{"id":2513,"date":"2025-07-08T08:53:19","date_gmt":"2025-07-08T08:53:19","guid":{"rendered":"https:\/\/demopreview.co.za\/impacttrust\/?page_id=2513"},"modified":"2025-07-08T10:25:12","modified_gmt":"2025-07-08T10:25:12","slug":"impact-trust-data-protection-and-privacy-policy","status":"publish","type":"page","link":"https:\/\/demopreview.co.za\/impacttrust\/impact-trust-data-protection-and-privacy-policy\/","title":{"rendered":"Impact Trust Data Protection and Privacy Policy"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">1.\u00a0Introduction<\/h2>\n\n\n\n<p>The Impact Trust (\u201cthe Trust\u201d), a charity registered in England and Wales (Registration<br>Number 1167011), is committed to protecting the privacy and security of personal data. This<br>policy outlines how the Trust collects, uses, stores, and protects personal data, ensuring<br>compliance with the UK General Data Protection Regulation (GDPR), the Data Protection<br>Act 2018, and other relevant legislation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2.\u00a0Scope<\/h2>\n\n\n\n<p>This policy applies to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All trustees, staff (including temporary and contract staff), volunteers, and representatives of the Trust.<\/li>\n\n\n\n<li>All personal data processed by the Trust, regardless of format (electronic, paper, or otherwise).<\/li>\n\n\n\n<li>All activities involving the collection, use, storage, sharing, or disposal of personal data.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">3.\u00a0Data Protection Principles<\/h2>\n\n\n\n<p>The Trust will ensure that personal data is:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Processed lawfully, fairly, and transparently.<\/strong><\/li>\n\n\n\n<li><strong>Collected for specified, explicit, and legitimate purposes<\/strong>\u00a0and not further processed in a manner incompatible with those purposes.<\/li>\n\n\n\n<li><strong>Adequate, relevant, and limited<\/strong>\u00a0to what is necessary for the purposes for which it is processed.<\/li>\n\n\n\n<li><strong>Accurate and kept up to date<\/strong>; inaccurate data will be rectified or erased without delay.<\/li>\n\n\n\n<li><strong>Kept no longer than necessary<\/strong>\u00a0for the purposes for which it is processed.<\/li>\n\n\n\n<li><strong>Processed securely<\/strong>, protecting against unauthorized or unlawful processing accidental loss, destruction, or damage, using appropriate technical and organizational measures.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">4.\u00a0Lawful Basis for Processing<\/h2>\n\n\n\n<p>The Trust will only process personal data where there is a lawful basis, including: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Consent from the data subject.<\/li>\n\n\n\n<li>Performance of a contract.<\/li>\n\n\n\n<li>Compliance with a legal obligation.<\/li>\n\n\n\n<li>Protection of vital interests.<\/li>\n\n\n\n<li>Legitimate interests pursued by the Trust or a third party, except where overridden by the interests or fundamental rights of the data subject.<\/li>\n<\/ul>\n\n\n\n<p>Where consent is required, it will be sought in a clear, accessible way, and individuals will be<br>informed of their right to withdraw consent at any time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5.\u00a0Categories of Personal Data<\/h2>\n\n\n\n<p>Personal data processed by the Trust may include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Names, addresses, emails, telephone numbers.<\/li>\n\n\n\n<li>Financial information (for donations or payments).<\/li>\n\n\n\n<li>Photographs, images, or video footage.<\/li>\n\n\n\n<li>Special categories of data (e.g., health information, racial or ethnic origin) only where necessary and with appropriate safeguards.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">6.\u00a0Purposes of Data Processing<\/h2>\n\n\n\n<p>The Trust collects and processes personal data for purposes including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Administration of charitable activities and events.<\/li>\n\n\n\n<li>Communication with supporters, beneficiaries, and stakeholders.<\/li>\n\n\n\n<li>Fundraising and processing donations.<\/li>\n\n\n\n<li>Compliance with legal and regulatory obligations.<\/li>\n\n\n\n<li>Recruitment and management of staff and volunteers.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">7.\u00a0Data Sharing<\/h2>\n\n\n\n<p>Personal data may be shared with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Service providers and contractors acting on behalf of the Trust<\/li>\n\n\n\n<li>Regulatory authorities or law enforcement, where required by law.<\/li>\n\n\n\n<li>Partner organizations, only with appropriate agreements and safeguards.<\/li>\n<\/ul>\n\n\n\n<p>Where data is shared regularly, a data sharing agreement will be in place. Data subjects will<br>be informed of any sharing in the Trust\u2019s Privacy Notice.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">8.\u00a0Data Security<\/h2>\n\n\n\n<p>The Trust will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restrict access to personal data to those who need it.<\/li>\n\n\n\n<li>Use secure systems and procedures for storing and handling data.<\/li>\n\n\n\n<li>Provide training to staff and volunteers on data protection.<\/li>\n\n\n\n<li>Regularly review and update security measures.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">9.\u00a0Data Retention<\/h2>\n\n\n\n<p>The Trust will retain personal data only as long as necessary for the purposes for which it<br>was collected, in line with its Records Retention Schedule. Data will be securely deleted or<br>destroyed when no longer required.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10.&nbsp;Individual Rights<\/h2>\n\n\n\n<p>Data subjects have rights under the GDPR, including: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right to be informed\u00a0about data collection and use.<\/li>\n\n\n\n<li>Right of access\u00a0to their personal data.<\/li>\n\n\n\n<li>Right to rectification\u00a0of inaccurate data.<\/li>\n\n\n\n<li>Right to erasure\u00a0(\u201cright to be forgotten\u201d) in certain circumstances.<\/li>\n\n\n\n<li>Right to restrict processing.<\/li>\n\n\n\n<li>Right to data portability.<\/li>\n\n\n\n<li>Right to object\u00a0to processing.<\/li>\n\n\n\n<li>Rights in relation to automated decision making and profiling.<\/li>\n<\/ul>\n\n\n\n<p>Requests to exercise these rights can be made to the Trust\u2019s Data Protection Lead.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">11.\u00a0Data Breaches<\/h2>\n\n\n\n<p>Any suspected data breach must be reported immediately to the Data Protection Lead. The<br>Trust will investigate all breaches and notify the Information Commissioner\u2019s Office (ICO)<br>and affected individuals where required.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">12.\u00a0Data Protection by Design<\/h2>\n\n\n\n<p>The Trust will integrate data protection into all processing activities and projects, including<br>conducting Data Protection Impact Assessments (DPIAs) where processing is likely to result<br>in high risk to individuals\u2019 rights and freedoms.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">13.\u00a0Training and Awareness<\/h2>\n\n\n\n<p>All staff, trustees, and volunteers will receive regular training appropriate to their roles to<br>ensure understanding of their data protection responsibilities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">14.\u00a0Monitoring and Review<\/h2>\n\n\n\n<p>The Trust will regularly audit compliance with this policy and review it annually or in<br>response to legislative changes or identified weaknesses.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">15.\u00a0Contact<\/h2>\n\n\n\n<p>For any queries or to exercise your rights under this policy, please contact WHAT EMAIL<br>ADDRESS ARE YOU USING \u2013 HELLO@IMPACTUTRUST.ORG?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.\u00a0Introduction The Impact Trust (\u201cthe Trust\u201d), a charity registered in England and Wales (RegistrationNumber 1167011), is committed to protecting the privacy and security of personal data. Thispolicy outlines how the Trust collects, uses, stores, and protects personal data, ensuringcompliance with the UK General Data Protection Regulation (GDPR), the Data ProtectionAct 2018, and other relevant legislation. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"templates\/display-content.php","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-2513","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/pages\/2513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/comments?post=2513"}],"version-history":[{"count":4,"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/pages\/2513\/revisions"}],"predecessor-version":[{"id":2524,"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/pages\/2513\/revisions\/2524"}],"wp:attachment":[{"href":"https:\/\/demopreview.co.za\/impacttrust\/wp-json\/wp\/v2\/media?parent=2513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}