Volunteer Privacy Notice

Last updated: 18 April 2018

We will process the personal information you provide for our legitimate charitable interests and to enhance the experience of our volunteers. This includes contacting you about relevant volunteering opportunities, news and events. 

In brief

  • We respect your personal data and store it securely.
  • We will never sell your personal data.
  • We will remove your data if you ask us to.
  • We may send you content we think is relevant or interesting to you but you can unsubscribe or change your contact preferences at anytime. 
  • We may use your data to contact you about information you request or to allow you to access our services. 

Full version

Quicky navigate to a section using the links below or download the full Volunteer Privacy Notice at the bottom of this page.

What is the purpose of this document?

What personal data do we collect and how is it used?

How is your personal information collected?

How we use particularly sensitive personal information?

Automated Decision Making

Who has access to your data?

Data Security

Data Retention

Your legal rights

Accessing your data

Changes to this privacy notice

Queries and further information

What is the purpose of this document?

The Cranfield Trust collects and processes personal information about you during and after your relationship with us in order to manage that relationship. We are committed to being transparent about how we collect and use your data to meet our obligations under the General Data Protection Regulation (GDPR).

What personal information do we collect and how is it used?

Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Data we collect

What we use it for

Names, addresses, telephone numbers, email addresses

To contact you to discuss volunteering opportunities or to keep you updated on our services or activities and events; to record your location in order to assess your suitability for projects in your region

Curriculum Vitae or other profiles

To build a picture of your skills, experience and interests in order to assess your suitability for volunteering opportunities or specific projects

Information gathered from business and social media sources in the public domain, eg LinkedIn, Facebook

To build a picture of your skills, experience and interests in order to assess your suitability for volunteering projects

References

To assess your suitability for volunteering with us, and for being utilised on specific projects

Information on special requirements, health or medical conditions

To assess your suitability for volunteering with us, and for being utilised on specific projects; to carry out our legal duties (eg to ensure health and safety)

Information related to project monitoring such as hours spent on a project

To assess your suitability for being utilised on specific projects; to use such data for statistical analysis and reporting

Information related to availability and the reasons for periods of unavailability

To assess your suitability for volunteering with us, and for being utilised on specific projects

IP Addresses

As an extra cyber security measure, we may log the IP address of the computer used to email us a contact form as part of our registration process. This type of data does not normally identify an individual in the UK.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. If you fail to provide certain information when requested, we may not be able to register you for volunteering opportunities, or we may be prevented from meeting our legal obligations (such as to ensure your health and safety).

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How is your personal information collected?

We collect information through our volunteer registration process, either directly from you or the references you will be asked to provide. We may sometimes collect additional information from third parties including business and social media searches such as LinkedIn. We may collect personal information in the course of volunteering activities throughout the period of you volunteering for us.

How we use particularly sensitive personal information

We do not need your consent if we use special categories of your personal information to carry out our legal obligations. In limited circumstances we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Automated Decision Making

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Who has access to your data?

Your information may be shared internally, including with staff members responsible for managing and administering projects, HR, health and safety, insurances, events and marketing activities.

We may have to share your data with third parties, including third-party service providers, for example in connection with supporting our CRM system and IT network (including remote support) and professional advisers where necessary, who may be party to confidential discussions related to an individual.

We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data Security

The Cranfield Trust takes the security of your data seriously.  We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access.  Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods, archiving and destruction policies for different aspects of your personal information are available in our retention policy which is available from the person responsible for data protection.

Your legal rights

As a data subject, you have a number of rights, details of which can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent at any time. Once confirmed, we will no longer process your information for the purpose you originally agreed to, unless we have another legitimate basis for doing so in law.

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner (ICO).

Accessing your data

You will not have to pay a fee to access your personal information. However, if we think that your request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request.

We may need to confirm your identity or ensure your right to exercise your legal rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Queries and Further Information

The Cranfield Trust based at Court Room Chambers, 1 Bell Street, Romsey, SO51 8G is the Data Controller. For any queries, please contact James Lennard, Head of Finance, Administration & Control mydata@cranfieldtrust.org or telephone 01794 830338