Data Protection Policy
Under the terms of the General Data Protection Regulations (2016), NATURE DAYS has designed and implemented this Data Protection Policy to establish good data protection practices in view of its responsibilities as data processor and data controller, and to ensure NATURE DAYS protects the personal data and privacy of the individuals with whom it interacts.
Those individuals include members and supporters, course attendees, students and their parents and guardians, school contacts, customers.
NATURE DAYS collects and processes individual’s personal information in order to carry out the work of the company as a supplier of services. The nature of this information is sometimes sensitive, for example when it may include medical or ethnicity details; so in its duty of care, NATURE DAYS has in place data-processing and data privacy procedures and a rolling programme of data-protection training to ensure staff that handle personal and sensitive data, do so in a manner that is compliant with the General Data Protection Regulations.
This policy exists to ensure sufficient emphasis is placed on data protection, so that any processing of personal data carried out by NATURE DAYS and any necessary third-party data-processors complies with NATURE DAYS’s data protection obligations as data controller as set out in Article 5(2) of GDPR, that states;
“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
This policy draws attention to the General Data Protection Regulations (2016) and the key principles which state that personal data must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest,
and in particular:
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data Protection Policy
In complying with the terms of this policy, NATURE DAYS will therefore:
- only use the personal data provided/obtained for purposes as stated in the NATURE DAYS data-processing statement
- take appropriate and reasonable steps to ensure the integrity of NATURE DAYS staff with access to personal data
- continue to train those members of NATURE DAYS staff who carry out processing of personal data, to ensure awareness of the requirements of the GDPR (2016), and provide the necessary data protection training/guidance as appropriate to their role to ensure compliance.
- take reasonable steps to ensure the security of the personal data, protecting it against unauthorised processing, accidental loss, damage or destruction.
- report to the ICO within 72 hours of any security breaches that require ICO notification
- handle ‘Subject Access Requests’ from data subject within 30 days in accordance with the General Data Protection regulations and under our obligations to provide the “Right to Access”.
- only maintain/store personal data for the retention periods as stated in our data-processing log. Beyond this time frame personal data will be securely removed/erased.
- provide full cooperation in relation to any data-processing complaint from data subjects, and if applicable, remove personal data upon request in accordance with our obligations to provide the “Right to be forgotten”.
- not disclose personal data to third-parties unless we are required to so by law. NATURE DAYS will not pass on personal data to other organisations where there is not a necessity/requirement to do so.
NATURE DAYS fully endorses and adheres to the principles of the General Data Protection Regulations (GDPR). We have implemented and continue to review/develop data protection policies and procedures to help ensure that we manage and process personal information lawfully and correctly. We are committed to ensuring that our employees who manage and handle personal information are appropriately trained to do so and that data handling processes and procedures are regularly reviewed and audited for compliance.
NATURE DAYS regards the lawful and compliant handling of personal information as important to successful operations and to maintaining the confidence of those with whom we interact, and NATURE DAYS fully embraces the aims of the GDPR.
How Do We Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 7, below.
Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract with you, because you have consented to Our use of your personal data (e.g. by subscribing to emails), or because it is in Our legitimate interests. Specifically, We may use your data for the following purposes:
- Providing and managing your Account;
- Providing and managing your access to Our Site;
- Personalising and tailoring your experience on Our Site;
- Supplying Our products/services to you (please note that We require your personal data in order to enter into a contract with you);
- Personalising and tailoring Our products/services for you;
- Replying to emails from you;
- Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by clicking the link in our emails);
- Market research;
- Analysing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience;
With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email/telephone/text message/post with information, news and offers on Our products/services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
You have the right to withdraw your consent to Us using your personal data at any time, and to request that we delete it.
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
Last Update: June 2019