Public Information Statement on Data Protection 2024
At Peaceful Place, we are committed to protecting the privacy and personal data of all our stakeholders, including staff, trustees, volunteers, beneficiaries, and customers. Our Data Protection Policy outlines our dedication to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and safeguarding your personal information through all our activities. We are also proud to be certified by the Information Commissioner's Office (ICO), demonstrating our commitment to the highest standards of data protection.
DPA stands for the Data Protection Act. It is a UK law designed to protect personal data stored on computers or in an organized paper filing system. The Act gives individuals the right to know what information is held about them and provides a framework to ensure that personal information is handled properly. The DPA works alongside the General Data Protection Regulation (GDPR) to ensure personal data is processed lawfully, fairly, and transparently.
​
Key Points of Our Data Protection Policy:
​
Recruitment and Employment: We handle recruitment information transparently and securely, ensuring all data collected is used solely for its intended purpose. Employment records are maintained with strict access controls and retained for a specified period before secure destruction.
​
Customer Data Management: Personal customer data is processed in compliance with UK GDPR and DPA. Case files are stored in a secure database and archived when no longer required for their intended purpose. Hard copies, such as "In Case of Emergency" forms, are carried with our beneficiaries. These forms, which include a photograph of the individual, are essential for ensuring their safety in emergency situations. All data is retained as legally required for specific purposes, such as accounting. Non-identifiable information is held to maintain privacy and confidentiality.
​
Data Security: All data is stored securely within the UK, and we avoid international transfers without explicit consent. We follow best practices for handling sensitive and confidential information, whether in electronic or paper format.
​
Staff Data Rights: We uphold the rights of our staff under UK GDPR and DPA. Staff have the right to access, rectify, and erase their personal data, among other protections. They can review their records for verification and request corrections as needed to ensure their information is accurate and up-to-date.
​
Fundraising Data Collection: In compliance with UK GDPR and DPA, we collect and process personal data for fundraising purposes with the utmost respect for privacy and data protection. Information such as donor names, contact details, and donation history is securely stored and used exclusively to enhance our fundraising efforts, maintain donor relations, and fulfil legal obligations. We ensure transparency by informing donors about the data we collect and their rights regarding access, rectification, and erasure of their personal information. This approach not only safeguards privacy but also builds trust and accountability with our supporters.
​
Financial Records Statement: At Peaceful Place, we maintain meticulous financial records in compliance with UK laws and regulations. Our financial records are accurately documented, securely stored, and regularly reviewed to ensure transparency and accountability. These records encompass all transactions, including income, expenditures, donations, and grants, providing a clear and comprehensive view of our financial health. We conduct regular audits and financial reviews to uphold the highest standards of financial integrity and to ensure the proper allocation and use of our resources.
​
Credit Card Transactions: Peaceful Place is PCI DSS certified, ensuring that all credit card transactions are handled securely and in compliance with the Payment Card Industry Data Security Standard (PCI DSS). This certification demonstrates our commitment to protecting cardholder data during all credit card transactions. We utilise encryption, secure payment gateways, and robust access controls to safeguard all credit card information.
Sales at Charity Shop: Information gathered through sales at our charity shop is processed in compliance with UK GDPR and DPA. Any personal data collected during transactions, such as customer names and contact details, is securely stored and used solely for the purpose of transaction processing and record-keeping. We ensure that all payment information is handled securely, adhering to PCI DSS standards to protect against fraud and unauthorised access.
​
Data Breach Response: We address any breaches of procedure or data loss promptly, conducting independent investigations and taking appropriate actions, including disciplinary measures if necessary.
​
Training and Compliance: Our data protection policy is reviewed regularly, and we conduct regular staff training on best practices and policy changes to ensure ongoing compliance.
​
Contact for Data Protection Matters: Our CEO is the primary contact for any data protection issues, queries, or complaints. Individuals can request access to their personal data by contacting the CEO, and we aim to comply with such requests within one month. Contact: ceo@peacefulplace.co.uk
​
By adhering to these principles and practices, Peaceful Place ensures that the personal data of all our stakeholders is handled with the utmost care and integrity. We are committed to maintaining the highest standards of data protection and privacy in all our operations.