Who we are
Our website address is: https://1hourlife.org.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Data Protection Policy – Volunteers
This is the statement of general policy arrangements for the committee of Volunteers. The association is committed to ensuring that all personal information in its possession is processed fairly and lawfully with all due regard to current data protection legislation in force in the United Kingdom. The association recognises that it is a Data Controller as defined in legislation and takes the responsibilities of this role seriously.
Data Protection Officer
Having reviewed the nature and scope of the information held by the association, the committee have decided not to designate a Data Protection Officer in accordance with Article 37 of the EU General Data Protection Regulation (EU2016/679). Overall responsibility for data protection rests with the committee.
Roles and Responsibilities
Everyone in the association is responsible for ensuring that their own work practices are compliant with the relevant policies and procedures regarding data protection and for promptly reporting any potential breeches of data protection to a committee member. Failure to do so may result in personal liability.
The committee personally acknowledge their overall responsibility for data protection and specific responsibility for the following:
- Day-to-day responsibility for ensuring policy is put into practice
- Maintaining the physical security of locations and devices containing personal information
- Maintaining the cyber security of computer systems containing personal information
- Maintaining a register of personal information processed by the association
- Ensuring that any information processing is in accordance with the legal basis and the data protection principles
- Ensuring that appropriate impact assessments are carried out and the results of those assessments are put into practice
- Ensuring that appropriate policies and procedures are in place and that staff are given training and guidance in order to be competent in doing their work
- Ensuring that data subjects are informed about processing through privacy notices and other means
- Ensuring that contracts include data protection clauses where relevant
- Ensuring that any personal information exported to a non-EU country is subject to appropriate legal safeguards
- Ensuring that data subject requests are dealt with appropriately and in a timely manner
- Ensuring that data breech incidents are dealt with appropriately and in a timely manner
- Ensuring that business continuity arrangements protect the confidentiality, integrity and availability of personal information even during a crisis.
Sign-off and Review
This policy was agreed by the committee on 17th March 2020 and will be reviewed at least annually.
Date of last review: 17th March 2020
Privacy Notice
1. Identity and Contact Details
This privacy notice details how the committee of the Coronavirus Volunteers use the information that we collect.
We are committed to fully complying with the relevant data protection legislation in the UK including the EU General Data Protection Regulations (GDPR) and the Data Protection Act 2018. As committee members, we recognise our responsibility (jointly and individually) as data controllers in the meaning of this legislation
You can contact us by emailing volunteers or by writing to:
2. The Data
We may collect and use the following personal information:
- Name and contact details
- Details of correspondence, meetings and appointments
- Bank account and payment details
- Details of services requested and rendered
We will use this information to manage the association, to link up volunteers with requests for service, to keep volunteers informed, to respond to enquiries and to arrange payment for any goods obtained by volunteers on behalf of service users.
This information is necessary for us to fulfil our contractual and legal obligations and in pursuing our legitimate interests in managing the objectives of the association.
3. Data Sharing
We may share your information with other companies in line with the purposes listed above. In all cases, we have contracts and agreements in place to ensure that your information is protected and is not used for any other purpose than those listed above. Companies that we may share information with are:
- Companies involved with the design, hosting and maintenance of our website and our email and IT systems
- Our insurers and professional advisers
In addition, where you communicate with us via social media messaging platforms, the information is shared with the platform operator and their own data protection policies also apply.
4. International Transfer
Some information may be stored and processed outside of the EEA.
Where information is transferred outside of the EEA, we ensure that appropriate safeguards are in place to protect your information to the same or an equivalent level as would be found in UK and EU data protection legislation. The safeguards we use are:
- Ensuring the country is the subject of an EU adequacy decision; or
- Ensuring the company is a member of an adequate. Legally-binding scheme such as EU-US Privacy Shield; or
- Ensuring the contract includes ICO-approved model contract clauses; or
- Ensuring the organisation is subject to ICO-approved binding corporate rules or an ICO-approved code of conduct.
5. Retention
In accord with relevant data protection legislation, we will not retain your information for longer than is necessary for the purposes listed above and to deal with any complaint or dispute you may have. If you require further information about our information retention policies, please contact us.
6. Your rights
Under UK and EU data protection legislation, you have a number of rights with respect to your information. These include:
- The right to be informed about the information we hold about you
- The right of access to the information we hold about you
- The right to have any errors rectified
- The right to withdraw consent (where consent is the basis of processing)
- The right to object to processing
If you have any questions about the information we hold, how we use it or how to exercise these rights, please contact us using the contact details above.
7. Complaints
If you have any cause for complaint about the way we care for your information, please do contact us and we will do our best to resolve the situation for you. You also have the right to complain directly to the Information Commissioner’s Office. You can find details of how to contact them here: https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.