Data Protection Policy

1. Introduction

We Hold A Hand is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our approach to collecting, storing, processing, and sharing personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Purpose

The purpose of this policy is to:

  • Ensure lawful, fair, and transparent processing of personal data.
  • Protect the rights and privacy of individuals whose data we collect.
  • Maintain security and confidentiality in data handling.
  • Prevent unauthorized access, disclosure, or misuse of data.

3. Scope

This policy applies to:

  • All employees, volunteers, contractors, and third parties who handle personal data on behalf of We Hold A Hand.
  • All personal data collected from service users, donors, partners, therapists, freelancers, and other stakeholders.
  • Data in all forms, including electronic, paper, and verbal records.

4. Principles of Data Protection

We adhere to the following key data protection principles:

  • Lawfulness, Fairness, and Transparency: Data must be processed legally and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
  • Data Minimization: Only necessary data is collected and retained.
  • Accuracy: We ensure data is accurate and kept up to date.
  • Storage Limitation: Data is stored only for as long as necessary.
  • Integrity and Confidentiality: Data is processed securely to protect against unauthorized access or loss.

5. Data Collection and Use

  • Personal data is collected for purposes such as service provision, event registrations, marketing, donor management, and internal operations.
  • We obtain consent before processing personal data, where required.
  • Data may be shared with trusted third parties, but only when necessary and in compliance with this policy.

6. Data Security Measures

  • Encryption and secure storage of personal data.
  • Restricted access to personal data based on role and necessity.
  • Regular security audits and staff training on data protection.
  • Secure disposal of data when no longer required.

7. Data Subject Rights

Individuals have the right to:

  • Access their personal data.
  • Request correction or deletion of inaccurate data.
  • Withdraw consent where applicable.
  • Object to data processing under certain conditions.
  • Request data portability to another service provider.

8. Data Breach Management

  • Any data breach will be reported to the Data Protection Officer (DPO) immediately.
  • Affected individuals and regulatory bodies will be notified where required.
  • Measures will be taken to investigate and mitigate further risks.

9. Compliance and Monitoring

  • Compliance with this policy is mandatory for all staff and volunteers.
  • Regular reviews and updates to this policy will be conducted to ensure compliance with evolving regulations.

10. Contact Information

For any data protection inquiries, please contact:

Data Protection Officer Name: Fefe Alalade
Email: support@weholdahand.com

By engaging with We Hold A Hand, individuals acknowledge and consent to our data protection practices as outlined in this policy.