FINE CELL WORK
DATA PROTECTION POLICY
This is the data protection policy for Fine Cell Work.
Fine Cell Work’s mission is to train prisoners in creative, commercial craftwork so they re-enter society with the self-belief and independence to lead fulfilling and crime-free lives.
Fine Cell Work is a registered charity (charity number 1049095) and company (company number 3095356). Under this policy, ‘we’, ‘Fine Cell Work’ and ‘FCW’ refers to the Charity.
This policy sets out the procedures that are to be followed when dealing with personal data. The procedures and principles set out herein must be followed at all times by the Charity, its employees, volunteers, agents, contractors and any other parties working on behalf of the Charity.
We are committed to protecting your personal data and ensuring the confidentiality of the personal information we collect.
This Data protection Policy sets out the basis upon which information is collected through the use of the FCW website and any other electronic communication networks by FCW and the use of the personal information provided in person or online, via email, phone, in writing or other correspondence.
FCW is registered as a Data Controller under GDPR, which means that it determines what purposes personal information is held and how it will be used and is responsible for notifying the Information Commissioner about the data is does or is likely to hold and the purposes for which it will be used.
Collection of personal data
FCW collects information in the following ways:
- When an individual enters into one of the FCW stitching groups in prison
- When an individual joins a prison workshop
- When an individual enters the “Open the Gates” programme
- When an individual makes a donation (either online, in person, or by filling out a form)
- When an individual purchases or commissions an item from FCW online, from the pop up shop or at an event
- When an individual signs up to FCW email updates, either via the website or by filling in a written form
- When an individual becomes a volunteer
- When an individual joins FCW as a member of staff.
FCW will ensure that data is collected on a valid lawful basis. The six lawful bases are as follows:
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose
- Contract: the processing is necessary for a contract we have with an individual or because we have been asked to take specific steps before entering the contract
- Legal obligations: the processing is necessary for us to comply with the law (not including contractual obligations)
- Vital interest: the processing is necessary to protect someone’s life
- Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law
- Legitimate interest: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Use of Personal Information
In order to adhere to the terms of the General Data Protection Regulation we will ensure that data is:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Accurate and kept up to date, and will be erased or rectified without delay
- Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Consent on how personal information is used
We will give a clear explanation of the purpose for which personal information is collected and processed. Where necessary, we will also ask for consent to be given by a positive opt in choice. Sufficient information will be provided for an informed choice to be made. The personal data will not be used for any extra purpose without additional consent being obtained. It will also be made clear how consent can be withdrawn.
We have in place physical, electronic and managerial procedures to safeguard and secure the personal information we collect.
We do use external ‘data processors’ to manage sales information and hold email mailing lists. Our data processors have provided statements on how they keep your personal data safe and secure in compliance with the General Data Protection Regulation (GDPR) 2018.
All our employees and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality of our prisoners’, volunteers’, customers’ and supporters’ personal data.
In order to ensure that data is protected effectively FCW will ensure that all its employees, agents, contractors, volunteers and other parties working on its behalf comply with the following when working with personal data:
- Where personal data is to be erased or otherwise disposed of for any reason (including copies that are no longer needed) it should be securely deleted and disposed of. Hard copies should be shredded and electronic copies deleted securely
- Personal data may be transmitted over secure networks only; transmission over unsecured networks will not be permitted
- If practicable personal data should be over a wired rather than a wireless network
- All hard copies of personal data along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar
- Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised individuals
- If personal data is being viewed on screen and the computer in question is left unattended for any period of time, the user must lock the computer and screen before leaving it
- If personal data is stored on any mobile device (including, but not limited to laptops, tablets and smartphones) whether the device belongs to the Charity or otherwise, it must be used strictly in accordance with this policy and should be retained no longer than necessary
- All personal data stored electronically should be backed up daily with the backup stored onsite and offsite.
- All electronic copies of personal data will be stored securely using passwords
- All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. Passwords should contain a combination of uppercase, lowercase letters numbers and symbols and should not be written down.
- Any items (including needlework and paperwork) sent by post or courier will only be entrusted to suppliers who have demonstrated to FCW that they are GDPR compliant.
- Any archive material is stored in an anonymous unit with access to authorized code holders only.
No sharing of personal information
FCW does not share personal information with any third parties for marketing purposes.
Some of FCW’s 3rd party data processors store information on remote servers across the world, and have agreements with them to ensure that information is safe and secure and not shared with other organisations.
No indirect collection of personal information
FCW does not collect personal data indirectly, for instance by tracking people individually when they have used FCW social media accounts.
Retention of data
We will not retain personal data if an individual has unsubscribed from one of FCW’s mailing lists, other than that held to comply with legal and taxation regulations Data can be anonymised on request where practicable.
If you are a donor, we will only retain limited personal data if we haven’t had any contact with you within the last 2 years.
Gift Aid records and paper credit card receipts are kept on file in a secure environment for a minimum of 6 years in order to comply with HMRC regulations.
Rights to access, remove or correct personal information
Data subjects have the following rights over their personal data:
- The right to be informed
- The right of access
- The right to rectification
- The right of erasure (right to be “forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights with respect to automated decision making and profiling
They also have the right to request a copy of the information that FCW holds about them. Contact details are as follows:
- By email: firstname.lastname@example.org
- Or write to: 14 Buckingham Palace Road, London SW1W 0QP
If a member of the public asks for their personal data to be removed from our current record systems, this will be done within five working days of the request being received. The same timescale will apply when FCW is notified that personal information needs to be corrected or updated.
An individual can also opt out of email correspondence immediately by following the links to unsubscribe.
Data breach notification
If a suspected data breach occurs, the Data Protection officer and Executive Director will meet to gather all relevant information to enable them to determine:
- Whether or not a breach has occurred
- Exactly what information may have been compromised
- The sensitivity of the information
- Whether or not there is a high risk of adversely affecting the individuals involved
- If the individual involved needs to be informed
If it is determined that a data breach has occurred, the incident will be reported to the ICO within 72 hours of becoming known to FCW.
If the breach is likely to result in a high risk of adversely affecting individual’s rights and freedoms FCW will inform the individuals without undue delay.
Records of all breaches will be recorded.
A cookie is a small file downloaded on to the hard drive of a computer or mobile device when the user logs on to a website.
We also set Google Analytics cookies to collect general statistical information to help us understand how our website is used and to improve the service we provide. We learn whether visitors have used the website before, which pages are the most popular and how users move around the site. This information does not allow users to be identified individually. Any information will be deleted by Google Analytics after 50 months.
It is important for us to be able to include your visit in our statistics. By continuing to use the website without changing settings, you are agreeing to our use of these cookies.
Any links to other websites are for information only eg. Product cleaning care, or actively accessed by donors at their instigation.
Changes to FCW’s Data Protection Policy
This policy will be amended in the light of any relevant changes in legislation or related good practice.
How to contact FCW
Please contact FCW if there are any questions about this data protection policy policy. Contact details are as follows:
- By email: email@example.com
- Or write to: 14 Buckingham Palace Road, London SW1W 0QP