Introduction

This privacy policy sets out the principles and practice by which The High Tide Foundation protects individual’s privacy and confidential information. This policy is relevant to staff, volunteers and trustees within the organisation. It aims to create a common understanding to what clarifies personal information and ways in which this data is to be protected.

The aim of this policy is to inform people how High Tide collects, processes and use their personal data in a clear and understandable language. The guidance used in order to create this Privacy Policy was obtained from the Information Commissioners Office (ICO).

The privacy policy content can also be found on The High Tide Foundation website using the link www.hightidefoundation.co.uk

Important Terminology & Meanings

Notice. Data collectors (The High Tide Foundation) must make clear what we are doing with the personal information from users before gathering it.

Choice. The companies collecting the data must respect the choices of users on what information to provide and how personal that provided information will be.

Access. Users should be able to view or contest the accuracy of personal data collected by the company.

Security. The companies are entirely responsible for the accuracy and security (keeping it properly away from unauthorized eyes and hands) of the collected personal information.

What is personal data?

Personal data is information that relates to an identified or identifiable individual. Examples of this information could be:

• Name
• Number
• IP Address
• Cookie Identifier
• Criminal convictions and offences data

This list is not exhausted

Any information that can directly identify a person is personal data. If you cannot directly identify an individual from the information then it will be seriously considered whether a person can still be identified. The information that is being processed will be considered in conjunction with all the means that are likely to be used by our organisation or a third party to identify that individual.

The data being processed is only deemed as personal data if it ‘relates to’ the individual. If the data can be used to identify a person, this information must ‘relate to’ that individual in order for it to be personal data. In order to determine if the data does relate to an individual there are a number of factors taken into consideration:

• The content of the information
• The purpose(s) for which our organisation is processing it.
• The likely impact or effect that processing this data could have on this individual.

What data we need?

Email address: This information is needed for communication with our service users, members, staff, volunteers and general enquiries. This information is also used for subscription purposes if you have signed up for our newsletter and other marketing alerts.

Name: This information is needed to identify you for a number of reasons. We may use your name as part of our member contact list, guest list to participate in our services, to correspond with you via email and other ways of communication, quotes and feedback for PR and Marketing purposes.

Medical & Emergency Details: This data is needed for Health & Safety purposes when participating in our services and can include medical history, address, doctor and special requirements. Depending on the nature of the information, this may be shared with the relevant third parties to ensure a safe experience. For example, on taking young people on an overnight trip it may be reasonable to inform the hotel or excursions booked of any disabilities to ensure that the correct procedures are in place.

Emergency Contact: This data is needed due to Health & Safety purposes to ensure there is someone the individual wishes us to contact in an emergency situation. This data will be shared with a number of people within the organisation to provide the correct cover to deal with an incident and also third-party organisations where necessary.

Identification number or documentation: This information can include passports, NI number, driving license, birth certificate and other forms of identification. This data is stored for safeguarding, operational and emergency purposes. This information may be shared with a third-party organisation such as charity commission, pay roll, HMRC etc.

Photograph and quotations: This information will be used for PR & Marketing purposes and may be shared with third-party organisations such as press/ media, web designers for our organisation etc.

Criminal Convictions and Offences Data: As a charity that works with young people we do require a Disclosure Baring Service Check (DBS) carried out prior to being involved with our organisation. This check may include information regarding criminal convictions and offences data.

The High Tide Foundation may be required to pass on your personal information to a third-party organisation for Operation purposes, Health & Safety requirements, Emergency procedures etc.

What we do with your data

The High Tide Foundation will collect, store and process data for a number of operational, safety, medical, financial, statistical and advertisement purposes.

WE WILL NOT sell or rent your data to third-party organisations.

We may need to share your data with third-party organisations if required by law to do so such as by order of the court, fraud prevention, crime prevention or emergency medical situations where your consent be not be obtainable at that time. In this incident we will work with the authorities to ensure the decision made is within your best interests at that time.

How long will we keep your data?

We will only retain your personal data for as long as:

• it is needed for the purposes set out in this document
• the law requires us to

In general, this means that we will only hold your personal data for a minimum of 1 year and a maximum of 7 years.

Children’s Privacy Protection

The services of The High Tide Foundation are mainly for the benefit of young people. Our organisation works with children from entering secondary education at approx. 11 years of age through to adult hood.

The information collected, stored and processed from the children and young people supported by our organisation is listed above.

Where the data is processed and stored

Data will be processed and stored on the High Tide laptops which are encrypted on an annual basis and password secured. Data will also be stored in filling cabinet which are locked and stored in the High Tide Office.

Your personal data may, throughout the course of its processing at High Tide, be transferred outside of the European Economic Area (EEA). Where this is the case, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.

How we protect your data.

The High Tide Foundation is committed to keeping personal data protected and secure. An important procedure to keep data secure is to prevent unauthorised access which we do through levels of encryption.

We also ensure that the third-party organisations we share data with keep all personal data they process or store secure.

An annual audit will be carried out following the guidance from the ICO to ensure the data we collect; store and process is not only necessary but also kept protected and secure.

Your Rights

You have the rights to request:

• Information about how your personal data is processed and stored
• A copy of any personal data High Tide holds on you
• That any information in your personal data is corrected immediately.
• Raise an objection about how your personal data is processed
• Request that your personal data is erased if there is no longer justification for it.
• Ask that the processing of your personal data is restricted in certain circumstances.

Standards of good practice

Our management practice is informed by the Code of Conduct from the Guide to General Data Protection Regulation, a copy of this guide will be stored in the GDPR File located in The High Tide Foundation office.

Cookies

How we use Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

Except for essential cookies, all cookies will expire after 2 years.