Data Protection Policy

Produced November 2018, Cobseo Director of Operations

Cobseo – The Confederation of Service Charities is a company limited by guarantee, registered with Companies House under No 5098973. Our main office is Second Floor, Mountbarrow House, 6-20 Elizabeth Street, London SW1W 9RB.

Cobseo as a data controller processes the personal data of the following categories of people:

Service provider and business contacts
Individuals submitting applications for Membership of Cobseo
Individual contacts at Cobseo Membership organisations
Employees

Cobseo undertakes to collect, record, store and use such information in accordance with the General Data Protection Regulation 2016 (GDPR) and any other relevant data protection legislation.

Other Cobseo data protection policies notices give details of how the different categories of data are handled and these are all available online. All staff are trained in the principles of data protection and are required to comply with this policy.

A) DEFINITIONS

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

B) DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

1. Data processing will be fair, lawful and transparent
2. Data be collected for specific, explicit, and legitimate purposes, as noted in the individual privacy notices. Cobseo does not sell, trade or rent personal data to others.
3. Data collected will be adequate, relevant and limited to what is necessary for the purposes of processing as specified.
4. Data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay.
5. Data is not kept for longer than is necessary for its given purpose. More information can be found in the separate privacy notices and in our Data Retention Policy.
6. Data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures. All staff will receive data protection training and will be required to follow our Data Handling Policy. All third parties accessing personal data held by the Confederation will be required to accept GDPR compliant data processing conditions. More information can be found in our Information Security Policy.
7. We will comply with the relevant GDPR procedures for the international transfer of personal data.

C) DATA SUBJECTS’ RIGHTS

As noted in the individual privacy notices, people whose personal data we process have the right:

1. To be informed about the data we hold on them and what we do with it; please see the
   individual privacy notices.
2. Of access to the data we hold on them. This is called a subject access request to which we shall respond within a month, unless it is a very complex request when the law allows us up to 3 months to deal with it. We would only make a charge if the request was “manifestly unfounded or excessive.”
3. For any inaccuracies in the data we hold on them, however they come to light, to be corrected within one month. This is also known as ‘rectification’. We shall inform any third parties with whom we have shared the data of any such changes.
4. To have data deleted in certain circumstances. This is also known as ‘erasure’. We will delete data if it is no longer needed for the purpose for which it was collected; if the data subject objects to our processing the data and we have no over-riding legitimate interest in retaining it; the data has been processed unlawfully or we must erase it to comply with the law. We shall inform any third parties to whom the erasure is relevant.
5. To restrict the processing of the data, if they disagree about the accuracy of the data we hold on them or object to our intention to erase data. This may involve reducing the data we hold on the data subject. We shall inform any third parties to whom the restriction is relevant.
6. To object to direct marketing.
7. To object to our processing of data on the lawful basis of legitimate interest, unless it can be demonstrated that such legitimate interest overrides the data subject’s interests, rights and freedoms.
8. To claim compensation for damages caused by a breach of data protection legislation.
9. Make a complaint to the Information Commissioner’s Office at: ico.org.uk/concerns or 0303 123 1113.
10. If you have any queries, please contact the Director of Operations, Ian Caws on i.caws@cobseo.org.uk.

Privacy Notice for Cobseo Members and Applicants for Membership

Produced November 2018, Cobseo Director of Operations

Cobseo – The Confederation of Service Charities as data controller will collect, use and store (‘process’) information in accordance with the General Data Protection Regulation (GDPR) 2016 and any relevant UK legislation.

This privacy policy explains how we use any personal information we collect about you when you apply for Membership or contact us by phone, email, letter or when you use our website cobseo.org.uk.

If you have any queries about any of the information in this statement, please contact Cobseo’s Director of Operations, Ian Caws on i.caws@cobseo.org.uk.

Collecting Your Data

We collect information about you when you:

• Register for a website account or update your account details
• Sign up for email updates
• Contact us
• Apply for membership
• Complete surveys or provide feedback

This information may include:

• Name, role and organisation
• Contact details including email address
• Demographic information such as postcode and interests

We collect material that you proactively post or contribute to our sites and any correspondence you have with us.

We also collect information on your website usage through cookies, if your browser accepts them. For more on what cookies are or how our cookies work, click here.

Legal Basis

We will process information you give us on the basis of the legitimate interest of providing the service you are seeking or processing the application you have submitted. We may use it to help us send you relevant and timely information about the help and support that we offer.

Keeping Your Data

Cobseo will retain your data on its own database for up to seven years after our last contact with you. This will include a record of any payments or material help provided to you. For more, please see our Data Retention and Data Handling policies.

Cobseo’s database is held on Icaris. Their terms of service and privacy policy can be found on their website here: www.icaris.co.uk/privacyPolicy.html. This information will be retained for seven years.

Any payments made will be recorded in Xero; their privacy policy can be found here: www.xero.com/uk/about/terms/privacy. This information will be retained for seven years.

Other data processors used to support Cobseo’s administrative and technological functions are based in the UK.

Sharing Your Data

Cobseo will not sell your information to any third party. We may share your information with third parties where we have legal duty to do so or to provide you with a service you have asked for. We may share your data with:

• Companies and organisations which we engage to deliver goods or services to you.
• Statutory bodies as required by law.
• In order to verify Service in the Armed Forces, an individual’s name, rank and service number may be checked with the relevant department in the Ministry of Defence (MoD).
• Sometimes we will seek further information about your service record from the MoD in order to know whether other military charities are able to help you.

Your Rights

You have the right to:

• Receive a copy of the personal data held by any of the data controllers.
• Object to processing of your personal data.
• Have corrected or deleted any errors in your personal data.
• Ask that your data be erased subject to any statutory or legal requirements placed on the data controller.
• Ask that the processing of your data be restricted, if you disagree about the accuracy of the data the controller holds or you object to the controller’s intention to erase your data.
• Claim compensation for damages caused by a breach of data protection legislation.
• Make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/concerns or 0303 123 1113.