HSS (UK) Data Protection Policy

Hindu Swayamsevak Sangh (UK) (HSS (UK)) takes the issue of privacy very seriously and are committed to protecting and respecting all personal data held on individuals. The Data Protection Policy is a key policy underpinning the HSS (UK) Privacy Policy. It is important to the note that the Data Controller and Data Processors are directly responsible for any personal data they process and must therefore ensure that they are aware of their responsibilities under the new law.

1. Purpose of this Data Protection Policy and What it Covers

This policy sets out the approach we are taking to protecting personal data and explains your rights in relation to how we may process personal data. More detail in respect of how we process and protect your data is provided below, in particular in section 4 [in addition, this policy is intended to be adhered to by all karyakartas when processing personal data in addition to or independent from HSS (UK) itself].

If you have any queries about anything set out in this policy or about your own rights, please email on webmaster@hssuk.org .

We may update this policy from time to time, although we will make sure that any substantial or significant changes will be notified to you directly.

2. Some Important Definitions

• ‘We’ means Hindu Swayamsevak Sangh (UK) - this includes all its service projects i.e. Hindu Sevika Samiti, Hindu Sahitya Kendra.
• ‘ICO’ is the Information Commissioner’s Office, the body responsible for enforcing data protection legislation within the UK and the regulatory authority for the purposes of the GDPR
• ‘Personal Data’ is defined in section 3
• ‘Processing’ means all aspects of handling personal data, for example collecting, recording, keeping, storing, sharing, archiving, deleting and destroying it.
• ‘Data Controller’ means anyone (a person, people, public authority, agency or any other body) which, on its own or with others, decides the purposes and methods of processing personal data. We are a data controller insofar as we process personal data in the ways described in this policy.
• ‘Data processor’ means anyone who processes personal data under the data controller’s instructions, for example a service provider. We act as a data processor in certain circumstances.
• ‘Subject Access Request’ is a request for personal data that an organisation may hold about an individual. This request can be extended to include the deletion, rectification and restriction of processing.

The HSS (UK) Glossary provides further common definitions used in all HSS (UK) policies.

3. What is Personal Data?

Personal data means any information about an identified or identifiable person. For example, an individual’s home address, personal (home and mobile) phone numbers, email addresses, occupation and so on can all be defined as personal data.

Some categories of personal data are recognised as being particularly sensitive (“special category data”). These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic and biometric information, and data concerning a person’s sex life or sexual orientation.

4. What type of Personal Data do we collect and why?

4.1. Registered Members (swayamsevaks/sevikas) and Karyakartas

We collect personal data in a variety of ways; however, the key source of data is from the Registration Form when an individual becomes a member of HSS (UK). We may hold personal data (including special category data) about members on our membership database and local databases. We believe it is important to be open and transparent about how we will use your personal data.

Information we may hold about you includes the following:

• Name and contact details
• Details of your experience, qualifications, occupation
• Details of HSS (UK) events and activities you have taken part in
• Details of next of kin
• Age/Date of birth
• Details of any health conditions
• Details of disclosure checks
• Any complaints we have received about the member
• Ethnic background and native languages
• Religion
• Nationality

We need this information to communicate with you and to carry out any necessary checks to make sure that you can work with young people. We also have a responsibility to keep information about you, both during your time as a Swayamsevak/sevika and/or karyakarta and afterwards (due to our safeguarding responsibilities).

4.2. Donors

We benefit from donations from our members as well as members of the local community who support our work, and we hold personal data about these donors so that we can process donations and orders and inform donors about our work and campaigns and how they can support us further. We may hold the type of information as set out in 4.1.

4.3. External organisations

We may also hold personal data from various leaders of local/national community/political/service-based organisation who we have a relationship with in order to update them on the various activities and work we undertake. We may hold the type of information as set out in 4.1.

4.4. Customers and visitors

We also hold personal data from customers and visitors to our Hindu Sahitya Kendra , online bookshop and via the HSS (UK) website. We may hold the type of information as set out in 4.1 and also including the following:

• Purchase history
• Payment details

4.5. Employees (past, present and future)

As an employer, we need to keep information relating to each member of staff who has a contract with us. This will include the pre-employment stage, references, and records relating to the time they worked for us, including probationary, appraisal and disciplinary information.

We also hold information that allows us to pay salaries and work with other payroll and pension providers. We may hold the type of information as set out in 4.1 and also including the following:

• Information that allows us to pay salaries and work with other payroll and pension providers
• Probationary, appraisal and disciplinary information

4.6. CCTV

Our offices and shops throughout the country operate a CCTV network to help prevent and detect crime and safeguard (protect) young people and others. If we can identify somebody from a CCTV image, the image must be processed as personal data.

5. Conditions for collecting personal data

5.1. Keeping to the law

We must keep to the law when processing personal data. To achieve this, we have declared that legal basis for processing your personal information is ‘legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason to carry out our activities and conduct events.

Also, information must be:

• Processed fairly and lawfully
• Collected for specified, clear and legitimate purposes
• Adequate, relevant and limited to what is necessary
• Accurate and, where necessary, kept up to date
• Kept for no longer than is necessary
• Processed securely

5.2. Information that we share

We will not sell or rent your information (including web browsing activity) to third party organisations, and we will not share your personal information for others to use for the purposes of marketing.

In line with key objectives, events and activities of HSS (UK), we may disclose your personal data to certain third-party organisations who are processing data solely in accordance with our instructions (called ‘data processors’). This includes companies and/or organisations that work with us or on our behalf to deliver our objectives, events, activities and certifications (for example providers of mail management, payment providers, event organisers, agencies used to conduct DBS checks) as well as professionals we use such as insurers, auditors or accountants. We only use those data processors who can guarantee to us that adequate safeguards are put in place by them to protect the personal data they process on our behalf.

We may run an event or activity in partnership with another organisation and your details may need to be shared, should this be the case you will be notified in such circumstances.

We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).

6. Keeping personal data secure

Everyone who handles personal data must make sure it is held securely to protect against unlawful or unauthorised processing and accidental loss or damage. We take appropriate steps to make sure we keep

all personal data secure. Information security controls are put in place to ensure personal data is held and transmitted in a secure manner. Guidance is provided to our members to ensure any personal data that they need to handle is in a secure manner.

7. Responsibilities

We expect our karyakartas, staff, trustees and any providers we use to keep to the guidelines as set out in our Privacy Policy and under ICO and GDPR guidance when they are using or processing personal data and other confidential or sensitive information. This is set out more clearly below.

7.1. Board of Trustees

Our Board of Trustees has overall responsibility for HSS (UK) and for making sure that we keep to legal requirements, including data protection legislation. The KKM is responsible for making sure we keep to these requirements across the organisation.

7.2. Staff

All staff have a responsibility to keep to the requirements of this data protection policy and our related procedures and processes. If you become aware of a data protection issue you must report it promptly webmaster@hssuk.org. If you do not keep to this data protection policy and its associated policies and procedures, we may take disciplinary action against you.

7.3. Karyakartas

We expect all karyakarta to comply with data protection legislation and this data protection policy; and to follow the relevant rules set out in our Privacy Policy and any other data security guidance from HSS (UK). The KKM has overall responsibility for keeping to data protection regulations. As part of your data protection duties, you should report (email to webmaster@hssuk.org ) any instance where the rules on how we handle personal data are broken (or might be broken).

8. Data Retention

We only keep it as long as is reasonable and necessary for the relevant activities and events. We are legally required to hold some personal data to fulfil statutory obligations, for example the collection of Gift Aid and DBS disclosure.

9. Rights to Accessing and Updating Personal Data

Unless subject to an exemption, you have the following rights with respect to your personal data:

• Access to your personal information: The right to request a copy of your personal data which HSS (UK) holds about you. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
• Rectification: The right to request us to correct or change any personal data if it is found to be inaccurate or out of date.
• Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. Please contact us as noted above, providing details of your objection.
• Restriction: The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
• Erasure: The right to request your personal data is erased where it is no longer necessary for HSS (UK) to retain such data.

10. Subject Access Requests

You are entitled to ask us, in writing, for a copy of the personal data we hold about you. This is known as a subject access request (SAR). In line with legislation, we will not charge a fee for this information and will respond to your request within one month. This is unless this is not possible or deemed excessive, in which case we will contact you within the month of making the SAR.

11. Further Information and Contacts

To exercise all relevant rights, queries or complaints please in the first instance email us on .