Foundation Policies

Data Protection Policy

Context

Data protection legislation in the UK (including but not necessarily limited to the Data Protection Act 2018 and the GDPR) (collectively the Legislation) seeks to protect identifiable living individuals (the Individual(s)) by establishing standards for the processing of their personal data. The Legislation:

(a) requires personal data to be processed lawfully and fairly, on the basis of an Individual’s expressed consent, or on another specified basis; and

(b) confers rights on an Individual to obtain information about the processing of his or her personal data, and to require that inaccurate personal data be rectified; and

(c) establishes the rights of the Information Commissioner (the Commissioner), and also assigns to the holder of that office responsibility for monitoring and enforcing the Legislation.

Purpose

The purpose of this policy is to implement the requirements of the Legislation as far as it applies to The Sandstone Foundation SCIO (the Foundation).

Definition of Data Processing

Data processing for the purposes of this policy shall comprise any one of the following actions by the Foundation relating to an Individual’s personal data:

(a) its collection, recording, organization, structuring or storage

(b) its adaptation or alteration

(c) its retrieval, consultation or use

(d) its disclosure by transmission, dissemination or otherwise making it available

(e) its alignment or combination

(f) its restriction, erasure or destruction.

The definition applies to data however held, including paper files and computer storage systems or programs.

Statement of Policy

1. Whenever the Foundation collects and records personal data (the Data) relating to any Individual it shall make a clear statement at the time of       collection of the purpose for which the Data is to be collected, and shall not proceed without the express permission of the Individual unless:

- such permission is implicit in contractual arrangements or pre-contractual negotiations; or

- if such processing is necessary for compliance with a legal obligation to which the Company is subject.

2. The Foundation shall not collect:

- special category data as defined in the Legislation, such as data relating to race, religious beliefs or ethnicity; or

- data relating to criminal convictions or offenses.

Right of Access

The Foundation acknowledges an Individual’s right to access his or her personal data held by the Foundation. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk.

The Foundation undertakes to respond to all reasonable data access requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).

No fee shall be charged for the response to a data access request, unless it is manifestly unfounded or excessive, or if it is a repeat request for the same data already supplied; as an alternative to charging a fee in such circumstances, the Foundation may elect not to comply with the request.

The Foundation shall require someone requesting access to Data to prove their identity before such Data is supplied.

Rights of rectification

The Foundation acknowledges an Individual’s right to have incomplete or incorrect Data completed or rectified. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk.

The Foundation undertakes to respond to all reasonable requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).

No fee shall be charged for the response to a rectification request, unless it is manifestly unfounded or excessive, or if it is a repeat request for data already completed or rectified; as an alternative to charging a fee in such circumstances, the Foundation may elect not to comply with the request.

The Foundation shall require someone requesting data completion or rectification to prove their identity and to prove the accuracy of the data which they wish the Foundation to record before taking action.

Right of erasure

The Foundation acknowledges an Individual’s right to request that Data relating to them be erased. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk

The Foundation undertakes to respond to all reasonable requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).

No fee shall be charged for the response to an erasure request.

The Foundation shall in all cases require that someone requesting that Data relating to them be erased must prove their identity before the Data is erased, and also to provide a valid reason for the request.

The Foundation recognizes the following valid reasons for requesting the erasure of Data:

  • the personal data is no longer necessary for the purpose which it was collected
  • the Foundation relied on the consent of the Individual for the recording of data, and the Individual has withdrawn such consent
  • the Foundation believed that it had a ‘legitimate interest’ to record the Data, but an Individual has objected to the processing of their data, and internal review establishes that such legitimate interest is inapplicable
  • the  Foundation is holding the Data for direct marketing purposes, and the Individual has objected
  • it can be proven that the Foundation has recorded the personal data unlawfully
  • there is a legal obligation other than the Legislation which require the Data to be deleted.

In accordance with the Legislation the Foundation shall not erase Data when requested if any of the following applies:

  • the request is manifestly unfounded or excessive
  • the Data must remain recorded in order that the right of freedom of expression and information may be exercised
  • there is a legal obligation on the Foundation to maintain the Data
  • for the performance of a task carried out in the public interest or in the exercise of official authority;
  • where the Data is required for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
  • where the Data is required for the establishment, exercise or defense of legal claims upon the Foundation.

When Data is erased in response to a request, it shall be deleted from Live systems only. Any request to delete such data from backup files not in current use is considered to be excessive and will not be complied with unless the Requestor can supply a valid reason why this constitutes an unwarranted risk to him or her.

Right to restrict the use of data

The Foundation acknowledges an Individual’s right to request that Data relating to them not be used by the Foundation, without the requirement that it be deleted. Requests may be made either by mail to the Foundation’s registered office or by email to: info@sandstonefoundation.co.uk.

The Foundation undertakes to respond to all reasonable requests within the time-frame set out in the Legislation (generally within one month of receipt of the request).

No fee shall be charged for the response to such a request.

The Foundation shall in all cases requires that someone requesting that Data relating to them not be used must prove their identity before the Data is erased, and also to provide a valid reason for the request.

The Foundation undertakes not to use stored Data unless:

  • the Individual’s consent to reinstate processing of the Data has been received
  • such data must be processed for the establishment, exercise or defense of legal claims
  • such data must be processed for the protection of the rights of another person (natural or legal)
  • such data must be processed for reasons of important public interest.

The Foundation acknowledges an Individual’s absolute right to request that his/her Data not be used for direct marketing purposes, and will implement such request promptly after receipt.

Other rights

The Foundation acknowledges the following rights in the legislation and draws Individuals’ attention to them:

  • the right of an Individual to request that Data relating to him/her and held by the Foundation be transmitted directly to a third party, subject to restrictions, possible fees and exceptions
  • the right of an Individual to object to the use of Data relating to them in automated decision making and profiling, subject to restrictions, possible fees and exceptions.

Where Data will be held

Data may be held in or transferred to the UK, Switzerland, any EU or EEA country and any other country for which a ’finding of adequacy’ has been made under the GDPR (qv).

The ICO

The Foundation is exempt from registration with the UK’s Information Commissioner’s Office.

V 1 24-03-2023

Our Sponsors

If you would like to know more about our sponsors, or how you or your business could become a sponsor, please get in touch.

Get in touch 
Sandstone Communications SACU Vango Moto Joe Filsell Wealth
School visit with bike in foreground

Donate or book

Encouraging the development of the life skills which young people will require whatever career they choose

The charitable objective of the Sandstone Foundation SCIO is 'to advance the education (including social and physical training) of young persons (below the age of 25)'. If you want to donate to our charitable efforts, or if you want to explore the opportunity of booking a visit to your school or college, please get in touch.

Get in touch today