On May 25th 2018, the General Data Protection Regulation is active for any website that stores information about an EU citizen. In order to comply to this regulation, here are the ways Serve the City is storing and using information.
Information collected by Serve the City may be used to:
- respond to requests for information
- disseminate information such as newsletters or details of events
- engage with volunteers and make the appropriate organisational arrangements for serving
- process any donations or pledges of donations
- keep a record of Volunteer and client contact details
- inform clients, donors and volunteers of any current or future information about our work, events, campaigns and activities, or any other features of Serve the City
- business purposes, such as data analysis, audits, fraud monitoring and prevention, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of informational and operating and expanding our serving activities
- as we believe to be necessary or appropriate: (1) under current applicable law, (2) to comply with legal process; (3) to respond to requests from public and government authorities (4) to enforce our terms and conditions; (5) to protect our operations; (6) to protect our rights, privacy, safety or property and/or that of others; and (7) to allow us to pursue available remedies or limit any damages that we may sustain
It is the commitment of Serve the City that any use of collected information will be in accordance with the data protection principles of good practice. This means that it will be:
- processed fairly and lawfully
- processed for limited purposes and in an appropriate way
- adequate, relevant and not excessive for the purpose
- accurate and, where necessary, kept up to date
- not retained any longer than necessary for the purpose.
- processed in line with data subjects’ rights
- be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information
- not transferred to any third parties outside Serve the City organization without adequate protection
In addition, Serve the City will ensure that:
- It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection
- Everyone processing personal information understands that they are contractually responsible for following good data protection practice
- Everyone processing personal information is appropriately trained to do so
- Everyone processing personal information is appropriately supervised
- Anybody wanting to make enquiries about handling personal information knows what to do
- It deals promptly and courteously with any enquiries about handling personal information
- It describes clearly how it handles personal information
- It will regularly review and audit the ways it hold, manage and use personal information
- It regularly assesses and evaluates its methods and performance in relation to handling personal information
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the General Data Protection Regulation.
Storage of information
Unless specified otherwise, the information you provide is stored either on Salesforce (read Salesforce’s commitment to GDPR) or our server at Infomaniak (read Infomaniak’s commitment to GDPR).