top of page

PRIVACY POLICY

Effective Date: 11/04/2025
Next Review Date: 01/04/2026

 

1. Purpose

The purpose of this policy is to outline Sustainable Overton’s commitment to complying with the General Data Protection Regulation (GDPR) and to detail the procedures for handling personal data. This policy aims to protect the rights of individuals and ensure the proper use of personal data in all aspects of the charity’s work.

 

2. Scope

This policy applies to all employees, volunteers, board members, and third-party service providers who handle personal data on behalf of Sustainable Overton.

 

3. Policy Statement

Sustainable Overton is committed to protecting the privacy and security of personal data. We will process personal data fairly, transparently, and in accordance with GDPR requirements.

4. Definitions

  • Personal Data: Any information relating to an identified or identifiable person (data subject), such as names, contact details, and demographic information.

  • Processing: Any operation performed on personal data, including collection, storage, use, and sharing.

 

5. Legal Basis for Processing Personal Data

Sustainable Overton will ensure that personal data is processed based on one or more of the following legal bases:

  • Consent: The data subject has given clear consent for Sustainable Overton to process their personal data for a specific purpose.

  • Contractual necessity: Processing is necessary for the performance of a contract with the data subject.

  • Legal obligation: Processing is necessary for compliance with a legal obligation to which Sustainable Overton is subject.

  • Legitimate interests: Processing is necessary for the purposes of legitimate interests pursued by Sustainable Overton or a third party, except where such interests are overridden by the interests or fundamental rights of the data subject.

 

6. Data Subject Rights

Sustainable Overton recognizes and upholds the following rights of individuals under GDPR:

  • The right to be informed about how personal data is used.

  • The right of access to personal data held by Sustainable Overton.

  • The right to rectification of inaccurate personal data.

  • The right to erasure (the "right to be forgotten") under certain conditions.

  • The right to restrict processing under certain conditions.

  • The right to data portability.

  • The right to object to processing based on legitimate interests or direct marketing.

7. Data Collection and Use

  • Personal data will be collected only for specified, legitimate purposes and will not be further processed in a manner incompatible with those purposes.

  • Data will be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

  • All personal data collected will be kept accurate and up to date.

 

8. Data Retention

  • Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, in accordance with legal and regulatory requirements.

  • Data retention periods will be documented, and personal data will be securely deleted when no longer needed.

 

9. Data Security

  • Sustainable Overton will implement appropriate technical and organizational measures to ensure the security of personal data against unauthorized access, loss, or destruction.

  • Staff and volunteers will be trained in data protection and will be required to follow established security protocols.

 

10. Data Breach Procedures

  • In the event of a data breach, Sustainable Overton will follow established procedures to assess the breach, mitigate risks, and notify the relevant authorities and affected individuals as required by GDPR.

 

11. Third-Party Data Processors

  • Any third-party service providers processing personal data on behalf of Sustainable Overton must comply with GDPR requirements and have appropriate data protection measures in place.

  • Written agreements will be established with third-party processors to ensure compliance with data protection obligations.

 

12. Monitoring and Review

  • All data held will be subject to an annual data audit.

  • This policy will be reviewed annually to ensure ongoing compliance with GDPR and effectiveness in protecting personal data.

  • Feedback from staff, volunteers, and stakeholders will be considered in the review process.

 

13. Contact Information

For any questions or concerns regarding this policy or data protection practices, please contact the Chair of the Trustees.

bottom of page