Privacy Statement

Here at Renewed Hope Trust we take your privacy seriously and will only use your personal information to facilitate your volunteering. This privacy statement explains what personal data we collect from you and how we use it. We encourage you to read the summaries below and if you would like more information on a particular topic please contact our Data Protection Officer (DPO) by writing to Renewed Hope Trust, 3 London Road, Redhill, RH1 1LY

How We Use Personal Data

Your personal data will be used to process your volunteering application as well as in aggregate be used to provide details to grant making bodies, the local churches and the council. We will hold your data for as long as we have you as a volunteer or as we legally have to.

We will not normally share personal data with anyone else, but may do so where: There is an issue that puts the safety of our staff at risk or we need to liaise with other agencies or third parties – we will seek consent as necessary before doing this

We will also share personal data with law enforcement and government bodies where we are legally required to do so, including for:

  • The prevention or detection of crime and/or fraud
  • The apprehension or prosecution of offenders
  • In connection with legal proceedings
  • Where the disclosure is required to satisfy our legal obligations

How We Protect Your Personal Data

We use encrypted storage and transfer for all electronic data and have password access controls in place. If paper copies are utilised we ensure that all information is held in secure locked cabinets with controlled access by named individuals.

How to Access & Control Your Personal Data

Individuals have a right to make a ‘subject access request’ to gain access to personal information that the trust holds about them. This includes:

  • Confirmation that their personal data is being processed
  • Access to a copy of the data
  • The purposes of the data processing
  • The categories of personal data concerned
  • Who the data has been, or will be, shared with
  • How long the data will be stored for, or if this isn’t possible, the criteria used to determine this period
  • The source of the data, if not the individual
  • Whether any automated decision-making is being applied to their data, and what the significance and consequences of this might be for the individual

Subject access requests must be submitted in writing, either by letter or email to the DPO. They should include:

  • Name of individual
  • Correspondence address
  • Contact number and email address
  • Details of the information requested

When responding to requests, we:

  • May ask the individual to provide 2 forms of identification
  • May contact the individual via phone to confirm the request was made
  • Will respond without delay and within 1 month of receipt of the request
  • Will provide the information free of charge
  • May tell the individual we will comply within 3 months of receipt of the request, where a request is complex or numerous. We will inform the individual of this within 1 month, and explain why the extension is necessary
  • If the request is unfounded or excessive, we may refuse to act on it, or charge a reasonable fee which takes into account administrative costs. A request will be deemed to be unfounded or excessive if it is repetitive or asks for further copies of the same information. When we refuse a request, we will tell the individual why, and tell them they have the right to complain to the ICO.

Other data protection rights of the individual: In addition to the right to make a subject access request (see above), and to receive information when we are collecting their data about how we use and process it, individuals also have the right to:

  • Withdraw their consent to processing at any time
  • Ask us to rectify, erase or restrict processing of their personal data, or object to the processing of it (in certain circumstances)
  • Prevent use of their personal data for direct marketing
  • Challenge processing which has been justified on the basis of public interest
  • Request a copy of agreements under which their personal data is transferred outside of the European Economic Area
  • Object to decisions based solely on automated decision making or profiling (decisions taken with no human involvement, that might negatively affect them)
  • Prevent processing that is likely to cause damage or distress
  • Be notified of a data breach in certain circumstances
  • Make a complaint to the ICO