We recognise that your data is important. These provisions apply to how we treat your data in order to comply with the relevant data protection legislation.
We are registered on the Data Protection Public Register, under number: ZA188315. To find out more about the Data Protection Register, visit the Information Commissioner's Office website at www.ico.org.uk.
In addition to words and phrases previously defined in our Terms, terms shall be as defined in the General Data Protection Regulation (GDPR) as amended from time to time.
In order to provide our services, Benefacto acknowledges that we are required to process personal data. Benefacto may be both a Data Controller and Data Processor, depending on the service.
Benefacto as a Data Controller
We are the Data Controller for activities surrounding VolunteerHub, where we collect data and use it for the purposes of organising volunteering and reporting details of this activity back to our corporate members.
Where Benefacto provides a service where we are the data controller, we acknowledge and agree that we shall comply with the relevant data protection legislation with respect to all such personal data.
Benefacto as a Data Processor
For our DataHub and GivX services, we are the Data Processor, and the Benefacto Member is the Data Controller.
In this case, the Benefacto Member is using our digital tools to collect and report data.
In the case we are a Data Processor we confirm we will support the Data Controller by:
We store data in the following places:
Notwithstanding the wide-ranging contacts and opportunities that Benefacto provides, it is a small company with fewer than 12 employees. All employees have had data protection training and receive regular updates on data protection and related activities, such as security. All of our employees have access to our databases in order to perform our services.
We do not permit any other third party to process personal data on our behalf.
We have implemented appropriate technical and organisational measures to meet the requirements of the relevant data protection legislation, to protect the rights of data subjects, and to ensure and to be able to demonstrate that processing is performed in accordance with relevant data protection legislation. This includes appropriate technical and organisational security measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
We have in place appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.
That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility.
At your written request, we shall delete, anonymise or return all the personal data relating to participants associated with your organisation to you within a reasonable time and to delete all existing copies unless applicable law requires storage of the personal data.
Please email email@example.com to organise this.
We shall not transfer personal data to a third-party country or international organisation unless you have given prior written consent and such transfer complies with relevant data protection laws.
We shall maintain a record of all information reasonably necessary to demonstrate compliance with our obligations and shall provide reasonable assistance to you in respect of any audits performed by you or on your behalf as required to meet the standards set out in the relevant data protection legislation.
We shall promptly inform you if any personal data is lost or destroyed or becomes damaged, corrupted or unusable.
In compliance with the relevant data protection legislation we shall notify you and/or the relevant supervisory authority of any data breaches.