EDHT Logo Data Protection and Privacy East Dorset Heritage Trust
Hanham Road
BH21 1AS
Tel/Fax: 01202 888992
Allendale HouseStaff in period dressSarah EvansDerek BurtKim HiettAlan BreakwellTutors chattingIan Utley
 E-mail us       Follow us on Facebook       Find us on Twitter     View our photos on Flickr   Join our circle on Google+     



Privacy and Data Protection Policy

EDHT fully complies with the GDPR 2018
The Data Controller is Ian Utley, who periodically reviews compliance.
The Data Processors are Sarah Evans, Kim Hiett and Alan Breakwell.
All 3 members of staff understand their legal responsibilities under the GDPR 2018 and no-one else has any access to EDHT Data.

Client Information
We collect and retain names, addresses, phone numbers and emails from individuals for the sole purpose of communicating with them in relation to their activities with EDHT.
This is undertaken under the lawful basis of consent.  Each individual gives clear consent for us to process and retain their details for this specific purpose.

Client Communication

All EDHT paperwork, including forms, emails and letters will have a clear GDPR statement explaining what information we keep, where we keep it and how long for.

Data Access

Each individual understands their right to view, amend, delete or object at any time.
An access request for data can be made at any time, to any member of EDHT staff, in person, by phone , by email or by letter and we will respond within 1 working day

Data Storage

All information is entered and stored on password protected PCs and backed up onto a password protected and encrypted hard disk.
Each Data Processor has an individual password to identify who has entered, viewed or modified any data held.
All systems are protected by Sophos security software – a recognised international brand.
No data is transferred anywhere else inside or outside the UK or EU.

Data Retention

Data is only kept as long as necessary. Any irrelevant or outdated data is deleted and we shred all outdated paper forms and letters.
Data will be deleted if it has not been actively used for 6 months.
We never record phone calls.

Data Security

The Data Controller consistently monitors all security.
In the event of a breach the discovering Data Processor will inform the Data Controller who will inform the affected clients by phone, email or letter.
The Data Controller will investigate the technical aspects of the breach and will use the services of an outside consultant if necessary – this consultant’s GDPR status will be checked.

                                                                         © East Dorset Heritage Trust 2010 | Charity No: 1002126 | Company No: 2532151.