The Shar Pei Rescue of Great Britain (SPRGB) respects your right to privacy.
Why this policy exists
It ensures that the Shar Pei Rescue of Great Britain trust:
- complies with the data protection law
- Follows good practices protecting the rights of its volunteers trustees clients and partners
is open about how it stores and processes data
- protects its self from any data breach
The data protection act of 1998 describes how organisations, including ours, must collect, handle and store personal information. These laws apply regardless of whether data is stored electronically or on paper or any other material.
To comply with the law, personal information must be collected and used fairly, stored safely and not be disclosed unlawfully.
The data protection act is under pinned by eight important principles these say that personal information (data) must:
- be processed fairly and lawfully
- be obtained only for a specific purpose
- be adequate relevant and not excessive
- be accurate and kept up-to-date
- not to be held for any longer than necessary
- processed in accordance with the rights of bats subjects
- be protected in appropriate ways
- not be transferred outside the European economic area unless that country or territory also insures an adequate level of security and protection
Individuals that volunteer to help the Rescue by way of services including home checking transporting and assessing dogs.
Voluntary staff including trustees and group admin.
Service users – animal welfare individuals/charities including but not limited to rescue and pound dogs.
The head office of the Rescue
All branches of the Rescue
All volunteers working on behalf of the Rescue
All contractors suppliers and other people working on behalf of the Rescue
The policy also applies to all data that Rescue holds relating to individuals even if that information falls outside of the data protection act of 1998 this can include:
- Names of individuals
- Postal address is of individuals
- A mail addresses of individuals
- And their telephone numbers
- Data protection risks
This policy helps to protect the Rescue from some very real data to security risks including:
- Breaches of confidentiality – for instance information being given out inappropriately
- Failing to offer choice – for instance all individuals should be free to choose how the Rescue uses the data relating to them
- Reputational damage – for instance if the Rescue could suffer if hackers successfully gain access to peoples sensitive data
Everyone who volunteers for the Rescue has some responsibility for ensuring that data is collected, stored and handled appropriately. Each person that handles personal data must ensure that it is handled and processed in line with the policy and data protection principles
However these people have key areas of responsibility.
- The founder and chair of the Rescue is ultimately responsible for ensuring the Rescue and its trustees honour its legal obligations
- The data protection officer – Paul Saxton – is responsible for:
- Keeping the trustees up to date about data protection responsibilities risks and issues
- Reviewing all data protection procedures relating policy is in line with an agreed schedule
- Arranging data protection training and advice for people covered by this policy
- Handling data protection from anyone else
- Dealing with requests from individuals to see the data Rescue holds about them (also called subject access request)
- Checking and approving any contracts or agreements with third parties that may handle sensitive data
- The trustees are responsible for:
- Ensuring all systems services and equipment used for storing data meet acceptable security standards
- Performing regular checks and scans to ensure security hardware and software is functioning correctly
- Evaluating any third-party services and company is considering using to school or process data for instance cloud computing services
General staff guidelines
The only people able to access data covered by this policy should be those who need to successfully complete our services.
Data should not be shared informally when access to confidential information is required trustees can request it from these line managers.
Trustees or volunteers and anyone using the Rescues who would need personal information to assess should keep the data secure by taking sensible precautions and following guidelines below.In particular strong passwords must be used and they should never be shared.
Personal data should not be disclosed to unauthorised people either within the Rescue or externally. Any data requests relating to personal information gained via the Rescue in anyway should be redirected to Paul Saxton to deal with directly with whoever is questing the personal information.
Data should be regularly reviewed and updated if it is found to be out of date if no longer required shall be deleted and disposed off.
Volunteers should request help from a trustee or Paul Saxton or Saxton or any data protection officer in respect of the data protection policies
These rules describe how and where data should be safely stored.
When data is stored on paper it should be kept in a secure place where unauthorised people cannot see it. When not required the paper or files should be kept in a locked drawer of filing cabinet
Trustees should make sure paper and printouts are not left where on authorised people could see them like on a printer.
Data printouts should be shredded and disposed off sheet carefully when no longer required.
When data is stored electronically it must be protected from unauthorised access accidental deletion or malicious hacking attempts.
Data should be at protected by strong passwords at all change regularly and never shared between anyone else.
If data is stored on a removable media desk like CD or DVD these should be kept locked away securely when not in use
Data should only be stored on designated devices and servers and should only be uploaded till and approved cloud-computing service.
Services containing personal data should be cited in a secure location away from general office space.
Data should be backed up frequently; back ups should be tested regularly in line with company standard backup procedures.
Data saved to personal laptops and mobile devices should be protected by a device lock password and should not be saved onto these devices but access the encrypted means search at Gmail app, message app, WhatsApp and Google Drive
All servers and computers containing data should become protected by approved security software and firewalls.
Personal Data has no value to the Rescue unless the business can make use of it. Therefore we only keep personal data for the length of time that is necessary for us to provide our services.
Personal data provided to the Rescue will be processed under the following circumstances/conditions.
The Rescue will only keep personal information of volunteers for us as long as they can assist us to provide our services.
When someone chooses to volunteer for the Rescue, he or she will ask for permission to keep his or her details on file. Unless in cases where people who are ending their volunteering help and do not have a dog with the Rescue, this information will then be removed.
The Rescue will share volunteers personal data when it is necessary to provide our services to service users. For example we may pass your necessary personal information on to service users or that they are able to advise and application for whom you will be attending or performing a home check.
Personal data of third parties such as adoption applicants will be processed and stored in compliance with our and these policies.
All volunteers and trustees will be required to permanently delete any data as soon as it is no longer needed.
The Rescue will share service users personal data with volunteers who have agreed to provide our services to you.
The additional data of service users will be processed and stored in compliance with this policy.
If the Transport run is set up for a dog, once this transport run has been completed any of the information must then be deleted by the driver.
When working with personal data volunteers/service users should ensure the screen of their computer is always locked when left unattended.
Personal data should not be shared informally by anyone.
Data must be encrypted before being transferred electronically.
Personal data should never be transferred outside of the European Union.
Volunteers/service users should not save copies of personal data to their own personal company. They should be able to provide information on how a data shop checks personal data.
The law requires that the Rescue take reasonable steps to ensure data is kept accurate and up-to-date. The more important it is that the personal data is accurate, the greater efforts the Rescue should put into ensuring its accuracy.
It is the responsibility of all the trustees who volunteer to take steps to ensure it is kept as accurate and as up-to-date as possible. Data will be held in as few places as is necessary.
Trustees should take every opportunity to ensure data is updated regularly.
The Rescue will make it easy for data subjects to update the information that the Rescue holds. For instance you can email us at any time to request the information we hold on you so you are able to confirm any amendments.
Data should be updated when inaccuracies are discovered. For instance if a data subject cannot be contacted via mobile or email, their data will be deemed as incorrect and deleted.
Subject access request
All individuals who are subject to the personal data held by the Rescue are entitled to ask what information that Rescue holds about them and why.
- How to gain access to it
- Be informed how to keep it up-to-date
- Be informed how the Rescue is meeting its data protection obligations
If an individual contacts the Rescue requesting this information it is called a subject access request. These requests should be made by email to the data controller at Paul.firstname.lastname@example.orgThe Data controller will always verify the identity of anyone making a subject access request before handing over any of that deemed information.
Disclosing data for other reasons
In certain circumstances the data protection allows personal data to be disclosed to law enforcement agencies without the data consent of the subject. Under these circumstances the Rescue will ensure the request is legitimate seeking assistance from the board of trustees when necessary.
The Rescue will only ever exercise our rights to disclose data outside this policy when requested to do so by law to the rescue and it is identified to be true.
Cookies provide information regarding the computer use by a visitors to your website. The Rescue may gather information about your general Internet usage by using cookies that are downloaded to our computer and stored on the computer‘s hard drive. You can adjust the settings of your computer to decline any little cookie it if you wish. It can be done in the settings section of your computer for more information. For advice about cookies please go to about adoutcookies.org