with such access will be managed using risk assessments and contractual agreements, to ensure Social Enterprise Kent meets its legal obligations.
Social Enterprise Kent is required to process personal data on behalf of other organisations, including HMRC, the Big Lottery Fund, and other funders and commissioners. You have the following rights with respect to your personal data in accordance with the General Data Protection Regulation:
- Request a copy of your personal data held
- Request that any information is to be corrected if found inaccurate
- Request that your personal data is erased where it is no longer necessary
- To withdraw your consent to processing at any time
- If there is a dispute in relation to accuracy or processing of your personal data, to request a restriction is placed on further processing
- To file a complaint with The Information Commissioners Office at www.ico.org.uk
You can contact our Data Protection Champion, Charlotte Forsyth, at email@example.com for any of the above matters. Please note that all processing of your personal data will cease if you withdraw consent, but this will not affect any personal data that has already been processed prior to this. Please also note that withdrawing consent may then have other consequences, for example, if this means we are then unable to comply with contractual or legal obligations, about employment, support or training for you.
Social Enterprise Kent defines personal data as data which relates to an identified or identifiable natural person. This is based on Article 4 of the GDPR. This does not relate to businesses or companies which are not “natural persons”. Business emails and business cards which are used by someone in their role as an agent or officer only of that business are therefore not personal data but owned and managed by the business. Business Emails, company mobile phone numbers and business cards are therefore not covered under GDPR requirements. In some circumstances, individuals may use a work Email address or mobile phone for personal matters, which then makes them “personal data”. Wherever Social Enterprise Kent becomes aware of this happening, we will then apply our GDPR policy to this personal data.