HSS (UK) Data Protection Policy

 

Hindu Swayamsevak Sangh (UK) (HSS (UK)) takes the issue of privacy very seriously and are committed to protecting and respecting all personal data held on individuals. The Data Protection Policy is a key policy underpinning the HSS (UK) Privacy Policy. It is important to the note that the Data Controller and Data Processors are directly responsible for any personal data they process and must therefore ensure that they are aware of their responsibilities under the new law. 

 

1. Purpose of this Data Protection policy and what it covers

 

This policy sets out the approach we are taking to protecting personal data and explains your rights in relation to how we may process personal data. More detail in respect of how we process and protect your data is provided below, as well as in the Privacy Policy [in addition, this policy is intended to be adhered to by all karyakartas when processing personal data in addition to or independent from HSS (UK) itself].

If you have any queries about anything set out in this policy or about your own rights, please email info@hssuk.org.

We may update this policy from time to time, although we will make sure that any substantial or significant changes will be notified to you directly.

 

2. Some Important Definitions

 

‘We’ means Hindu Swayamsevak Sangh (UK) - this includes all its service projects i.e. Hindu Sahitya Kendra.

‘ICO’ is the Information Commissioner’s Office, the body responsible for enforcing data protection legislation within the UK and the regulatory authority for the purposes of the GDPR

‘Personal Data’ is defined in section 3

‘Processing’ means all aspects of handling personal data, for example collecting, recording, keeping, storing, sharing, archiving, deleting and destroying it.

‘Data Controller’ means anyone (a person, people, public authority, agency or any other body) which, on its own or with others, decides the purposes and methods of processing personal data. We are a data controller insofar as we process personal data in the ways described in this policy.

‘Data processor’ means anyone who processes personal data under the data controller’s instructions, for example a service provider. We act as a data processor in certain circumstances. 

‘Subject Access Request’ is a request for personal data that an organisation may hold about an individual. This request can be extended to include the deletion, rectification and restriction of processing.

The HSS (UK) Glossary provides further common definitions used in all HSS (UK) policies.

 

3. What is personal data?

 

Personal data means any information about an identified or identifiable person. For example, an individual’s home address, personal (home and mobile) phone numbers, email addresses, occupation and so on can all be defined as personal data.

Some categories of personal data are recognised as being particularly sensitive (“special category data”). These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic and biometric information, and data concerning a person’s sex life or sexual orientation. 

 

4. Policy statement 

 

As an organisation we need to collect and use certain types of information about our members, volunteers, and visitors, in order to carry out our work (please also see HSS (UK) Privacy Policy). This personal information must be collected and dealt with appropriately – whether on paper, on a computer, or recorded on other material. This policy applies to all personal and sensitive personal data. We will: 

 

 comply with data protection laws in respect of the data we hold about individuals; 
 respect individuals’ rights; 
 be open and honest with individuals whose data is held; 
 ensure that everyone processing personal information understands that they are responsible for following good data protection practice; 
 protect the organisation’s members, employees, volunteers and other individuals; 
 provide training, support and supervision for employees and volunteers who handle personal data, so that they can act legally, confidently and consistently; 
 regularly assess and evaluate our methods and performance in relation to handling personal information; and 
 protect the organisation from the consequences of a breach of its responsibilities. 

 

We recognise that our priority under UK GDPR is to avoid causing harm to individuals. Information about employees, volunteers and members will be used fairly, securely and will not be disclosed to any person unlawfully. 

 

In addition to being open and transparent, we will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used. 

 

5. The Data Protection Principles 

 

HSS (UK) will at all times follow the six data protection principles as laid down in the UK GDPR: 

 

Principle 1: Personal data must be processed lawfully, fairly and in a transparent manner.

 

Principle 2: Personal data must be collected only for specified, explicit and legitimate purposes.

 

Principle 3: Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed

 

Principle 4: Personal data must be accurate and, where necessary, kept up to date

 

Principle 5: Personal data must not be kept for longer than is necessary for the purposes for which the data is processed

 

Principle 6: Personal data must be processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage

 

 

6. Keeping personal data secure

 

Everyone who handles personal data must make sure it is held securely to protect against unlawful or unauthorised processing and accidental loss or damage. We take appropriate steps to make sure we keep all personal data secure. Information security controls are put in place to ensure personal data is held and transmitted in a secure manner.  Guidance is provided to our members to ensure any personal data that they need to handle is in a secure manner. 

 

 

7. Responsibilities

 

We expect our karyakartas, staff, trustees and any providers we use to keep to the guidelines as set out in our Privacy Policy and under ICO and UK GDPR guidance when they are using or processing personal data and other confidential or sensitive information. This is set out more clearly below.

7.1. Board of Trustees

Our Board of Trustees has overall responsibility for HSS (UK) and for making sure that we keep to legal requirements, including data protection legislation. The KKM is responsible for making sure we keep to these requirements across the organisation.

7.2. Staff

All staff have a responsibility to keep to the requirements of this data protection policy and our related procedures and processes. If you become aware of a data protection issue you must report it promptly info@hssuk.org. If you do not keep to this data protection policy and its associated policies and procedures, we may take disciplinary action against you.

7.3. Karyakartas

We expect all karyakarta to comply with data protection legislation and this data protection policy; and to follow the relevant rules set out in our Privacy Policy and any other data security guidance from HSS (UK). The KKM has overall responsibility for keeping to data protection regulations. As part of your data protection duties, you should report (email to info@hssuk.org) any instance where the rules on how we handle personal data are broken (or might be broken).

 

8. Data Retention

 

We only keep it as long as is reasonable and necessary for the relevant activities and events. We are legally required to hold some personal data to fulfil statutory obligations, for example the collection of Gift Aid and DBS disclosure.

 

9. Rights to accessing and updating personal data

 

Unless subject to an exemption, you have the following rights with respect to your personal data: 

 Access to your personal information: The right to request a copy of your personal data which HSS (UK) holds about you. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity.
 Rectification: The right to request us to correct or change any personal data if it is found to be inaccurate or out of date.
 Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. Please contact us as noted above, providing details of your objection.
 Restriction: The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
 Erasure: The right to request your personal data is erased where it is no longer necessary for HSS (UK) to retain such data.

 

10. Subject access requests

 

You are entitled to ask us, in writing, for a copy of the personal data we hold about you. This is known as a subject access request (SAR). In line with legislation, we will not charge a fee for this information and will respond to your request within one month. This is unless this is not possible or deemed excessive, in which case we will contact you within the month of making the SAR. 

 

11. Further information and contacts

 

To exercise all relevant rights, queries or complaints please in the first instance email us on info@hssuk.org.