The HACSG is committed to ensuring that your personal data is processed fairly and lawfully, is accurate, is kept securely and is retained for no longer than is necessary.This “Privacy Notice” sets out what data we collect, how we process it and who we may share it with and why.It also explains your rights with respect to the Personal Data that we may collect from you; that is data that identifies you as an individual or from which you may be identified.
Why do we need this Privacy Notice?On the 25th May 2018 the General Data Protection Regulation (GDPR) will be applicable and the current Data Protection Act (DPA) will be updated by a new Act giving effect to its provisions: 1. Processed fairly, lawfully and in a transparent manner. 2. Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes. 3. Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed. 4. Accurate and, where necessary, kept up to date. 5. Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. 6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.This Policy sets out the manner in which HACSG as a Charity will collect, process and store the personal data of families, children and other clients and how we ensure that it is processed fairly and lawfully.
Who are We and what do we do?HACSG was founded in 1977 and is a registered charity, the main aim of the HACSG is to provide help, information and ideas for a Nutritional, Dietary approach for Hyperactivity/ADHDproviding a number of online resources via its website , downloadable information, printed publications, information packs and nutritional testing services. The charity is based in Chichester and can be contactedat:HACSG, 71 Whyke Lane, Chichester, West Sussex, PO19 7PD Or by email to: firstname.lastname@example.org Or by telephone: 01243 539966 (Mon – Fri 1430 -1630)Who in the Charity is responsible for ensuring that we meet our obligations for data protection?As a Not-for-Profit Organisation HACSG is not required to register with the “Information Commissioner’s Office” – the ICO is the Regulator in the UK for Data Protection. This, however does not absolve the Charity from the responsibility to adhere to the Principles of Data Protection and the Data Protection Lead within the Organisation is Sally Bunday, she can be contacted via the methods outlined above. HACSG contracts an external ICT Company to provide assistance and support on all aspects of Data Protection. Why do we need to hold and process your personal data? Some of the services that we provide require us to interact with you in a variety of ways. These range from the simplest example, where we need your email address if you wish to receive our quarterly newsletter, to more complex interactions such as our “Nutritional Testing” programme where we work with a reputable Laboratory. Other examples include some limited financial information where donations are made or products are purchased to allow us to fulfil the contract. HACSG may also process personal data if at least one of the following applies: In order to protect the vital interests of an individual, Where a Safeguarding issue exists. There is explicit consent, For the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity, For reasons of public interest in the area of public health, For reasons of substantial public interest based on law, which is proportionate in the circumstances and which provides measures to safeguard the fundamental rights and the interests of the data subject. HACSG may also collect “Anonymised Data” (that is data which cannot be used to identify an Individual or Individuals) for the purposes of research and publication of trends, effectiveness of interventions and techniques that achieve a general improvement in child welfare and achievement.
Users of the “Nutritional Testing” service supply the following additional information to BioLab Medical Unit: Child’s age and gender, DNA samples for testing, Family GP information, Further personal information required for accurate testing.
Consent & Children The UK Government has invoked a derogation under the GDPR with respect to the minimum age for consenting to 13. Therefore, the following applies:
Data processed for Children under the Age of 13 must be consented by a Parent or Guardian. Children aged 13 – 16 should also sign any consent forms, this is often best done jointly with a Parent or Guardian but is not necessary.
Further personal information required for accurate testing, Those taking part in this program will, with their “Express Consent” receive information from supplement suppliers. The Organisations above are “Data Processors” on behalf of HACSG and are subject to “Data Processing Agreements” that limit the processing of the data to that required by HACSG.
Your data will never be sold to any Organisation(s) and would only be passed to a Third Party assisting with the aims of HACSG with your express Consent.
How long will we retain your data?Some data such as records of financial transactions will be kept for seven years for audit and tax purposes. At HACSG our principle is not to retain any data or personal information for longer than is necessary in relation to the purposes for which it was collected. We will always be driven by best practice to ensure that Information will be held in accordance with the latest guidelines and for a period not exceeding current recommendations.
What are my rights regarding the data you hold about me? Under GDPR (the new regulation) you have significantly enhanced rights which include:
1. Being informed of data processing (which is covered by this Privacy Notice). 2. Accessing information (also known as a Subject Access Request (SAR)) that we hold on you. In some circumstances there can be a charge for this. 3. Having inaccuracies corrected promptly.
4. Having information that we hold about you erased except where there is a statutory or legal requirement for us to collect process or hold it. (Right to be forgotten). 5. Restricting processing of your data except where there is a contractual, statutory or legal requirement to process it. 6. Data portability where releva