Data Protection Policy

The Barby Woodland Trust (BWT) is authorised to modify this Privacy Policy at any time. This may occur without prior notice.

We will consider the following points about Personal Data we process:

Should we be collecting this?
Is this useful and accurate?
Have we got clear permission or valid justification to use this?
Should we still be holding this?
Is our Personal Data held securely and safely?
Is this request from the individual concerned?
Are the businesses we work with also compliant?
Collection and Use of Your Personal Information

1. Information We Collect

When communicating with BWT you will be prompted to provide us with personal information used to contact or identify you. https://www.barbywoodlandtrust.org.uk may collect the following information:

Usage Data
Name
Email
Telephone number

Usage Data includes the following:

Internet Protocol (IP) address of computers accessing the site
Web page requests
Referring web pages
Browser used to access site
Time and date of access

2. Data processing

What we do with Personal Data is referred to as “processing”. This means any activity that involves the use of Personal Data. It includes collecting, obtaining, recording or holding it, or carrying out any operation or set of operations on it including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties in certain circumstances.

3. Audit

We will undertake a full audit of the Personal Data we hold; this includes paper and digital records. Once we’ve gathered and assessed all the Personal Data we hold, we will decide whether it is still needed; if not, it will be deleted. For the Personal Data we would like to retain, we will need to be able to demonstrate valid reasons or express consent from the individuals to do so.

Most management tasks, such as administering membership or other activities people would reasonably expect, could be classed as ‘legitimate interests’ but other communications, outside our core activities may rely on ‘consent’ as our condition. Under GDPR, consent from individuals must be affirmative, freely given, specific, informed and unambiguous. This means that they must actively give consent for their Personal Data to be processed. Silence, inaction and pre-ticked boxes are not valid as consent. A record of how and when consent was granted should be kept on file.

4. Privacy Statement

A clear, simple privacy statement will be available on our website. This will include the information we are required to provide:

The identity of The Barby Woodland Trust as the data “controller” together with appropriate contact details
The purpose of collection
The legal basis for processing, including any legitimate interests relied upon
Whether any sharing with third parties or international transfers will take place
How long the data will be held
Details of the individual’s rights regarding the data Reference to this statement should be included in any communications with individuals, along with the option to opt-out or withdraw consent.

5. Retention policy

Any data we hold will only be kept for as long as it is necessary and useful. We will review all our Personal Data every two years to refresh the data and keep only what is relevant and current. Personal Data will always be deleted if an individual has withdrawn consent, or if the Personal Data is no longer up to date. Certain elements of the data can be held indefinitely if these are anonymised (removing personally identifiable data).

6. Rights and requests

Right to be informed Individuals will be informed of how their Personal Data is collected, stored and processed in a clear, accessible way. This will be provided in our Privacy Statement and by request.

Right of access Individuals can request access to a copy of their Personal Data in electronic form and details of how it is processed.
Right to rectification Individuals are entitled to have their Personal Data corrected if it is inaccurate or incomplete.
Right to erasure This permits individuals to request, in certain cases, the deletion of their Personal Data.
Right to restrict processing Individuals can, in certain cases, request a halt on processing if they object to accuracy or purpose. We can still hold the Personal Data until the request is resolved, but there will be an immediate pause in the processing in the meantime.
Right to data portability Individuals can request the Personal Data that they have provided to us in a suitable digital format, sent directly to them or to a third party.
Right to object Individuals can, in certain cases, object to the processing of their data, e.g. in direct marketing.

All requests must be passed to the Committee Secretary (secretary@barbywoodlandtrust.org.uk) (if not originally addressed to them) so that there is a central point of contact responsible for receiving, recording and responding to requests (although actioning requests may ultimately be carried out by a committee member assigned to a particular request).

Before responding to or otherwise actioning a request, we must ensure that we are dealing with the data subject (or their authorised representative) and in doing we will verify the identity of the person making the request and (if applicable) their authority.

We will not charge a fee for complying with a data subject requests unless the request is manifestly unfounded or excessive, or (in the event of a request for copies of Personal Data) the requester asks for further copies of their Personal Data in which case we may charge an administration fee.

7. Data Breaches

If a data breach occurs, we are required to notify the Information Commissioners’ Office (and in certain instances the affected data subject). Any breach (whether known or suspected) must be reported immediately to the Chairman (chairman@barbywoodlandtrust.org.uk) and Committee Secretary (secretary@barbywoodlandtrust.org.uk). All evidence relating to an actual or suspected data breach must be preserved.

This policy was created approved by the Committee on 23rd May 2023. If this policy is changed, the date of the new version will be listed in this section, and past copies can be made available upon request.

Paul Reynolds
The Barby Woodland Trust
Date: May 2023
Review date: November 2024