DS Achieve Privacy policy

Introduction

Your information is very important to us and we look after your information carefully in line with data protection and privacy laws.

This Privacy Policy applies to information that we, DS ACHIEVE collect about individuals who interact with our organisation. It explains what personal information we collect and how we use it. 

By accessing and using our services, you are agreeing to the terms of this privacy policy and to our cookie policy.

Please note that this policy does not cover companies, services or applications that we do not own or control, or people that we do not employ or manage, including (without limitation) third party websites or applications/widgets (e.g. from social media platforms such as Facebook, Twitter or Whatsapp) which we link to or offer via our Services, nor does it cover advertisers.

In addition, it does not cover certain pages and services provided via our Services which are hosted, managed and operated by other parties. These services, applications and third parties may have their own privacy policies and/or terms and conditions of use, which we recommend you read before using any such services. These third parties and services are wholly independent of us and are solely responsible for all aspects of their relationship with you and any use you may make of such services.

If you have any comments, concerns or questions about this notice, feel free to contact us at info@dsachieve.org

If you are unhappy with how we have used your data, you can also complain to the ICO.

The ICO’S contact details are as follows:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

ICO Helpline: 0303 123 1113

ICO Website: https://www.ico.org.uk

Personal data that we process

We, DS ACHIEVE, are a ‘data controller’ and a ‘data processor’ for the purposes of the EU General Data Protection Regulation 2016/679 and The Data Protection Act 2018. This means that we are responsible for deciding what personal information we need to collect from you, how we will store it and how we will use it.

Some processing requires the use of external partners who fully comply with current regulations.

The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed

Please note that owing to the nature of the work carried out by DS ACHIEVE, information referred to in the above table will also include information relating to children. DS ACHIEVE are aware of their responsibility towards children when processing their personal data. Any data held on children will primarily be in relation to the attendance of the Little Achievers and Young Achievers groups where the legal basis for data processing is legitimate interest. Images of children will be gathered through parental consent. DS ACHIEVE takes responsibility for identifying the risks and consequences of the processing of children’s data and puts age appropriate safeguards in place. 

Consent for processing personal information may be required for children age 12 or over. When parents provide express consent to us we presume they have the authority of their child to share their data (if appropriate). In some circumstances we may seek to obtain express consent from a child as well as their parent before processing their data.

How we use your data

We will only use your data in a manner that is appropriate to the basis on which that data was collected, as set out in the table at the top of this policy. 

For example, we may use your personal information to:

  • Reply to enquiries you send to us;

  • Handle donations or other transactions that you initiate; 

  • Ensure the effective delivery of our services;

  • Where you have specifically agreed by ‘opting in’, we may send you marketing communications by email relating to our work which we think might be of interest to you.

When we share your data

We will only pass your data to third parties in the following circumstances:

  • You have provided your explicit consent for us to pass data to a named third party; 

  • We are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or

  • We are required by law to share your data. 

In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation. 

How long we keep your data

We take the principles of data minimisation and removal seriously and have internal processes in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data in line with legislative requirements, unless required to retain it by law.

Where data is collected on the basis of consent, we will seek renewal of consent at least every three years

Keeping your data safe

We endeavour to take all reasonable steps to protect your personal information. Please always think carefully before disclosing information to other users or otherwise making your information publicly available. It is important that you are aware that any information you disclose to another user may then be disclosed by that user. We have no responsibility or control over the contents of communications made between users of our Services.

You should also be aware that communications over the internet (such as emails) are not secure unless they have been encrypted. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

All data that we hold is kept online, on a secure drive that has restricted access. Only the Trustees of DS Achieve and relevant members of staff have access to parts of the drive relevant to them. Minimal paper records of personal data are held. Those that are held are kept securely.

Rights you have over your data

You have a range of rights over your data, which include the following:

  • Where data processing is based on consent, you may revoke this consent at any time and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the bottom of all our marketing emails). 

  • You have the right to ask for rectification and/or deletion of your information. 

  • You have the right of access to your information. 

  • You have the right to lodge a complaint with the Information Commissioner if you feel your rights have been infringed. 

A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/

If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us at info@dsachieve.org

Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible. 

Cookies & usage tracking

In common with many other online services, we and our authorised third parties may use ‘cookies’ and/or other tools to store and sometimes track information about you. For more details about what cookies are, the cookies that we use and how to disable them, please see our cookie policy.

Modifications

We may modify this Privacy Policy from time to time and will publish the most current version on our website – www.dsachieve.org. If a modification meaningfully reduces your rights, we will notify those people whose personal data we hold and who will be affected.

Version 6.0 June 2023