1.Introduction
The Great Friendship Project (TGFP) is dedicated to safeguarding the privacy and data protection rights of
individuals, including participants, volunteers, staff members, and stakeholders, in accordance with the General Data Protection Regulation (GDPR) and relevant data protection laws.
This Privacy Policy outlines our commitment to responsibly collect, process, store, and manage personal data and sensitive information.
2.Data Controller and Data Protection Officer
2.1 Data Controller: The Great Friendship Project is the data controller responsible for determining the purposes and means of processing personal data.
2.2 Data Protection Officer (DPO): A designated DPO will oversee data protection activities, ensure compliance with GDPR, and act as a point of contact for data subjects and supervisory authorities.
3.Data Collection and Processing
3.1 Lawful Basis: Personal data will be collected and processed only when a lawful basis exists, such as consent, contract performance, legal obligation, vital interests, public task, or legitimate interests.
3.2 Purpose Limitation: Data will be collected for specific, explicit, and legitimate purposes, and will not be processed in ways incompatible with those purposes.
3.3 Data Minimisation: We will collect and process only the minimum amount of personal data necessary for the intended purpose.
3.4 Consent: Consent will be obtained before collecting and processing personal data, and individuals will have the right to withdraw consent at any time.
4.Rights of Data Subjects
4.1 Access and Rectification: Individuals have the right to access their personal data and request corrections if the data is inaccurate or incomplete.
4.2 Erasure (Right to be Forgotten): Individuals can request the deletion of their personal data under certain circumstances.
4.3 Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
4.4 Restriction of Processing: Individuals can request the restriction of processing under specific conditions.
5.Data Security
5.1 Security Measures: Appropriate technical and organisational measures will be implemented to ensure the security and confidentiality of personal data.
5.2 Data Breach Notification: In the event of a data breach that poses a risk to individuals’ rights and freedoms, affected individuals and relevant authorities will be notified as required by law.
6.Data Transfers
6.1 International Transfers: Personal data transfers to countries outside the European Economic Area (EEA) will be conducted in compliance with GDPR requirements.
7.Third-Party Processors
7.1 Processor Agreements: When engaging third-party processors, we will ensure that appropriate data processing agreements are in place to safeguard data protection.
8.Retention Period
8.1 Data Retention: Personal data will be retained for the duration necessary to fulfill the purpose for which it was collected, taking into account legal and operational requirements.
9.Awareness and Training
9.1 Data Protection Training: Relevant staff and volunteers will receive training on data protection and GDPR compliance.
10. Policy Review and Updates
10.1 Policy Review: This GDPR Policy will be reviewed and updated periodically to ensure alignment with legal requirements and organisational practices.
11. Contact Information
Data Protection Officer: David Gradon
Email: david@friendship-project.co.uk
12. Conclusion
The Great Friendship Project is committed to upholding the principles of data protection and privacy.
By adhering to this GDPR Policy, we aim to ensure the lawful, fair, and transparent processing of personal data, respecting the rights and interests of individuals and maintaining thetrust of our participants, volunteers, staff, and stakeholders.