HSS (UK) Data Protection Policy
Hindu Swayamsevak Sangh (UK) (HSS (UK)) takes the issue of privacy very seriously and are committed to protecting and respecting all personal data held on individuals. The Data Protection Policy is a key policy underpinning the HSS (UK) Privacy Policy. It is important to the note that the Data Controller and Data Processors are directly responsible for any personal data they process and must therefore ensure that they are aware of their responsibilities under the new law.
This policy sets out the approach we are taking to protecting personal data and explains your rights in relation to how we may process personal data. More detail in respect of how we process and protect your data is provided below, as well as in the Privacy Policy [in addition, this policy is intended to be adhered to by all karyakartas when processing personal data in addition to or independent from HSS (UK) itself].
If you have any queries about anything set out in this policy or about your own rights, please email info@hssuk.org.
We may update this policy from time to time, although we will make sure that any substantial or significant changes will be notified to you directly.
‘We’ means Hindu Swayamsevak Sangh (UK) - this includes all its service projects i.e. Hindu Sahitya Kendra.
‘ICO’ is the Information Commissioner’s Office, the body responsible for enforcing data protection legislation within the UK and the regulatory authority for the purposes of the GDPR
‘Personal Data’ is defined in section 3
‘Processing’ means all aspects of handling personal data, for example collecting, recording, keeping, storing, sharing, archiving, deleting and destroying it.
‘Data Controller’ means anyone (a person, people, public authority, agency or any other body) which, on its own or with others, decides the purposes and methods of processing personal data. We are a data controller insofar as we process personal data in the ways described in this policy.
‘Data processor’ means anyone who processes personal data under the data controller’s instructions, for example a service provider. We act as a data processor in certain circumstances.
‘Subject Access Request’ is a request for personal data that an organisation may hold about an individual. This request can be extended to include the deletion, rectification and restriction of processing.
The HSS (UK) Glossary provides further common definitions used in all HSS (UK) policies.
Personal data means any information about an identified or identifiable person. For example, an individual’s home address, personal (home and mobile) phone numbers, email addresses, occupation and so on can all be defined as personal data.
Some categories of personal data are recognised as being particularly sensitive (“special category data”). These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic and biometric information, and data concerning a person’s sex life or sexual orientation.
As an organisation we need to collect and use certain types of information about our members, volunteers, and visitors, in order to carry out our work (please also see HSS (UK) Privacy Policy). This personal information must be collected and dealt with appropriately – whether on paper, on a computer, or recorded on other material. This policy applies to all personal and sensitive personal data. We will:
We recognise that our priority under UK GDPR is to avoid causing harm to individuals. Information about employees, volunteers and members will be used fairly, securely and will not be disclosed to any person unlawfully.
In addition to being open and transparent, we will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.
HSS (UK) will at all times follow the six data protection principles as laid down in the UK GDPR:
Principle 1: Personal data must be processed lawfully, fairly and in a transparent manner.
Principle 2: Personal data must be collected only for specified, explicit and legitimate purposes.
Principle 3: Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
Principle 4: Personal data must be accurate and, where necessary, kept up to date
Principle 5: Personal data must not be kept for longer than is necessary for the purposes for which the data is processed
Principle 6: Personal data must be processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage
Everyone who handles personal data must make sure it is held securely to protect against unlawful or unauthorised processing and accidental loss or damage. We take appropriate steps to make sure we keep all personal data secure. Information security controls are put in place to ensure personal data is held and transmitted in a secure manner. Guidance is provided to our members to ensure any personal data that they need to handle is in a secure manner.
We expect our karyakartas, staff, trustees and any providers we use to keep to the guidelines as set out in our Privacy Policy and under ICO and UK GDPR guidance when they are using or processing personal data and other confidential or sensitive information. This is set out more clearly below.
Our Board of Trustees has overall responsibility for HSS (UK) and for making sure that we keep to legal requirements, including data protection legislation. The KKM is responsible for making sure we keep to these requirements across the organisation.
All staff have a responsibility to keep to the requirements of this data protection policy and our related procedures and processes. If you become aware of a data protection issue you must report it promptly info@hssuk.org. If you do not keep to this data protection policy and its associated policies and procedures, we may take disciplinary action against you.
We expect all karyakarta to comply with data protection legislation and this data protection policy; and to follow the relevant rules set out in our Privacy Policy and any other data security guidance from HSS (UK). The KKM has overall responsibility for keeping to data protection regulations. As part of your data protection duties, you should report (email to info@hssuk.org) any instance where the rules on how we handle personal data are broken (or might be broken).
We only keep it as long as is reasonable and necessary for the relevant activities and events. We are legally required to hold some personal data to fulfil statutory obligations, for example the collection of Gift Aid and DBS disclosure.
Unless subject to an exemption, you have the following rights with respect to your personal data:
You are entitled to ask us, in writing, for a copy of the personal data we hold about you. This is known as a subject access request (SAR). In line with legislation, we will not charge a fee for this information and will respond to your request within one month. This is unless this is not possible or deemed excessive, in which case we will contact you within the month of making the SAR.
To exercise all relevant rights, queries or complaints please in the first instance email us on info@hssuk.org.