GDPR Policy

1. Introduction
Make More Community CIC is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy outlines our approach to data protection, including the collection, processing, storage, and sharing of personal data.

2. Definitions

• Personal Data: Any information that relates to an identified or identifiable living individual.
• Data Controller: The organisation responsible for determining the purposes and means of processing personal data.
• Data Processor: A person or entity processing personal data on behalf of the data controller.

3. Principles of Data Protection
Make More Community CIC adheres to the following principles of data protection:

• Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimisation: We only collect and process data that is necessary for the purposes for which it is being processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up-to-date.
• Storage Limitation: Personal data is kept in a form that permits identification for no longer than is necessary for the purposes for which it is processed.
• Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
• Accountability: We demonstrate compliance with the principles of data protection.

4. Data Collection and Processing

• Consent: We obtain clear and explicit consent from individuals before collecting and processing their personal data.
• Purpose Specification: Personal data is collected for specified, explicit, and legitimate purposes, and individuals are informed of these purposes.
• Data Minimisation: We only collect data that is strictly necessary for the purposes for which it is processed.

5. Data Subject Rights

• Access: Individuals have the right to access their personal data and information about how it is being processed.
• Rectification: Individuals can request the correction of inaccurate or incomplete personal data.
• Erasure (Right to be Forgotten): Individuals can request the deletion or removal of personal data.
• Data Portability: Individuals can request the transfer of their personal data to another party.
• Objection: Individuals have the right to object to the processing of their personal data.

6. Data Security

• Physical Security: Access to areas where personal data is stored is restricted to authorised personnel.
• Technical Security: We implement technical measures to protect personal data from unauthorised access, disclosure, alteration, and destruction.

7. Responsible Use of Data

• Personal data must only be used in accordance with the policies, procedures, and ethical guidelines of Make More Community CIC.
• No personal data may be used for personal gain or any purpose that falls outside the organisation’s defined use permit.
• Any misuse of data, including unauthorised access, distribution, or use for personal advantage, will be considered a serious offence and may result in disciplinary action, including termination and potential legal consequences.

8. Use of Artificial Intelligence (AI) Systems

• Under no circumstances should personal service user data be inputted into AI systems, including machine learning tools or automated decision-making software, unless explicitly authorised by Make More Community CIC and compliant with GDPR regulations.
• Staff must ensure that AI technologies used for data processing comply with organisational policies and data protection laws.

9. Data Breach Notification
In the event of a data breach, Make More Community CIC will comply with legal obligations to report the breach to the Information Commissioner’s Office (ICO) and, where required, to affected individuals. Any breaches that constitute gross misconduct or actions outside of the organisation’s use permit will be subject to disciplinary action.

10. Review and Update
This Data Protection (GDPR) Policy will be reviewed annually or as needed to ensure its continued relevance and compliance with data protection laws.

By using our website and any of Make More’s services, you acknowledge and agree to this GDPR policy. If you have any questions or concerns about our privacy practices, please contact us at info@make-more.org.