Wembley To Soweto Foundation GDPR Privacy Policy

Introduction

The Wembley To Soweto Foundation places a high value on the protection of personal data and is committed to upholding the principles and requirements outlined in the General Data Protection Regulation (GDPR). This policy serves as a framework for our approach to the collection, processing, storage, and protection of personal data, ensuring compliance with GDPR standards and safeguarding the privacy rights of individuals.

Data Collection and Processing

We collect and process personal data only for specific, explicit, and legitimate purposes, ensuring transparency and accountability in our data processing activities. Individuals are provided with clear information regarding the purpose and legal basis for the processing of their data at the time of collection, and their consent is obtained where required by law.

Lawful Basis for Processing

Personal data is processed by the Wembley To Soweto Foundation only when there is a lawful basis for doing so, in accordance with the principles outlined in the GDPR. This may include obtaining consent from the data subject, fulfilling contractual obligations, complying with legal obligations, protecting vital interests, performing tasks carried out in the public interest or in the exercise of official authority, or pursuing legitimate interests, provided that these interests do not override the rights and freedoms of the data subject.

Data Minimisation

We adhere to the principle of data minimisation, collecting and processing only the minimum amount of personal data necessary to achieve the intended purpose. This ensures that we do not collect or retain excessive or irrelevant data, thereby minimizing the risk of unauthorized access, misuse, or disclosure.

Data Accuracy

The Wembley To Soweto Foundation takes reasonable steps to ensure the accuracy of personal data and to keep it up to date. We recognize the importance of maintaining accurate and reliable data to support informed decision-making and to uphold the rights of data subjects. Data accuracy is regularly reviewed and updated as necessary to reflect any changes or corrections provided by the data subject.

Data Security

We are committed to ensuring the security of personal data through appropriate technical and organizational measures designed to prevent unauthorized access, disclosure, alteration, or destruction. Personal data is stored securely, with access restricted to authorized personnel only. We employ encryption, firewalls, access controls, and other security measures to protect personal data from unauthorized access or misuse.

Data Subject Rights

The Wembley To Soweto Foundation respects the rights of data subjects as enshrined in the GDPR. Individuals have the right to access, rectify, erase, restrict processing, and port their personal data, subject to certain limitations and conditions. Requests from data subjects regarding their rights will be promptly addressed in accordance with GDPR requirements.

Data Breach Response

In the event of a data breach, we have established procedures in place to assess and respond to the breach in a timely and effective manner. This includes notifying the relevant supervisory authority and affected data subjects where required by law. We take data breaches seriously and are committed to mitigating any potential harm or risks to individuals associated with such incidents.

Data Protection Impact Assessments (DPIAs)

Data Protection Impact Assessments (DPIAs) are conducted when processing activities are likely to result in a high risk to the rights and freedoms of individuals. DPIAs help us identify and mitigate potential risks associated with data processing activities, ensuring compliance with GDPR requirements and safeguarding the privacy and rights of data subjects.

International Data Transfers

Personal data is not transferred outside the European Economic Area (EEA) without appropriate safeguards in place to ensure an adequate level of protection for the data. Where international data transfers are necessary, we implement measures such as standard contractual clauses, binding corporate rules, or other approved mechanisms to protect the data and uphold GDPR standards.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, in accordance with our data retention policies and legal obligations. We periodically review and assess the need for retaining personal data, and data that is no longer necessary for the intended purpose will be securely deleted or anonymized to prevent unauthorized access or use.

Data Protection Officer (DPO)

The Wembley To Soweto Foundation has appointed a Data Protection Officer (DPO) who is responsible for overseeing GDPR compliance, providing guidance on data protection matters, and serving as a point of contact for data subjects and supervisory authorities.

Training and Awareness

Staff and volunteers receive comprehensive training on GDPR principles, data protection responsibilities, and the foundation’s policies and procedures. This training ensures that personnel are equipped with the knowledge and skills necessary to handle personal data in compliance with GDPR requirements and to protect the privacy rights of data subjects.

Policy Review

This GDPR Privacy Policy is subject to regular review and will be updated as necessary to reflect changes in legislation, organizational practices, technology, or industry standards. We remain committed to maintaining compliance with GDPR requirements and to continually improving our data protection practices to safeguard the privacy and rights of individuals associated with the Wembley To Soweto Foundation.