Data Protection

Westray Development Trust needs to collect and retain certain types of personal data, in various formats, for administrative and legal purposes so that it can fulfil its functions as a community development trust. This includes; work in the communities interest, being able to fulfil it’s obligations to the community (particularly funding applicants) and as part of its role as an employer.

This Statement describes;

  • the purposes for which the information is collected
  • WDT’s obligations in processing the data.
  • the rights of individuals afforded under the Data Protection Act 2018 (DPA) and its upcoming replacement the General Data Protection Regulation 2016 (GDPR) effective 25th May 2018.

Types of information WDT may collect;

WDT will only process data which you provided by consent.  

In law, personal data is understood in two forms; 

  • personal data (as defined in the GDPR) which includes, for example, names, addresses and other contact details, age, gender and photographic images, information relating to family, lifestyle and social circumstances, education and training details, employment details, financial details and other information.
  • sensitive personal data (which is a special category of Personal Data which is specifically defined in the GDPR) and includes: genetic information, physical or mental health condition, racial or ethnic origin, sexuality, political opinion, religious or other beliefs of a similar nature, trade union membership and criminal offences.

Purposes for which WDT may use the information;

Personal Information held by WDT by individual consent may be used for purposes associated with;

  • maintenance of WDT activity and account records
  • administer membership records
  • internal monitoring
  • manage our employees and volunteers
  • equal opportunity monitoring
  • being able to contact grant/ loan applicants (current and past)
  • inform WDT on community needs
  • pay funding to individuals/organisation bank accounts
  • publicity of trust activity
  • to communicate with individuals of our news, events, activities or services related to WDT
  • to contact individuals via surveys to conduct research about their experiences with WDT and their opinion on potential projects or potential new services.

WDT does not process or hold any Special Categories of Personal Data (Sensitive Data).

Data Protection Obligations

The DPA and GDPR require that any personal data held should be:

  • processed fairly and lawfully;
  • obtained and processed only for specified and lawful purposes;
  • adequate, relevant and not excessive;
  • accurate and kept up to date;
  • held securely and for no longer than is necessary; and
  • not transferred to a country outside the European Economic Area unless there is an adequate level of data protection in that country.

Third Parties

Your Personal Data is strictly confidential. WDT does not provide data to other organisations unless we are required to by law or there is a legitimate reason i.e. OSCR Scotland (the Scottish Charity Regulator). Your data will not be transferred to any countries or territories outside of the EU.

Data Storage

All of the data WDT holds is held secure either under lock & key or password protected on our servers, which are backed up. Only those who work in the WDT office have access to this for legitimate purposes.

Data Retention

WDT will not keep personal data longer than is necessary in light of the purposes for which that data was originally collected, held and processed. When judging the retention of data we consider;

  • the current and future need of the information;
  • the costs, risks and liabilities associated with retaining the information; and
  • the ease or difficulty of making sure it remains accurate and up to date.

WDT will conduct a regular audit of records to ensure that WDT is not holding onto personal data for too long, or deleting it prematurely. When personal data is no longer required all reasonable steps will be taken to erase or otherwise dispose of it without delay.

Your Rights and  Data Information Requests 

Under the DPA 2018 and GDPR 2016 (effective 25th May 2018), it is your right to see all information which WDT currently holds on you via a ‘Subject Access Report’. If you would like to see any information which we hold on you must request this in writing to the WDT office at admin@westraydevelopmenttrust.co.uk

WDT does not charge a fee for ‘Subject Access Reports’. WDT must respond to your request within 30 days or within 60 if it is a complex request under the GDPR.

You also have the right to complain to the Information Commissioners Office (ICO) if you feel like your rights under the GDPR have not been upheld.

Updated May 2018