1. Introduction
1.1. Veterans into Logistics. needs to collect and use certain types of information about certain individuals to carry out its work. This work pertains predominantly to the provision of supporting and training service leavers, reservists, veterans, and disadvantaged individuals back into employment within the logistic industry.
1.2. Personal information must be collected and dealt with appropriately whether collected on paper, stored in a computer database or recorded on other material and there are safeguards to ensure this under the General Data Protection Regulation 2018 (GDPR), to which this policy adheres.
1.3. The parties about whom Veterans into Logistics. may hold and process personal data (the Data Subject) include:
1.3.1. Individuals who may be interested in procuring free training with Veterans into Logistics.
1.3.2. Organisations or their representatives who may wish to procure training with Veterans into Logistics for their Clients or Service Users.
1.3.3. Individuals who may wish to offer a financial donation towards the work of Veterans into Logistics.
1.3.4. Organisations or their representatives who may wish to offer a financial donation towards the work of Veterans into Logistics.
1.3.5. Any other organisation or individual who contacts Veterans into Logistics.
2. Data Controller
2.1. Veterans into Logistics is the identified Data Controller under the GDPR, which means that we determine the purposes for which personal information is held and used. We are therefore also responsible for ensuring that this data is controlled in full compliance with the GDPR.
3. Disclosure
3.1. Veterans into Logistics regards the lawful and correct treatment of personal information to be of the utmost importance in creating successful working relationships, and to maintaining the confidence of those with whom we deal.
3.2. The Data Subject will be made aware in all circumstances of how and with whom their information will be used and shared. Veterans into Logistics. will never share personal data with other organisations, (such as businesses, local authorities, funding bodies or voluntary agencies), unless at least one of the following circumstances apply:
3.2.1. The Data Subject has given explicit, verifiable consent.
3.2.2. The sharing of data is seen to be in the legitimate interest of the Data Subject.
3.2.3. The law mandates the disclosure of personal data.
3.3. There are circumstances where the law mandates that Veterans into Logistics disclose data (including sensitive data), without the Data Subject’s consent. These include:
a) Carrying out a legal duty or as authorised by the Secretary of State.
b) Protecting vital interests of an Individual/Service User or another person.
c) The Individual/Service User has already made the information public.
d) Conducting any legal proceedings, obtaining legal advice, or defending any legal rights.
3.4. Personal data will never be sold to a third party.
3.5. Veterans into Logistics will adhere to the Principles of Data Protection, as detailed in the EU General Data Protection Regulation. Specifically, these Principles require that:
a) Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
b) Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
c) Personal data shall be adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed.
d) Personal data shall be accurate and, where necessary, kept up to date.
e) Personal data shall be kept in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data is processed.
f) Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
g) The controller shall be responsible for and be able to demonstrate compliance with the GDPR.
3.6. Veterans into Logistics will, through appropriate management and strict application of criteria and controls:
3.6.1. Observe fully, conditions regarding the fair collection and use of information.
3.6.2. Meet its legal obligations to specify the legitimate purposes for which information is used.
3.6.3. Collect and process appropriate information, and only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements.
3.6.4. Ensure the quality of information used.
3.6.5. Ensure that the rights, (as defined by the Information Commissioners Office), of people about whom information is held, can be fully exercised under the GDPR. These include:
a) The right to be informed.
b) The right of access.
c) The right to rectification.
d) The right to erasure.
e) The right to restrict processing.
f) The right to data portability.
g) The right to object.
h) Rights in relation to automated decision making and profiling.
3.6.6. Take appropriate technical and organisational security measures to safeguard personal information.
3.6.7. Ensure that personal information is not transferred to a third-party without suitable consent or legal obligation.
3.6.8. Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information.
3.6.9. Set out clear procedures for responding to requests for information, erasure of information and cessation of processing.
4. Data Collection
4.1. Veterans into Logistics will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, over the telephone or by completing a form on the website (www.veteransintologistics.org.uk).
4.2. When collecting data, Veterans into Logistics will ensure that the Data Subject:
a) clearly understands why the information is needed;
b) understands what it will be used for and what the consequences are should the Data Subject decide not to give consent to processing;
c) is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress; and
d) has received sufficient information on why their data is needed and how it will be used.
4.3. The two key parameters through which personal data will be held and processed are Consent, and Legitimate Interest.
4.3.1. Consent is defined:
a) As offering individuals real choice and control.
b) Genuine consent puts individuals in charge, building customer trust and engagement.
c) Consent requires a verifiable positive opt-in.
4.3.2. Where consent is not required or realistically available, the legitimate interest of the Data Subject can be used as a lawful basis for data processing.
4.3.3. To determine legitimate interest, we make sure to:
a) identify a justifiable legitimate interest of the Data Subject;
b) show that the processing is necessary to achieve it; and
c) balance it against the individual’s interests, rights, and freedoms.
4.4. The Information Commissioner’s Office clarifies that legitimate interest is comprised of three key elements:
4.4.1. A Legitimate Interest:
a) Veterans into Logistics will clarify the legal ground for data processing through the identification of a legitimate interest (e.g., direct marketing).
4.4.2. A Necessity Test:
a) Veterans into Logistics will assess whether legitimate interest is the correct legal ground and whether the processing of personal data is necessary. (e.g., The processing of personal data is necessary for a direct marketing campaign).
4.4.3. A balance with individuals’ interests, rights, and freedoms:
a) Veterans into Logistics will not impinge an individual’s rights. We will identify privacy risks and assess whether legitimate interest is valid in each instance.
4.5. In order to function properly, Veterans into Logistics collect personal data in the following ways:
4.5.1. Through a website enquiry form.
4.5.2. Through an application form.
4.5.3. Through inbound phone calls made to our organisation.
4.6. Personal data collected will include:
4.6.1. Name
4.6.2. Address
4.6.3. Phone Number
4.6.4. Email Address
4.6.5. Any notes which may pertain to the wellbeing of the individual whilst on our premises. These could include:
a) Physical Requirements
b) Dietary Requirements
c) Cultural Requirements
5. Data Storage
5.1. Information and records relating to service users will be stored securely on a dedicated hard drive and will only be accessible to authorised staff and volunteers. Designation of responsibility for this authorisation sits with the Data Protection Officer.
5.2. Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately.
5.2.1. Unless otherwise confirmed through an auditable document such as a feedback form, data will be held for 2 years before it is completely removed from all systems and data storage facilities.
5.2.2. If it has been expressly stated in a feedback form or other auditable format that personal data may be kept for longer than 2 years, this will be adhered to in accordance with the consent of the Data Subject.
5.3. It is Veterans into Logistics responsibility to ensure that all personal data is non-recoverable from any computer system previously used within the organisation, which has been passed on / sold to a third-party.
5.4. If Veterans into Logistics is requested to delete personal data, this will be done immediately and without question.
6. Data Processing
6.1. Veterans into Logistics process personal data in the following ways:
6.1.1. Once an enquiry form is received, the personal data included in the form will be used in strict accordance with the content of the form.
6.1.1.1. In this situation consent to process data is taken to have been given upon submission of the enquiry form.
6.1.1.2. The legitimate interest of the enquirer is also taken into account when responding to the enquiry, as it is assumed that our response is in their best interest.
6.1.2. If an application is received the personal data will only be used to fulfil the request, including delivery of training or support in employment.
6.1.2.1. In this situation consent to process data is taken to be given upon submission of an application.
6.1.2.2. The legitimate interest of the individual making the application is also taken into account when responding to the enquiry, as it is assumed that our response is in their best interest.
6.1.2.3. A feedback form may be sent to the customer following their visit. This may be via email or postal mail.
6.1.3. Details of potential donors are kept for our own records in accordance with the agreement made upon donation.
6.1.3.1. It is in the legitimate interest of the donor to have their information kept on our records.
6.1.3.2. We will not contact a donor for any further donation unless express consent is given.
6.1.3.3. The donor has the right to full anonymity publicly and as far as is practicable within our organisation.
7. Data Access and Accuracy
7.1. All Data Subjects have the right to access the information Veterans into Logistics holds about them. Veterans into Logistics will take reasonable steps to ensure that this information is kept up to date by asking Data Subjects whether there have been any changes.
7.2. Veterans into Logistics will ensure that:
a) It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection.
b) Anybody processing personal information understands that they are legally responsible for following the GDPR.
c) Anybody processing personal information is appropriately trained to do so.
d) Anybody processing personal information is appropriately supervised.
e) Anybody wanting to make enquiries about handling personal information knows what to do.
f) It deals promptly and courteously with any enquiries about handling personal information.
g) It describes clearly how it handles personal information.
h) It will regularly review and audit the ways it holds, manages and uses personal information.
i) It regularly assesses and evaluates its methods and performance in relation to handling personal information.
j) All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary or legal action being taken against them or the organisation.
This policy will be updated as necessary to reflect best practice in data management, security, and control and to ensure compliance with any changes or amendments made to the GDPR. In case of any queries or questions in relation to this policy please contact the Veterans into Logistics
Data Protection Officer:
John Harker MBE
Address: Birch Mill Business Centre, Heywood Old Road, Heywood, Greater Manchester, OL10 2QQ.
Email: john@veteransintologistics.org.uk
Tel: 0330 111 9320
Glossary of Terms
Data Controller – The person who (either alone or with others) decides what personal information Veterans into Logistics will hold and how it will be held or used.
Data Protection Officer – The person(s) responsible for ensuring that Veterans into Logistics follows its data protection policy and complies with the GDPR.
Individual/Customer/Data Subject – The person whose personal information is being held or processed by Veterans into Logistics for example: a client, an employee, or supporter.
Explicit Consent – is a freely given, specific and informed agreement by an Individual/Service User in the processing of personal information about them. Explicit consent is needed for processing sensitive data.
Processing – means collecting, amending, handling, storing or disclosing personal information.
Personal Information – Information about living individuals that enables them to be identified – e.g., name and address. It does not apply to information about organisations, companies and agencies but applies to named persons, such as individual volunteers or employees.
Sensitive data – refers to data about:
• Racial or ethnic origin
• Political affiliations
• Religion or similar beliefs
• Trade union membership
• Physical or mental health
• Sexuality
• Criminal record or proceedings