Introduction

The Smile for Georgie Foundation (the “Trust”) treats your privacy rights seriously. To comply with enhanced data protection requirements under the General Data Protection Regulation (“GDPR”), which became effective 25 May 2018, this Privacy Policy sets out how the Trust will deal with your personal data, ie information that identifies and relates to you.

What information the Trust collects

The Trust only collects the minimum amount of personal information about you that befits the prevailing circumstance. Normally this will comprise:

  • Name
  • Telephone number
  • Email address

This information is used to keep you updated on events and activities.

On occasions, but only with your prior permission and with an undertaking of confidentiality from the Trust that such data will only be used for the purpose intended, the Trust will collect other personal details to support the Trust’s fundraising activities. Such information will include date of birth, medical conditions, passport details, etc.

Disclosing and sharing data

The Trust does not share personal information externally other than for the purpose intended.

How the Trust collects information

The Trust only collects information that has been made available to it on a voluntary basis either verbally, in writing or via the Trust’s website.

Keeping your information safe

The Trust ensures your information is secure and looked after in accordance with best practice. Unless authorised by you, your personal data will be retained for a maximum period of 2 years on a password protected computer.

After 2 years, because of the possible requirement to refer to it for legal reasons or otherwise, your personal data will be transferred to a USB memory stick and locked in a secure safe at the Trust’s Registered Address.

Cancelling consent

If you decide you no longer want the Trust to contact you or hold any level of personal data, please email [email protected] and your data will be completely deleted from the Trust’s records.

This Privacy Policy is available on the Trust’s website www.smileforgeorgie.org.gg. However, the Trust may change this Privacy Policy from time to time. Any significant changes in the way your personal information is handled will be made clear on the Trust’s website or by contacting you directly.

This policy is written in accordance with the General Data Protection Regulation (EU) 2016/679, commonly referred to as GDPR. If you have any questions, comments or suggestions, please contact [email protected].

Data Protection Principles

Introduction

This document has been produced following the introduction, with effect from 25 May 2018, of enhanced data protection regulations throughout the European Union as specified within the General Data Protection Regulation, commonly referred to as GDPR. It sets out the general principles of data protection and how the Smile for Georgie Foundation (the “Trust“) applies them.

Policy Statement

The Trust is committed to providing you with a secure, safe and user-friendly experience whether your dealings with the Trust are as a beneficiary of the Trust’s grant distribution programme, fundraiser, supplier, the media or in any other capacity whatsoever.

Who We are

The Smile for Georgie Foundation
Charitable Trust registered in Guernsey, Charity No: CH577
Member of the Association of Guernsey Charities

Trustees (as at 1 March 2019):

Sarah Walsh
Peter le Cheminant
Annabel Le Prevost
Louise Kelly
Jennifer Le Prevost

Contact Details:

Email: [email protected]
Telephone: 01481 239095
By post to registered address below

Registered Address:

Fernbury
La Croute Lane
St Martins
Guernsey
GY4 6QE

Why Information is collected

Personal data is maintained for contact with:

  • Organisations who benefit from our grant-giving programme
  • Fundraisers
  • The Media
  • Individuals in the normal course of our business

The Trust does not collect data, either through our website or by other means, for the purposes of selling.  The information collected through our website is via an enquiry form which sends an email to [email protected].

Data Protection Policy

As with all organisations in the Bailiwick of Guernsey, and indeed elsewhere, which hold personal data on individuals it is necessary for the Trust to adhere to the relevant rules and legislation in force from time to time to ensure suitable protection is provided to individuals.  These individuals are generally known as Data Subjects, in respect of sensitive and confidential personal data held by the Trust for legitimate reasons.

This document sets out the general principles of the Data Protection Law, and their relevance in the context of the Trust and the procedures under which the Trust and its Trustees will handle and collate personal data when required to do so.

The Trust has nominated Jennifer Le Prevost as the Trustee responsible for this Policy, with oversight of the operation of the data handling procedures as outlined hereunder

It should be noted that any breaches arising under these procedures at any time, whether by mistake, advertent or inadvertent must be immediately reported to Jennifer Le Prevost to consider any corrective action required and onward reporting if appropriate.

Responsible Trustee: Jennifer Le Prevost
Telephone: 01481 239095
Email: [email protected]

Please take note that a separate document sets out in concise terms the Trust’s Privacy Policy, which is available on request and on our website www.smileforgeorgie.org.gg.

This Data Protection Policy has been agreed by all Trustees of the Trust and is effective from 25 May 2018.

Data Protection Principles

The over-riding principles of Data Protection in simple terms equate to:

  • Keep data secure;
  • Only hold personal data for a specific purpose and use it only for that purpose;
  • Ensure the data subjects are aware of what the personal data is being used for, and allow them free access on request;
  • Permit access on a need-to-know basis;
  • Keep the data up to date and accurate; and
  • Maintain the data as long as only necessary and then destroy the data (unless there are over-riding reasons that apply).

The following information contains the Personal data that is held at any time:

  1. Name
  2. Email address
  3. Telephone no

In certain circumstances, where more details personal data is required for legal, medical, travel or insurance purposes, some or all of the following information will be held by the Trust:

  1. Date of birth
  2. Passport details
  3. Allergies
  4. Medical conditions

All such personal data is subject to correct handling by the Trust.  Always and in general terms, the following principles will be remembered and complied with:

  1. Data Processing – must be lawful, transparent and fair;
  2. Purpose – data must only be held for the required purpose and cannot be used for any other purpose;
  3. Accuracy – data should be kept up to date as is possible and either rectified or deleted when no longer required or appropriate;
  4. Data Security – data is to be held with access on a need-to-know basis only in a securely protected environment;
  5. Data Minimisation – the minimum amount of personal information should be held for the specific purpose required and must be relevant to that specific purpose;
  6. Data Retention – data should be retained no longer than is necessary;
  7. Data Breaches – in the event of a breach of data security, this will be reported to the Responsible Trustee who will determine the action that needs to be taken, which may involve change of data handling procedures, training and if deemed appropriate, a report to the Data Protection Commissioner; and
  8. Accountability – the Responsible Trustee must demonstrate adherence to rules at all times, if required to do so.

Data Handling Arrangements

Unless authorised in advance personal data is not shared outside the Trust.

Data Subject Requests

Under the Data Protection law each Data Subject is entitled to request copies of their personal data held by the Trust.

The Trust is obliged to provide copies of the relevant data within one monte of the request being received.

Data Subject leaving the Trust

An over-riding principle of the Data Protection Law is for Data Controllers to hold individual data for the specified purpose only and for only as long as required to meet the requirements of the Trust.  The data subject may request that their data is destroyed.

Data Breaches

Certain types of data breach must be reported to the Data Protection authorities in Guernsey (the Data Protection Commissioner), but is only required in cases where the breach could result in damage to reputation, loss of confidentiality discrimination or social disadvantage.  The responsible officer will make the determination on a case by case basis.

The Data Protection Commissioner will also handle any complaints raised by a Data Subject on the handling by the Data Controller of any personal data held on that individual.

Data Processor

The Trust does not currently use or have a requirement for a separate Data Processor to process the personal data held on individuals.

Information Provided to Data Subjects

Data Protection Law requires certain information to be given to Data Subjects so that those Data Subjects are kept properly informed on relevant matters.  The salient point to remember is that the Data Subjects have rights of access to and security of their personal data, and can request access to their data, make formal complaints about the handling of their data and when no longer required, have the right for their data to be deleted (the Right to be Forgotten).

Trust Responsibility

The Trust acknowledges the incumbent responsibilities in connection with the processing and holding of personal data as required under Data Protection Law.

This Policy will be reviewed on a regular basis and amended in light of changes in Data Protection Law or general practice.

Jennifer Le Prevost
Trustee
May 2018