Wembley To Soweto Foundation GDPR Privacy Policy

  1. Introduction
    • The Wembley To Soweto Foundation recognizes the importance of protecting
      personal data and is committed to complying with the General Data Protection
      Regulation (GDPR). This policy outlines our approach to the collection, processing, storage, and protection of personal data.
  2. Data Collection and Processing
    • We collect and process personal data only for specified, explicit, and legitimate purposes.
    • Individuals are informed of the purpose and legal basis for processing their data when it is collected.
  3. Lawful Basis for Processing
    • Personal data is processed only when there is a lawful basis, such as consent, contract, legal obligation, vital interests, public task, or legitimate interests.
  4. Data Minimisation
    • We collect and process only the minimum amount of personal data necessary for the intended purpose.
  5. Data Accuracy
    • We take reasonable steps to ensure the accuracy of personal data and update it when necessary.
  6. Data Security
    • Personal data is stored securely, and appropriate measures are in place to prevent unauthorized access, disclosure, alteration, or destruction.
  7. Data Subject Rights
    • Individuals have the right to access, rectify, erase, restrict processing, and port their personal data.
    • Requests from data subjects regarding their rights will be promptly addressed.
  8. Data Breach Response
    • In the event of a data breach, we have procedures in place to assess and report the breach to the relevant supervisory authority and affected data subjects, where necessary.
  9. Data Protection Impact Assessments (DPIAs)
    • DPIAs are conducted when processing is likely to result in a high risk to individuals’ rights and freedoms.
  10. International Data Transfers
    • Personal data is not transferred outside the European Economic Area (EEA) without appropriate safeguards.
  11. Data Retention
    • Personal data is retained only for as long as necessary for the purposes for which it was collected.
  12. Data Protection Officer (DPO)
    • The foundation has appointed a Data Protection Officer responsible for overseeing GDPR compliance and providing guidance.
  13. Training and Awareness
    • Staff and volunteers are provided with training on GDPR principles and data protection responsibilities.
  14. Policy Review
    • This policy is subject to regular review and will be updated to reflect changes in legislation, organizational practices, and technology.