General Data Protection Regulations
Busega Scotland takes the management of the information you give us very seriously.When you give us information we will only use this for the purposes it was intended and ultimately achieve Busega Scotland’s charitable purposes.
Register of Systems
- Electronic list of interested parties email addresses
- Gift Aid declaration forms – full name, address and postcode. Paper copies and electronic list.
- Register of Trustees – required by the Office of the Charity Regulator
Who we are
We (or us) means Busega Scotland, a registered charity (number SCO 46101) with the Office of the Scottish Charity Regulator. Our registered office address is
4, Commerce Street,
By contacting us, receiving our newsletter or making donations you are agreeing to be bound by this policy.
If you have any queries about this policy please contact the Secretary, Busega Scotland – email firstname.lastname@example.org
It is very important to us that your rights about how your personal data is handled are upheld. We will only collect, store and share personal data about our trustees, volunteers, donors and helpers where this is necessary. We realise that the appropriate and accurate management of this data is critical to public confidence in our activities.
Your personal data may be held on paper as well as on a computer or other media. Please be assured it will be held securely and that all legal requirements of the General Data Protection Regulations will be fully complied with.
This policy and any other documents referred to sets out the basis in which we will process the personal data we collect from you or which is provided by you or from other sources.
This policy also sets out rules on data protection and other legal conditions that must be satisfied when we obtain, handle, process, transfer and store personal data.
How do we collect personal data?
We collect personal data about you when you register for payroll giving, make regular or one-off payments, you ask us to email you our newsletter or we contact you for any other reason.
What personal information do we collect?
Personal information we collect about you may include your name, postal address, email address, phone number, post code and bank details, if you make a one-off or regular donation.
How do we use personal information?
We use personal information to –
- Enable your financial donation to reach our bank account.
- To show on our bank account who has donated.
- Enable us to contact you.
- To process Gift Aid forms and share the information with the HMRC for tax relief purposes.
We will only share your information where this is necessary, such as when claiming Gift Aid on donations with the HMRC. We will not routinely share information with anyone else.
Lawful basis for processing your personal information
Under article 6 of the General Data Protection Regulations our lawful basis for processing and holding personal information is ‘legitimate interest’ as it is necessary for Busega Scotland to use this information to meet its charitable purposes.
Busega Scotland’s registration
Busega Scotland is registered with the Office of the Scottish Charity Regulator.
Do we provide information to other third parties?
We will only share your information with other organisations where we have your permission to do so. This is where it is necessary and appropriate. For example, with our bank or with the HMRC or where we are required to legally or by regulation.
Busega Scotland is only permitted to contact you using personal information if you give us your specific consent. For example, by giving us your email address.
We may use this to send you our newsletters or advise you of fund-raising initiatives or events or for other purposes consistent with our charitable purposes.
You can ask us to remove the information we hold about you at any time.
You can change your communication preferences at any time by contacting the Secretary at email@example.com
Some donations you make may be eligible for Gift Aid, which we claim on your behalf.Once we have received these funds from HMRC we will pay this money into Busega Scotland’s bank account. These funds are used exclusively for Busega Scotland’s charitable purposes. We have no paid staff in the UK. Our funds, except for money transfer costs, are used to support our projects in Tanzania.
For Busega Scotland to claim Gift Aid on your donation, you must be a UK taxpayer and pay income tax equal to or more than the amount of tax which will be reclaimed on your donation.
As part of this process Busega Scotland is required to submit your details including your address to HMRC. By asking us to make a Gift Aid claim you are giving us permission to use your personal details this way.
Busega Scotland is committed to keeping your personal information safe and secure. We will manage your data to ensure that it is not shared with any other party unless you have given us your specific consent to do so.
Where your data is held.
We hold your data on secure written records kept by our Treasurer and Secretary, and for other authorised and specified purposes by other Busega Scotland trustee(s). These records are held in secure written and computerised files. Where this is data is shared with our bank or HMRC they have developed their own policies and systems to hold this securely.
How you can update your information
The accuracy of your information is important to us. If you change your email or other contact details, please let us know by contacting the Secretary on firstname.lastname@example.org .
Subject Access Requests
You have a right to ask for a copy of the information we hold on you.
We don’t charge for this. Before doing so, we will need you to confirm your identity and what information you want. To do this, please contact us by email to the Secretary on email@example.com
If you want to make a complaint, please contact the Secretary at firstname.lastname@example.org and give us some details of your complaint. If you remain unhappy with our use of your personal data, you have the right to complain to the Information Commissioner’s Office.
Contact details are as follows –
Email – http://ico.org.uk/concerns/
Telephone – 0303 123 1113
End of Policy
Data Protection Policy
|Last updated||5 July 2018|
|Charity||means [ Busega Scotland], a registered charity.|
|GDPR||means the General Data Protection Regulation.|
|Responsible Person||means [Secretary and Trustee].|
|Register of Systems||means a register of all systems or contexts in which personal data is processed by the Charity.|
1. Data protection principles
The Charity is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. General provisions
- This policy applies to all personal data processed by the Charity.
- The Responsible Person shall take responsibility for the Charity’s ongoing compliance with this policy.
- This policy shall be reviewed at least annually.
3. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, the Charity shall maintain a Register of Systems.
- The Register of Systems shall be reviewed at least annually.
- Individuals have the right to access their personal data and any such requests made to the charity shall be dealt with in a timely manner.
4. Lawful purposes
- All data processed by the charity must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
- The Charity shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Charity’s systems.
5. Data minimisation
- The Charity shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- The Charity shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
7. Archiving / removal
- To ensure that personal data is kept for no longer than necessary, the Charity shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- The Charity shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be put in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the Information Commissioner’s Office.
END OF POLICY