Positive Parent Action (PPA) are required to comply with the provisions of the General Data Protection Regulation (GDPR) May 2018, in relation to how we handle any personal data which we obtain from you and gives individuals the right to know what information is held about them.
Member’s personal data is any information relating to a person who can be directly or indirectly identified from the information given. This includes but is not limited to – parent/carer’s name, postal/email address, telephone number, child/young person’s details and ethnicity. All information you voluntary submit to us is held securely in accordance with the General Data Protection Regulation (GDPR).
Positive Parent Action (PPA) will:
Definitions and Roles
The GDPR applies to Data Controllers, Data Processors and Data Officers.
All Management Committee/Staff/Volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work. Significant breaches of this policy will be handled under our disciplinary procedures.
We may use the information we hold about you in the following ways to:
Voluntary submission of personal data
You can voluntarily submit your personal data by:
In voluntarily submitting your personal data to us, we may process and in particular may disclose your personal data anonymously in accordance with our Forum’s constitution to:
We will not, without your permission, disclose your details to other irrelevant selected third parties although we are required to follow safeguarding procedures when appropriate.
What information we collect and record
Please refer to our membership policy for a list of information that is requested when joining Positive Parent Action (PPA).
We may collect other types of information including:
Positive Parent Action (PPA) membership and events are provided free of charge. Therefore, we do not request any financial/card details/bank account information from our members.
Access to your personal data (Subject Access Requests)
You have the right to request:
Subject access requests must be in writing or by email and will be handled by the Data Officer within the required legal time limit of 40 days. All Management Committee/Staff/Volunteers are required to inform the Data Officer of anything which might be a subject access request without delay. Where the individual making a subject access, request is not personally known to the Data Officer their identity must be verified before handing over any information. Provision of such information is free of charge but may be subject to a payment fee if the demand is excessively repeated.
Storing your personal data
Information and records will be stored securely, whether on paper, on a computer, or recorded on other material, and will only be accessible to authorised employees, trustees, management committee and volunteers and the individual to whom the information relates. The data that we
All information provided by parent/carers will be treated in strict confidence. Positive Parent Action (PPA) does not rent or sell mailing details to any third party and will not pass on your data to any irrelevant party without your prior consent. Refer to our membership policy for more information on who we share your personal data with. Confidential information is defined as verbal or written information, which is not meant for public or general knowledge and information that is regarded as personal by members, trustees, staff or volunteers.
We retain your personal information as long as it is necessary and relevant for our operations. In addition, we may retain personal information from members to comply with national laws, prevent fraud, resolve disputes, troubleshoot problems, comply with grant applications and monitoring and take other actions permitted or required by applicable national laws.
Erasing (deleting) your data
The GDPR introduces a right for individuals to have personal data deleted/erased. The right to erasure is also known as ‘the right to be forgotten’. Members and individuals can make a request for erasure in writing and Positive Parent Action (PPA) will respond within one month. The right is not absolute and only applies in certain circumstances.
Data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. Data breaches must be reported to the UK Information Commissioner Office (ICO) who are responsible for implementing and overseeing the General Data Protection Regulations in the UK. It is the responsibility of the Data Officer for Positive Parent Action (PPA) to report any appropriate data breaches.