Lotterygrants.co.uk > Data protection policy
Lotterygrants.co.uk is committed to meeting its obligations under the UK Data Protection Act of 1998. Lotterygrants.co.uk will strive to observe the law in all collection and processing of subject data and will meet any subject access request in compliance with the law. Lotterygrants.co.uk will only use data in ways relevant to carrying out its legitimate purposes and functions as a business, and Limited Company under UK law, in a way that is not prejudicial to the interests of individuals. Lotterygrants.co.uk will take due care in the collection and storage of all data, particularly personal or sensitive data. Lotterygrants.co.uk staff will do their utmost to keep all data accurate, timely and secure.
As an international business, Lotterygrants.co.uk will share its data with it’s own staff overseas and partners overseas but will work to ensure that all staff understand they are required to observe UK data protection laws when handling data transferred overseas from London.
All Lotterygrants.co.uk staff, whether permanent or temporary, paid or volunteer must be aware of the requirements of the Data Protection Act when they collect or handle data about an individual. Our staff must not disclose data except where there is subject consent, or legal requirement. All collection and processing must be done in good faith.
The Data Protection Officer will keep records of all complaints by data subjects and the follow up. It will also keep a record of all data access requests. There will be a repository of all Lotterygrants.co.uk statements of Data Protection Law compliance and information about any contacts made with the Data Protection Registrar. This information will be available to staff and data subjects on request.
Lotterygrants.co.uk will keep ‘registration’ (now called notification) up to date.
Principles of data protection outlined in the Data Protection Act
Anyone processing personal data must comply with the eight enforceable principles of good practice. These state that data must be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate
- not kept longer than necessary
- processed in accordance with the data subject's rights
- secure
- not transferred to countries without adequate protection