RPF's Data Protection Policy
DATA PROTECTION POLICY
General Data Protection Regulations 2018
The General Data Protection Regulations (GDPR) are in effect from 25 May 2018. Raeburn Place Foundation (RPF) works to these regulations as a matter of course. The regulations protect a data subject (any individual on whom data is held) from unlawful processing of data, and gives right of access to that data.
GDPR has replaced the Data Protection Act 1998.
Under the new regulations, essentially all aspects of handling data qualify as processing. Any data user involved, for example, in the collection, storage, retrieval, alteration, destruction or erasure of data will need to work within the requirements of the GDPR. In addition, the definition of data is no longer restricted to automatically processed information but also includes manual records.
GDPR ensures that data is collected and handled with the express permission of individuals. It ensures that data is kept on file only for the purposes it has expressly been granted for and that once that purpose, or purposes, has ended, the data will be destroyed. In addition, it ensures that data will be kept confidential and stored appropriately and safely. Finally, it ensures that individuals are able to gain access to their data and ask for it to be destroyed.
Raeburn Place Foundation Policy
RPF takes its management of personal data seriously. We hold data on individuals and organisations for the express purpose of fulfilling our charitable objectives, which are the advancement of public participation in sport and the advancement of heritage.
RPF recognises the public’s expectation that their personal information will be handled in accordance with the law.
RPF regards the lawful and correct treatment of personal information as important to successful operations and to maintaining the confidence of those people we deal with.
RPF fully endorses and will adhere to the eight principles of the GDPR.
- Only collect, store and use data about individuals whose interests we believe align with our charitable objectives. Such data will only be collected for valid purposes that will be clearly explained to the individual concerned. Such purposes generally include research and communication, but may also include compliance with any legal requirements.
- Ensure we are explicit in telling individuals what their data will be used for and, once that purpose has lapsed, destroying that data.
- Ensure that individuals are able to see what data is held about them, request amendments to their data records and, if required, ask for their data to be destroyed, as long as the latter does not impact on RPF’s ability to comply with its legal requirements. Requests should be made by emailing firstname.lastname@example.org or writing to RPF, c/o Henderson Loggie, 11-15 Thistle Street, Edinburgh, EH2 1DF, and RPF will respond within no more than one calendar month.
- Not share data with third parties, other than specified above (for database storage) or as required by law.
Your right not to hear from us
If you receive our e-bulletins, you can stop receipt of these at any time by using the ‘unsubscribe’ button that is included at the bottom of every communication we send out in bulletin format.
If you would prefer not to hear from us by any method, please email email@example.com, or write to RPF, c/o Henderson Loggie, 11-15 Thistle Street, Edinburgh, EH2 1DF, and request that we no longer contact you. Your wishes will be implemented immediately.
This policy may be updated from time to time, as required to comply with any changes in data protection legislation. Such changes will be announced through our website and our social media channels.