web design templates


Note on this guideline template: Many guideline templates are bulky and simply repeat large parts of the legislation. This template is different: it is designed to provide a short and practical document that can be used by trustees of small charities as the basis for a functioning privacy policy. If you have any doubts about your legal obligations, you should always contact a lawyer.

1.) Data protection principles

The charity is committed to processing data in accordance with its responsibilities under the GDPR. According to Article 5 of the GDPR, personal data are: lawful, fair and transparent processing in relation to individuals; collected for specified, express and lawful purposes and not processed in a way that is incompatible with these purposes; Further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered to be incompatible with the original purposes. reasonable, relevant and limited to what is necessary for the purposes for which they are processed; accurate and, if necessary, up to date; Every effort must be made to ensure that personal data that is incorrect, taking into account the purposes for which it is processed, is immediately deleted or corrected. are kept in a form that does not allow the identification of the data subject longer than is necessary for the purposes for which the personal data are processed; Personal data may be stored for longer periods, provided that the personal data is processed exclusively for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, provided that the technical and organizational measures required by the GDPR are taken to protect the rights and freedoms protect the individual; and processed in a manner that ensures adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. "

2. General provisions 

This policy applies to all personal information processed by the charity, and the responsible person assumes responsibility for the charity's continued compliance with this policy. This policy is reviewed at least once a year. The charity must register with the Information Commissioner's Office as an organization that processes personal data.

3. Legal, fair and transparent processing.

To ensure that data processing is legal, fair and transparent, the charity maintains a system registry. The system register is checked at least once a year. Individuals have the right to access their personal information, and such requests to the charity will be processed in a timely manner. 

4. Legal purposes 

All data processed by the charity must be based on one of the following legal bases: consent, contract, legal obligation, important interests, public service or legitimate interests. The charity must record the appropriate legal basis in the system registry. If the consent is used as a legal basis for the processing of data, the proof of consent is kept together with the personal data. When messages are sent to individuals based on their consent, the possibility for the individual to withdraw their consent should be clearly available, and systems should be in place to ensure that such withdrawal is correctly reflected in the charity's systems . 

5. Data minimization. 

The charity ensures that personal data is appropriate, relevant and limited to what is necessary for the purposes for which it is processed.

6. Accuracy

The charity takes appropriate measures to ensure the accuracy of personal data. To the extent necessary for the lawful processing of the data, measures are taken to ensure that personal data are kept up to date. 

7. Archiving / removal. 

To ensure that personal information is not kept longer than necessary, the charity sets up an archiving policy for each area where personal information is processed and reviews this process annually. The archiving guidelines must take into account which data should / should be kept for how long and why. 

8. Security 

The charity ensures that personal data is securely stored using modern, up-to-date software. Access to personal data is limited to personnel who need access and adequate security measures should be taken to prevent the unauthorized exchange of information. If personal data is deleted, this should be done in a secure manner so that the data cannot be restored. Suitable backup and disaster recovery solutions must be available. 

9. Break 

In the event of a security breach that leads to accidental or unlawful destruction, loss, modification, unauthorized disclosure, or access to personal data, the charity must immediately assess the risk to human rights and freedoms and, if necessary, report the breach the ICO. 


© Urheberrechte 2020 Sunny German - Alle Rechte vorbehalten