Data Protection Policy
Kennet Community Radio (“Kennet Radio”) is committed to safeguarding the personal data of all individuals associated with our organisation, including volunteers, guests, interviewees, individuals featured in our social media content, business partners, and donors. This Data Protection Policy outlines our approach to handling personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Purpose and Scope
This policy applies to all personal data processed by Kennet Radio, encompassing data related to:
- Volunteers
- Guests and interviewees
- Individuals featured in our social media platforms, including videos
- Business partners, where personal data is involved
- Donors
All staff, volunteers, and associates are required to adhere to this policy.
2. Data Protection Principles
We uphold the following principles when processing personal data:
Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimisation: Only data that is adequate, relevant, and limited to what is necessary will be collected.
Accuracy: We will ensure that personal data is accurate and kept up to date.
Storage Limitation: Personal data will be retained only as long as necessary for the purposes for which it was collected.
Integrity and Confidentiality: Appropriate security measures will be implemented to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
Accountability: We will be responsible for and able to demonstrate compliance with these principles.
3. Lawful Bases for Processing
We will process personal data under the following lawful bases:
Consent: Where individuals have provided clear consent for specific purposes.
Contractual Necessity: Where processing is necessary for the performance of a contract with the individual or to take steps at their request before entering into a contract.
Legal Obligation: Where processing is necessary to comply with a legal obligation.
Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by the individual’s rights and interests.
4. Data Subject Rights
Individuals have the following rights regarding their personal data:
Right to Be Informed: About the collection and use of their personal data.
Right of Access: To their personal data and supplementary information.
Right to Rectification: To have inaccurate personal data corrected or completed if it is incomplete.
Right to Erasure: To have personal data erased under certain conditions.
Right to Restrict Processing: To request the restriction or suppression of their personal data under certain conditions.
Right to Data Portability: To obtain and reuse their personal data for their own purposes across different services.
Right to Object: To processing based on legitimate interests or direct marketing.
Rights in Relation to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
5. Data Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
Encryption of personal data where applicable.
Regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing.
6. Data Sharing and Disclosure
Personal data will not be shared with third parties without the individual’s consent unless required by law or necessary for the performance of our services. Any data sharing will be conducted under a formal agreement outlining the responsibilities of all parties involved.
7. Data Retention
Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. We will establish and adhere to retention schedules for different categories of personal data.
8. Training and Awareness
All staff, volunteers, and associates will receive training on this policy and data protection principles to ensure compliance.
9. Data Breaches
Any data breach will be reported immediately to the designated Data Protection Officer. We will assess the breach promptly and, where necessary, report it to the Information Commissioner’s Office (ICO) within 72 hours.
10. Policy Review
This policy will be reviewed annually or when necessary to reflect significant changes in data protection law or our data processing practices.
For any questions or concerns regarding this policy or data protection practices, please contact our Data Protection Officer at [contact information].
By adhering to this policy, Kennet Radio ensures the protection of personal data and compliance with applicable data protection laws.