We’re updating our policies to reflect changes we’ve made to strengthen your privacy rights. This is part of our ongoing commitment to be transparent about how we use your data and keep it safe.
We have included changes to address the new standards introduced by the European data protection law known as the General Data Protection Regulation (GDPR) 2018.
What is Personal Information?
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We do not consider personal information to include information that has been anonymised or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.
What personal data we collect and how will we use it
We collect personal information from you when you book/attend a D&G LGBT Plus event, attend our support services, website chat, sign up for our newsletter text messaging service, email us or sign up to be a member of D&G LGBT Plus. We also store information on staff, trustees and volunteers e.g. next of kin details and medical information to ensure you are kept safe when engaging with us.
We use your personal information to provide and improve our services and to update you on what we are doing. As a membership organisation, we have a duty to keep a list of members and contact them e.g. to notify about an AGM. We also keep details of people who have accessed our support services in order that we have continuity in the service and to monitor ongoing changes/improvements, as well as to measure personal goals and therapeutic outcomes. We also retain this information for 5 years in case people are re-referred to us, in case they need evidence of the work they did with us at a later stage or wish to make a complaint. Data that is reported externally in any way goes through a disclosure protection process which ensures that none of the data could identify individuals. This is especially important in a region like Dumfries and Galloway where the LGBT community in any town can be small with protected.
How we store your personal information
We store your data within our encrypted computer systems within our own server. We use secure spreadsheets that are password protected to maximise safety. Paper information is kept in locked filling cabinets in locked rooms accessible by only specific D&G LGBT Plus staff.
This information we store is partly is to ensure we can keep you safe and healthy and meet your needs as best we can. We appreciate that some of the information will be sensitive, so please be assured this will be treated sensitively and confidentially in line with GDPR Regulations 2018 and we do not pass on your personal information to anyone outside of the organisation.
GDPR Specific requirements
• Please note that your data is not shared with anyone outside of D&G LGBT Plus and is held securely for 5 years after your membership/role ceases.
• Please ensure that you let us know about any changes to the information supplied
• The lawful basis for holding your information is to deliver our services in line with the funding/contracts we have in place with various organisations and in line with the organisation’s purposes as set out in the Constitution.
• You have the right to complain to the Information Commissioner if you think there is a problem with the way D&G LGBT Plus is handling your information. In the first instance please direct your complaint to the Service Manager or Data Protection Trustee.
• You have the right to be informed of the information we are keeping about you; the right of access to such information; the right to rectification of any errors in the information; the right to erasure of information and the right to object. We ensure that information that is out of date is deleted appropriately.
• You are entitled to ask to see the personal information we hold, and all reasonable requests will be met within 30 days at no cost.