DATA PROTECTION POLICIES

OUR POLICIES RELATING TO DATA PROTECTION.

The National Union for Professional Foster Carers (NUPFC) regards the lawful and correct treatment of personal data as critical to the success and effectiveness of its operations. It is also vital for maintaining the confidence of those we serve.

Our policies:

  • clearly set out responsibilities and accountabilities
  • communicate to our employees and members our values and expectations about handling personal data
  • provide for data security and data breach management
  • set out how we manage people’s data protection rights.

This reflects how important it is to us to make sure that we process personal data fairly, lawfully and transparently and in compliance with Data Protection principles and the General Data Protection Regulation (GDPR).

YOUR RIGHTS

YOUR LEGAL RIGHTS UNDER THE DATA PROTECTION ACT AND HOW TO CONTACT US.

  • To request access to your personal data.
  • To request correction of our records.
  • To request removal of data or limit our use of it – this right is not absolute and we may not be able to comply with your request. You have a right to have personal data erased and prevent types of data processing in the following specific circumstances.
    • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
    • When you withdraw consent we have relied upon.
    • When you object to the processing and there is no overriding legitimate interest for continuing the processing.
    • The personal data was unlawfully processed.
    • The personal data has to be erased in order to comply with a legal obligation.
    • The personal data is processed in relation to the offer of information society services to a child.
  • To object to processing – in some cases, we may need to explain that we have good grounds to continue to process your information.
  • To data portability – this right allows individuals to obtain and reuse their personal data for their own purposes for different services. This only applies to personal data provided by you, with your consent or for the performance of a contract, and when processing is automated.
  • Not to be subject to automated decision-making, including profiling – this right only applies where the decision is based on automated processing and we do not undertake any automated decision-making, including profiling.
  • To withdraw consent (when this is the only basis for our use of your data).

PERSONAL DATA

We will only use your personal data when the law allows us to. The bases are set out in Article 6 of the General Data Protection Regulation (GDPR). In most cases the basis for processing is to enable the performance of a public task.

We will use your personal data in the following circumstances:

  • Public task: to perform a task in the public interest or for an official function.
  • Legal obligation: to comply with the law (not including contractual obligations).
  • Contract: for a contract with you, or because you have asked us to take specific steps before entering into a contract.
  • Vital interests: to protect someone’s life.
  • Legitimate interests: to protect the interests of the NUPFC or someone else unless there is a good reason to protect your data which overrides those other interests.
  • Consent: you have specifically agreed to our use of your data and we have no other legal basis for processing it.

PAYMENTS PRIVACY NOTICE

PRIVACY NOTICE SPECIFICALLY ABOUT PAYMENTS CUSTOMERS MAKE.

This privacy notice covers payments online payments made.

We take your payment information to provide services to you and for collection of lawful charges.

Your information will be held on our payment system. Only staff and third parties who are entitled to see the information, including our payment provider have access to it and they may only use it for the purposes stated.

We have strict security measures in place to prevent the alteration, loss or misuse of your payment information on our systems and operate to the Payment Card Industry Data Security Standard (PCI-DSS).

WHAT INFORMATION WE COLLECT 

You may be asked to provide the following:

  • account or reference number
  • credit or debit card details
  • email address
  • name
  • address.

HOW WE USE YOUR PERSONAL INFORMATION

The information you give us may be used to maintain and improve the services which we deliver. This includes developing and upgrading the systems we use to process your information.

We may also share information with our auditors, central government departments or the police to protect public funds and detect and protect against fraud.

HOW LONG WE WILL KEEP YOUR PERSONAL DATA

We will hold your personal information for the duration of your membership with us. If you cancel your membership we will hold your personal information for 12 months in line with retention record keeping guidelines, after which time it will be securely destroyed.

IF YOU HAVE AN ISSUE TO RESOLVE

We have appointed a data protection officer (DPO) who is responsible for overseeing issues in relation to this Privacy Policy. If you have any questions about this policy or want to exercise your legal rights, contact the DPO via email:

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO. If you have a complaint about why your information has been collected, how it has been used or how long we keep it for, please contact the DPO.