Principles of the General Data Protection Regulation Act 2016
The York Down Syndrome Support Group (YDSSG) needs to collect, maintain and use certain personal data about current, past and prospective members of the organisation, and other companies or individuals it has dealings with. YDSSG is dedicated to handling, processing, and storing this personal data in accordance with the UK GDPR Act 2016 (GDPR).
YDSSG has a responsibility to protect such personal data it collects from you.
YDSSG is committed meeting its obligations under the UK GDPR Act 2016. These principles require that personal data must:
be fairly and lawfully processed and not processed unless specific conditions are met;
be obtained for one or more specified, lawful purposes and not processed in any manner incompatible with those purposes;
be adequate, relevant and not excessive for those purposes;
be accurate and, where necessary, kept up to date;
not be kept for longer than is necessary;
be processed in accordance with the data subject’s rights under the DPA;
be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage;
not be transferred to countries outside the European Economic Area (EEA) unless the country or territory ensures adequate protection for the rights and freedoms of the data subjects.
What YDSSG collects:
YDSSG collects personal data that data subjects (you) provide, which is information that can be used to identify someone as an individual. YDSSG will only do this when you (as the data subject) have consented to YDSSG request for that personal data. This personal data may include your:
How the YDSSG will use a data subject’s personal data (“Purpose”).
By providing personal data, you agree that YDSSG may use your personal data to:
Respond to your requests;
Share the content of our communications;
Provide you with tips, helpful information, news and updates of the organisation, or similar and relevant organisations;
Notify you of new services;
Seek your views on new services;
YDSSG will act as a data controller of such personal data.
YDSSG will only collect personal data to serve a specific purpose and only gather the minimum amount needed.
YDSSG will obtain a data subject’s informed consent to process his or her personal data in cases where it is necessary and appropriate to do so.
YDSSG will not use personal data collected for one purpose for a different purpose without getting the data subject’s consent.
YDSSG will correct any personal data where it is notified that such personal data is incorrect, and delete all copies of personal data on the request of the data subject.
Only authorised trustees and volunteers of YDSSG can carry out processing of personal data.
How YDSSG protects your personal data
YDSSG will take appropriate measures to protect personal data consistent with applicable privacy and data security laws.
When YDSSG uses a third-party service provider, (eg, email providers, online banking, social media platforms) that provider will required to use appropriate measures to protect the confidentiality and security of personal data.
Unfortunately, no data transmission over the Internet is 100 per cent secure. As a result, while we try to protect your personal information, YDSSG cannot guarantee the security of any information you transmit to us and you do so at your own risk.
Sharing personal data with third parties
YDSSG may share the personal data of a data subject in compliance with applicable law.
In certain special cases where permitted by applicable law, YDSSG may disclose your personal data:
when YDSSG has reason to believe that disclosure of this information is necessary to identify, contact or bring legal action against someone who may be causing injury to you or otherwise injuring or interfering with YDSSG’s rights, property or operations, other users of this website or anyone else who could be harmed by such activities;
when YDSSG believes that applicable law requires it, or in response to any demand by law enforcement authorities.
Unless otherwise specified in the website or by directly asking your permission, YDSSG will not pass your personal data to other third parties.
Sometimes YDSSG uses selected third parties to provide support services in the normal course of business (eg, Google for email, online banking portals etc). These parties may, from time to time, have access to your personal data to enable them to provide those services to YDSSG. YDSSG requires all third parties providing such support services to meet the same standards of the GDPR. Any third party will be prohibited from using your personal data for that third party’s own purposes. In particular, YDSSG will not allow service providers to use your personal data for the marketing activities of that service provider.
Links to other websites and Social Media
The YDSSG website may from time to time provide links to or embed third party websites. This YDSSG Policy does not apply to those third party websites. If you choose to enter such a linked site, you agree that the YDSSG is not responsible for the availability of such websites and the YDSSG does not review or endorse and shall not be liable, directly or indirectly, for:
how these third party websites treat your personal data;
the content of such third party websites; or
the use that others make of these third party websites.
Please ensure you check the data protection policy posted on a third party website or mobile application you access before entering any personal data.
Access to information – Subject Access Request
YDSSG will retain your information only for the period necessary to fulfil the purposes outlined in this YDSSG Policy, unless a longer retention period is required or permitted by applicable law. Anyone who is the subject of personal data held by YDSSG has the right to make a subject access request to request the updating, correcting or removal of personal data that has been provided to us, at any time, using the contact information provided at the end of this YDSSG Policy. Applicable laws may also give you the right to access information that you have provided to YDSSG.
YDSSG will deal promptly with subject access requests and will do so with no charge.
YDSSG will update this YDSSG Policy to take account of changes in working practice or applicable law. If the changes that the YDSSG makes are material, YDSSG may make you aware of these changes.
Please address any questions, comments and requests regarding this YDSSG Policy to YDSSG using the contact information below. If you contact YDSSG, please provide information as to how YDSSG may contact you.
To contact YDSSG regarding any aspect of YDSSG's approach to GDPR, email click this link