© 2018 Privacy notice
Version 1 Published 21 May 2018 Revisions None to dateIntroduction
In order to achieve its charitable objects, Langdale Ambleside Mountain Rescue Team (LAMRT) needs to hold personal data about various groups of individuals. These include team members, team members’ partners and / or next of kin, casualties, financial supporters, suppliers and visitors to its website. The personal data that we hold includes names, postal / telephone / email contact details, and medical history.
This policy sets out how we protect your rights and freedoms and how we look after your personal data in accordance with our legal obligations.
At all times, we have a dedicated Data Protection Representative (DPR), who can be contacted for further information about this policy. The DPR is consulted by team members before they begin any new activities that involve using personal data, to ensure that such activities are lawful. Our DPR is currently Mark Bains, Chair.
1
Why we use personal data
We use personal data to: carry out rescues, which includes saving lives; maintain a membership of mountain rescue volunteers; ensure safe working practices and monitor our procedures; promote our charitable work and carry out fundraising; keep our base and equipment secure; meet our legal, regulatory and governance obligations; investigate complaints; respond to investigations by regulatory bodies or in connection with legal proceedings or requests.
2
Our legal grounds for using personal data
We rely on each of the six recognised legal grounds for using personal data: vital interest, such as when we are protecting the lives of a beneficiary during a rescue. This is our core charitable work. public interest, such as when we are tasked by Cumbria Constabulary or North West Ambulance Service, our calling authorities, but in a non-life-threatening situation. legitimate interest, such as when we use CCTV cameras at our premises for the purposes of crime prevention. consent, such as when we send our Yearbook to a supporter. legal obligation, such as when an eligible UK taxpayer asks us to claim tax relief on his or her donation. contract, such as when fulfilling our obligations to the small business-owners who advertise in our Yearbook.
We always ensure that we are clear about which of these legal bases apply before we use someone’s personal data. When relying on legitimate interest, we ensure that the person’s personal rights and freedoms aren’t compromised as a result. When relying on consent, we ensure that such consent is lawfully obtained.
Who we share personal data with
We might share personal data with the following institutions. Cumbria Constabulary, through whom the majority of our beneficiaries tell us that they need our services, and with whom we have a formal information-sharing agreement. North West Ambulance Service and / or H.M Coastguard, to whom we pass many of our beneficiaries for further medical attention. In these instances, the personal data that we have gained from our beneficiaries is in their physical possession. Neighbouring mountain rescue teams, with whom we also have an information-sharing agreement. Saint & Co, who act as our independent financial examiner and who have access to the personal details of our donors. Saint & Co are registered with the Information Commissioner’s Office as a data controller. An insurance company, solicitor or court of law, in the event of an insurance or legal claim. In such an eventuality, we will notify you at the point at which your data is being shared if you aren’t aware of this already.
Our responsibilities
We limit access to personal data to those who need it. For example: access to our operations room during a rescue (when information about the health of one of our beneficiaries might be visible on a paper log or computer screen ) is restricted to approved people; footage recorded by our CCTV cameras may be viewed by approved personnel following an incident and disclosed to a third party during a police investigation but not in any other circumstances.
3
We store personal data securely. For example, paper records are kept under lock and key in an alarmed building to which access is restricted, and electronic records are stored on encrypted devices. We only obtain the personal data that we need. For example, the form that we use to record information about the people that we rescue is structured in a way that ensures that we only record information that is pertinent to their care.
We don’t keep personal data for longer than we need to. For example, in most instances we maintain records of the people that we have rescued for no longer than ten years, and we only keep donor records for the statutory 7-year period.
We have procedures for detecting, investigating and reporting personal data breaches. For example, our team members are aware of their individual responsibilities when handling personal data and are required to tell our Data Protection Representative straightaway if they are aware of or suspect a breach.
We review this policy annually, and more frequently should changes in the law or our own procedures require it.
Your rights
The 2018 Data Protection Act 2018 gives you certain rights, including the right to:
request access to the personal data we hold about you.
request the correction of inaccurate or incomplete information in our records, subject to certain safeguards.
request your personal information to be transferred from one IT environment to another without hindrance to its usability.
object to the use of your personal data. In certain circumstances you may also have the right to object to the processing (i.e. sharing) of your information.
If you wish to complain about how we have handled your personal data, please contact our Data Protection Representative at our registered address or using the contact details on our website.
If you are unhappy with our response to your complaint or with the way in which we are looking after your personal data, you can complain to the Information Commissioner’s Office (ico.org.uk/concerns).
You also have the right to see the personal information that we hold about you. In law, this is known as a ‘subject access request’. Please address your request to ‘the Data Protection Representative’ and send it to us using the contact details above. We do not charge and we will provide a full response within a month.
The Information Commissioner’s Office can give you more information about your legal rights. Its contact details are available on its website, ico.org.uk.
4
Appendix: cookies policy
Langdale Ambleside Mountain Rescue Team respects the privacy of everyone who visits its website and it therefore complies with all statutory data protection provisions applicable to England and Wales.
Our website (ww.lamrt.org.uk) uses cookies to collect non-personal user information. If you browse our website it will not collect any information about you beyond what is required for system administration of the website.
Cookies are pieces of data created when you visit a website, and they contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, and do not expire at the end of your session. Cookies do not contain any personal information about you, and cannot be used to identify an individual user. If you choose not to accept the cookie, this will not affect your access to the majority of facilities available on our website.
Although your browser may be set up to allow the creation of cookies, you can specify that you be prompted before a website puts a cookie on your hard disk, so that you can decide whether to allow or disallow the cookie. Alternatively, you can set your computer not to accept any cookie.