Privacy Policy

GDPR Policy (Version 1 .1 January 2022)
Susie Shaw – CEO
Review Date: December 202 2

Data Protection Policy

Mind Over Cancer is committed to respecting and protecting personal data of our clients and organisations with whom we work, and our own team.

If we do collect data, we are honest about why we are collecting it and ensure that we are doing so within the data protection laws including the General Data Protection Regulations (GDPR).

We will not provide data to any third parties without obtaining consent.

We will use a Safe File Transfer Protocol (SFTP) site when sending data or use password protected or zipped files.

We will ensure that we record contact details in one place only and this will be password protected.

GDPR is the law which replaced the Data Protection Act 1998. The GDPR is in place to regulate the storage and use of personal data by organisations operating within the European Union.

The GDPR gives strengthened legal rights to individuals with the intention of protecting them against misuse of information stored by organisations. Those who record and use personal data must adhere to the data protection principles as these set out the main responsibilities for organisations and are a legal obligation under the GDPR.

Definitions

Personal Data

Any information which relates to an individual who could be directly or indirectly identified from that data- this includes name, address and contact details but could also include two or more non-specific pieces of information that when combined could identify specific individuals.

Special Category Data

Special Category data consists of information related to race, ethnicity, political views, religious beliefs, mental and physical health or condition, sexual life, criminal offences and trade union involvement. Genetic and biometric data are also included where they are processed to uniquely identify an individual. Special category data is of a confidential nature and needs to be treated with even greater care than other personal data.

Data Subject The data subject is the individual which particular data is about.
Data Controller The data controller is the organisation in charge of the collection and use of personal data. Mind Over Cancer is a data controller.
Data Processor

The data processor is an organisation other than the data controller which processes the data on behalf of the data controller.

GDPR Principles

Principle 1: Lawfulness, fairness and transparency

Definition: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals.

  1. When collecting personal data we will ensure that we explain what we will use the data for.
  2. If we intend to use the data for any other use other than that agreed by our clients, we must seek their further permission to do so.
  3. We must have a lawful reason for using an individual’s data
  4. We will never communicate with our clients collectively
  5. We will treat our client’s data as our own and afford it the same level of security

Principle 2: Limitations

Definition: When collecting personal data it must be done so for specified, explicit and legitimate purposes and individuals must be aware of how we will process their personal data.

  1. Ensure we always have a specific reason for collecting data and use this data for the specified purpose only.
  2. Ensure we always maintain clients details up to date with any contact preference recorded.
  3. We will never collect any irrelevant information that we won’t use.

Principle 3: Data Minimisation

Definition: We are only allowed to hold adequate and relevant data on an individual’s record and this is limited to what is necessary in relation to the purposes that it is stored

  1. Ensure we always have a specific reason for collecting data and use this data for the specified purpose only.
  2. Ensure we always have client’s details up to date with any contact preference recorded.
  3. We will never collect irrelevant information that we won’t use.

Principle 4: Accuracy

Definition: We are responsible for making sure that all personal data we store is up to date and accurate.

  1. We will update records when needed without delay.
  2. We will ensure that all details are recorded correctly and accurately when changes are made.
  3. We will maintain up to date records at all times.
  4. We will ensure that we record contact details in one place only.

Principle 5: Storage

Definition: We are responsible for making sure that all personal data we store is up to date and accurate.

  1. Personal data will only be kept for as long as we have a use for it.
  2. We will shred/securely dispose of any data that is no longer needed.

Principle 6: Integrity & Security

Definition: We must ensure that we have the appropriate security measures in place to prevent the personal data we hold from being accidentally or deliberately compromised. This includes unlawful processing, accidental loss, destruction of, or damage to.

  1.  We will not provide data to any third parties without obtaining consent.
  2. We will use a Safe File Transfer Protocol (SFTP) site when sending date or use password protected or zipped files.
  3. We will ensure that we record contact details in one place only and this will be password protected.
  4. We will shred/securely dispose of any data that is no longer needed.
  5. We will ensure any paper copies of information are locked away
  6. We will always carry out identification checks before providing information
  7. We will check addresses before posting mail – both letter and electronic formats
  8. We will use a tracked service if personal data is being sent in the post
  9. We will check that we are talking to the correct person on the telephone
  10. We will ensure that personal passwords are kept safe and secure
  11. We will report any data breaches to the Board of Trustees

Principle 7: Accountability and Governance

Definition: Mind Over Cancer are responsible for and are able to demonstrate compliance with the principles above.

  1. We are all responsible for keeping personal data secure and processing it in a lawful manner.
  2. For ensuring that we remain up to date with the GDPR policy as amended.
  3. We will raise any questions around this policy to the Board of Trustees

 

Keep in touch