Foundation Policies
Context
Data protection legislation in the UK (including but not necessarily limited to the Data Protection Act 2018 and the GDPR) (collectively the Legislation) seeks to protect identifiable living individuals (the Individual(s)) by establishing standards for the processing of their personal data. The Legislation:
(a) requires personal data to be processed lawfully and fairly, on the basis of an Individual’s expressed consent, or on another specified basis; and
(b) confers rights on an Individual to obtain information about the processing of his or her personal data, and to require that inaccurate personal data be rectified; and
(c) establishes the rights of the Information Commissioner (the Commissioner), and also assigns to the holder of that office responsibility for monitoring and enforcing the Legislation.
Purpose
The purpose of this policy is to implement the requirements of the Legislation as far as it applies to The Sandstone Foundation SCIO (the Foundation).
Definition of Data Processing
Data processing for the purposes of this policy shall comprise any
one of the following actions by the Foundation relating to an Individual’s
personal data:
(a) its collection, recording, organization, structuring or storage
(b) its adaptation or alteration
(c) its retrieval, consultation or use
(d) its disclosure by transmission, dissemination or otherwise making it available
(e) its alignment or combination
(f) its restriction, erasure or destruction.
The definition applies to data however held, including paper files and computer storage systems or programs.
Statement of Policy
1. Whenever the Foundation collects and records personal data (the Data) relating to any Individual it shall make a clear statement at the time of collection of the purpose for which the Data is to be collected, and shall not proceed without the express permission of the Individual unless:
- such permission is implicit in contractual arrangements or pre-contractual negotiations; or
- if such processing is necessary for compliance with a legal obligation to which the Company is subject.
2. The Foundation shall not collect:
- special category data as defined in the Legislation, such as data relating to race, religious beliefs or ethnicity; or
- data relating to criminal convictions or offenses.
Right of Access
The Foundation acknowledges an Individual’s right to access his or her personal data held by the Foundation. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk.
The Foundation undertakes to respond to all reasonable data access requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).
No fee shall be charged for the response to a data access request, unless it is manifestly unfounded or excessive, or if it is a repeat request for the same data already supplied; as an alternative to charging a fee in such circumstances, the Foundation may elect not to comply with the request.
The Foundation shall require someone requesting access to Data to prove their identity before such Data is supplied.
Rights of rectification
The Foundation acknowledges an Individual’s right to have incomplete or
incorrect Data completed or rectified. Requests may be made either by
mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk.
The Foundation undertakes to respond to all reasonable requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).
No fee shall be charged for the response to a rectification request, unless it is manifestly unfounded or excessive, or if it is a repeat request for data already completed or rectified; as an alternative to charging a fee in such circumstances, the Foundation may elect not to comply with the request.
The Foundation shall require someone requesting data completion or rectification to prove their identity and to prove the accuracy of the data which they wish the Foundation to record before taking action.
Right of erasure
The Foundation acknowledges an Individual’s right to request that Data relating to them be erased. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk
The Foundation undertakes to respond to all reasonable requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).
No fee shall be charged for the response to an erasure request.
The Foundation shall in all cases require that someone requesting that Data relating to them be erased must prove their identity before the Data is erased, and also to provide a valid reason for the request.
The Foundation recognizes the following valid reasons for requesting the erasure of Data:
In accordance with the Legislation the Foundation shall not erase Data when requested if any of the following applies:
When Data is erased in response to a request, it shall be deleted from Live systems only. Any request to delete such data from backup files not in current use is considered to be excessive and will not be complied with unless the Requestor can supply a valid reason why this constitutes an unwarranted risk to him or her.
Right to restrict the use of data
The Foundation acknowledges an Individual’s right to request that Data relating to them not be used by the Foundation, without the requirement that it be deleted. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk.
The Foundation undertakes to respond to all reasonable requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).
No fee shall be charged for the response to such a request.
The Foundation shall in all cases requires that someone requesting that Data relating to them not be used must prove their identity before the Data is erased, and also to provide a valid reason for the request.
The Foundation undertakes not to use stored Data unless:
The Foundation acknowledges an Individual’s absolute right to request that his/her Data not be used for direct marketing purposes, and will implement such request promptly after receipt.
Other rights
The Foundation acknowledges the following rights in the legislation and draws Individuals’ attention to them:
Where Data will be held
Data may be held in or transferred to the UK, Switzerland, any EU or EEA country and any other country for which a ’finding of adequacy’ has been made under the GDPR (qv).
The ICO
The Foundation is exempt from registration with the UK’s Information Commissioner’s
Office.
V 1 24-03-2023
If you would like to know more about our sponsors, or how you or your business could become a sponsor, please get in touch.
Encouraging the development of the life skills which young people will require whatever career they choose
The charitable objective of the Sandstone Foundation SCIO is 'to advance the education (including social and physical training) of young persons (below the age of 25)'. If you want to donate to our charitable efforts, or if you want to explore the opportunity of booking a visit to your school or college, please get in touch.