At Roundabout we are committed to protecting and respecting your privacy. This policy explains when and why we collect personal data about people who visit our website or contact us through the Roundabout contact centre, how we use it and how we keep it secure. The processing of personal data is governed by the General Data Protection Regulation (GDPR) (Regulation EU 2016/679). Personal data is information about a living individual which is capable of identifying that individual
Who are we?
The primary charitable objective of Roundabout is the relief of poverty by reusing donated furniture, equipment and effects and distributing the same to such persons who are in conditions of financial need, hardship and distress within the area of Gloucestershire, Worcestershire and Warwickshire.
Our supporters help us to achieve our objective in a variety of ways, primarily by donating furniture and other items or purchasing donated furniture for sale in our Roundabout shop in order to support our programme of relieving hardship or by volunteering within the Roundabout organisation
How do we collect information from you?
We obtain personal data about you when you contact Roundabout through our web site or you contact us through our contact centre in order to arrange a donation of furniture items or you register as a referral agent or you are referred to Roundabout via a referral agent acting on your behalf. We also collect personal data from customers in order to arrange the delivery of their purchases.
We also collect personal data from our employees, volunteers and trustees.
What type of information is collected from you?
The personal data we collect might include your name and home address, e-mail address, collection/delivery address if different from your home address and telephone contact number and whether you are a tax payer for Gift Aid purposes. If you make a card donation or purchase from us your credit/debit card information is not held by us, it is collected by our third party payment processor who specialise in the secure online capture and processing of credit/debit card transactions.
In relation to employees and volunteers we ask for next of kin details and we may request details of any medical conditions for reasons of preventative or occupational medicine.
We will not collect any personal data from you if it is not relevant to our service provision.
How is your information used?
We use your personal data to enable Roundabout to achieve its charitable objectives and for administrative purposes.
We may use your personal data in order to keep a record of donations made to Roundabout or a record of referral agents and records of furniture referrals and the recipients of this furniture. We may use your personal data in order to process a sales delivery or your personal data may be included in a gift aid submission to HMRC.
We use personal data to complete employee, volunteer and trustee records. We may use your personal data to process a job application and if appropriate a disclosure and barring service check.
Occasionally, Roundabout may rely on other legal bases to process your information such as to protect a user’s vital interests (such as where there is a risk of imminent harm) or to comply with a legal obligation.
We keep your personal information only for as long as required to operate our service in accordance with legal requirements and tax and accounting rules, for example we will keep a record of donations subject to gift aid for at least 6 years after the end of the accounting period they relate to in order to comply with HMRC rules.
Where your personal data is no longer required we will ensure the information is removed from our data base in a secure manner and any paper records destroyed.
Who has access to your information?
Your personal data supplied to Roundabout will be treated as strictly confidential.
Roundabout will not share your personal data with third parties.
Roundabout will not sell your personal data for marketing purposes.
All the personal data we obtain is processed by our trained staff in our contact centre or administration department who handle the data securely through our password protected bespoke data base.
Your rights and your personal data
You have the following rights in respect of your personal data provided to Roundabout.
The right to request a copy of your personal data which the Data Controller (Roundabout Manager) holds about you.
The right to request that the Data Controller corrects any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for the Data Controller to retain such data.
The right to withdraw your consent to the processing of personal data at any time. The right to erasure is not an automatic right where processing is based on legitimate interest although the individual will still have the right to object to the processing of their personal data.
The right where there is a dispute in relation to the accuracy or processing of your personal data to request a restriction is placed on further processing.
In the event that you are dissatisfied with the response from the Data Controller you may complain to the Information Commissioners Office telephone 0303 123 1113 or write to the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Lawful grounds for processing personal data
In relation to Employee and Volunteer records and we will seek to obtain explicit consent if the personal data to be processed is special category ‘sensitive’ data.
All other personal data is processed using the provisions of Article 6.1(f) of the GDPR regulations which refers to legitimate interest where the data controller considers it is a reasonable expectation of the service user to expect the processing of their data to take place in order that Roundabout can provide the best and most secure service.
When we process your personal information for our legitimate interests we make sure to consider and balance any potential impact on you as a service user and your rights under the general data protection regulations. Our legitimate interests do not automatically override your interests.
Roundabout Data Retention Policy
The General Data Protection Regulation sets up additional requirements around retention of personal data. The need to retain personal data varies widely. It is possible to delete some personal data immediately and some personal data must be retained until reasonable potential for future need no longer exists.
The purpose of this policy is to specify the guidelines for retaining different types of personal data. Some personal data must be retained in order to protect the organisations interests and conform to good business practices or to conform to regulatory requirements. In relation to personal data connected to some aspects of Governance there is a requirement to retain such data in order to comply with the Charity Commission requirements.
Below are examples of the types of records containing personal data Roundabout might have, listed under different functions performed by the organisation. This list is not exhaustive.
Governance
Trustee membership
Minutes of governing bodies
Constitution
Charity Commission reports
Roundabout Annual Reports
Membership records
Correspondence (including emails)
General administrative documents (day to day management and governance)
Policies
Finance and Resources
Donor personal data
Sales personal data
Referral Agent personal data
Referral recipient personal data
Annual accounts
Fundraising appeals, accounts, and literature
Staff and work
Personnel files for members of paid staff and volunteers
Salary records
Pension records
Publications Newsletters/magazines
Press releases
Records from events including: publicity material and photographs
Papers from founders, donors, officials, users or volunteers (if they provide useful additional information on the organisation’s history and governance).
Retention Guidelines
Statutory
All financial records which contain personal data will be retained for a minimum of 7 years
Roundabout will retain personal data such as accident records/reports for three years after the last entry.
Roundabout will retain Trustee/Director minutes of meetings and decisions made as resolutions in writing for a minimum period of 10 years from the date of the meeting or from the date of passing a resolution in writing
All trust deeds and rules will be retained permanently
Trustees annual accounts and annual reports will be retained permanently
Employer’s liability insurance certificates will be retained for a minimum of 40 years
Non Statutory
Broad operational personal data including donor personal data, sales personal data, referral agent personal data, referral recipient personal data where there are no HMRC or other financial implications will be retained for a period of 3 years. Where there has been no further contact the personal data will be deleted.
Employee personal files and training records (including disciplinary records) will be retained for a minimum period of 6 years after employment ceases.
Volunteer personal data will be held for the duration of the person’s volunteering activity and then for 1 year after the time the person has ceased to be a volunteer.
Destruction
Paper records for destruction shall be shredded using a cross-cut shredder.
Electronic
o Electronic Media (physical disks, tape cartridge, CDs, printer ribbons, flash drives, printer and copier hard-drives, etc.) shall be disposed of by one of the methods:
o Overwriting Magnetic Media – Overwriting uses a program to write binary data sector by sector onto the media that requires sanitization
o Degaussing – Degaussing consists of using strong magnets or electric degaussing equipment to magnetically scramble the data on a hard drive into an unrecoverable state
o Physical Destruction – implies complete destruction of media by means of crushing or disassembling the asset and ensuring no data can be extracted or recreated