top of page

Swale Pride CIC Data Protection Policy

1. Introduction Swale Pride CIC is committed to protecting the personal data of all individuals associated with our organisation, including volunteers, employees, beneficiaries, and partners. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 to ensure data is processed lawfully, fairly, and transparently.

2. Scope This policy applies to all personal data processed by Swale Pride CIC, whether held digitally or in hard copy. It covers data collected from employees, volunteers, service users, donors, and third-party partners.

3. Principles of Data Protection Swale Pride CIC adheres to the following data protection principles:

● Lawfulness, fairness, and transparency

● Purpose limitation

● Data minimisation

● Accuracy

● Storage limitation

● Integrity and confidentiality (security)

● Accountability

4. Lawful Basis for Processing Data Swale Pride CIC processes personal data under one or more of the following lawful bases:

● Consent: When individuals have given explicit permission.

● Contractual necessity: To fulfil a contract with an individual.

● Legal obligation: When required by law.

● Legitimate interests: Where processing is necessary for the organisation’s activities, provided it does not override individuals' rights.

5. Data Collection and Use We collect and process personal data for specific purposes, including:

● Managing volunteers and employees

● Providing services and support

● Fundraising and donor management

● Communicating with stakeholders

● Complying with legal and regulatory requirements

6. Data Security and Storage Swale Pride CIC ensures that personal data is securely stored and protected against unauthorised access, loss, or misuse. Security measures include:

● Password protection for digital records

● Secure storage for physical records

● Limited access to data on a need-to-know basis

● Regular security assessments and updates

7. Data Retention Personal data is retained only for as long as necessary for its intended purpose. When data is no longer required, it is securely deleted or destroyed.

8. Data Subject Rights Individuals have the following rights under UK GDPR:

● The right to access their data

● The right to rectification of inaccurate data

● The right to erasure (‘right to be forgotten’)

● The right to restrict processing

● The right to data portability

● The right to object to processing

● The right to lodge a complaint with the Information Commissioner’s Office (ICO)

9. Data Sharing and Third Parties Swale Pride CIC does not sell personal data. Data may be shared with third parties only when necessary for our operations, where legally required, or with explicit consent.

10. Data Breach Procedure In the event of a data breach, Swale Pride CIC will:

● Assess the breach and take immediate action to mitigate risks

● Notify affected individuals if their rights are at risk

● Report significant breaches to the ICO within 72 hours, as required by law

11. Responsibilities and Compliance All staff, volunteers, and board members are responsible for adhering to this policy. Training and awareness sessions will be provided to ensure compliance.

12. Policy Review This policy will be reviewed annually or in response to legislative changes to ensure ongoing compliance with data protection laws.

For any data protection queries or requests, please contact: Steven Pullen info@swalepride.co.uk

Approved by: Steven Mathew Pullen Director/Founder 08/08/2018

Review date: 08/08/2024

©2018 by Swale Pride Community Interest Company reg :- 11507985 - 16 Thistle Hill Way ME12 3TX

bottom of page