By using or registering on this website (“the Site”) you consent to the collection, storage, use and transfer of your information under the terms of this policy.
As a non-profit making organisation and as we maintain personal information for the purpose of carrying out our business. We process information where;
- an individual has given consent to the processing for a specific purpose (such as signing up to our newsletter)
- for entering into or performing a contract
- when required to comply with the organisation’s legal obligations
- when processing is necessary to protect the vital interests of the individual or when carrying out a task in public interest or in the exercise of official authority
- and when processing is necessary for legitimate interests pursued by CfR (except where those interests are overridden by the rights and freedoms of the individual).
CFR is not required to register with the Information Commissioner’s Office, although in the interests of best practice, CFR has implemented a Data Protection Policy for the collection, storage and processing of personal data held manually or electronically.
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Sensitive personal data includes personal data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, physical or mental health condition, sexual orientation or sexual life. It can also include data about criminal offences or convictions. Sensitive personal data can only be processed under strict conditions, including with the consent of the individual. We store no sensitive data.
Personal data will be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with these purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- kept in a form which permits identification of individuals for no longer than it is necessary for the purposes for which the personal data is processed; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised and unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
If another organisation processes data on our behalf, e.g. a market research or conference organisation, we should to ensure that they have adequate security in place for the management of personal data. This testimony should be provided to CFR at contract stage.
In principle, personal data controlled by CFR will not be released to third parties. Occasionally, partner or stakeholder organisations may ask to share personal data held by CFR. This will only be allowed if they have at least an equivalent data protection policy in place or they agree to be bound by CFR’s policy.
- All passwords to computer systems will be kept secret.
- Screen to be locked when leaving computer and office unattended.
- All electronic or manual files containing personal data to be kept in a secure place at all times.
Rights of Individuals:
Individuals are usually entitled to the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object; and
- The right not to be subjected to automated decision-making including profiling.
Subject Access Requests:
Individuals should contact CfR directly for subject access requests and must provide proof of identity when making an access request. CfR will endeavour to comply with the request within one month and will only refuse requests which are manifestly unfounded or excessive. If CfR refuse a subject access request they will give reason, in addition to informing the subject of their rights to complain to the supervisory authority and to a judicial remedy.
To submit a subject access request, please contact firstname.lastname@example.org with the subject set at “subject access request”.
Data Protection by Design and Data Breaches:
CfR recognises the crucial importance of data protection by design, and its policies and processes are developed around ensuring the safety of personal information stored and handled by the organisation. CfR harbours a no-blame policy among its staff, to ensure that all data breaches are reported quickly and efficiently. Should a data breach which is likely to result in a high risk to the rights and freedoms of individuals occur, those concerned directly will be notified of the breach within 72 hours.
We reserve the right to change this policy at any time. Where appropriate, we will notify changes by mail or email.
If you have any queries concerning your personal information or any questions on our use of the information then please contact us at email@example.com or by sending us a letter to Communities for Renewables, Tremough Innovation Centre, Tremough Campus, Penryn, Cornwall TR10 9TA or by telephoning us on 01326 567 161.