GDPR Policy

GDPR Policy and consideration

The new General Data Protection Regulations (GDPR), which come into force on 25 May 2018, will strengthen an individual’s data protection rights, ensuring that those using their information will do so with care and consideration of the potential risks, whilst having safeguards in place to protect the individual. It will achieve this by giving individuals greater control over their personal and sensitive information, introducing stricter rules for gathering and storing sensitive data, as well as increasing the powers of national regulators, such as The Information Commissioner’s Office (ICO).

At iDID Adventure we want our participants and volunteers to be confident in the way in which their information is used, taking the security of their personal data and the implementation of these new rights seriously. We currently access personal data to respond to queries and provide services and manage volunteer relations. 

Access to your information is limited to ourselves but there are occasions when we need to disclose your details to others.  When we need to do this, we do it:

•    Where it is in our legitimate interests to do so i.e. to carry out customer research to help us improve our service
•    When we are legally obliged to, i.e. credit checks
•    Or when relevant with your prior consent

We may also share your information with emergency services and local authorities with regards to any safeguarding issues that might arise. As a result of new regulations volunteers, staff and participants will have the right to:

•    Be informed of the data held
•    Withdraw consent for their data to be used
•    Amend their dataRestrict processing in limited circumstances i.e where the data is inaccurate
•    Request for their data to be deleted, known as the ‘right to be forgotten’
•    Give explicit consent for their data to be processed by ticking an ‘opt-in box’
•    Provide parental consent before using their child’s data

To ensure confidence in our use of data, we will:

•    Enhance our security measures to protect your personal and sensitive data
•    Regularly review our policies and procedures to ensure they are robust and evolve accordingly
•    Provide regular and ongoing training in data protection for our staff to ensure they understand their duties and responsibilities
•    Ensure data breaches will be actioned swiftly and in a fully transparent manner, notifying those affected and the appropriate authorities accordingly.