Data Protection and Privacy

Data Protection and Privacy Policy

Handsworth Association of Schools (HAOS) is committed to protecting the personal information of our trustees, staff, volunteers, service users, members, supporters, and donors. This policy explains how we collect, use, store, and share personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

HAOS may collect the following personal data:

Contact information (name, address, email, telephone)
Employment or volunteer details
Records of service usage, activities, or participation
Financial information for donations or payments
Any other information necessary to provide our services and support

We do not collect more personal information than is necessary for the purposes we specify.

2. How We Use Your Data

Personal data may be used for the following purposes:

To manage and deliver HAOS services and programs
To maintain accurate records of members, supporters, and donors
To communicate with you about HAOS activities, events, or updates
To comply with legal or regulatory requirements
To protect the organisation, staff, volunteers, and service users against risks

We will only process personal data if we have a lawful basis for doing so, such as consent, contractual necessity, legal obligation, or legitimate interest.

3. Data Security and Storage

HAOS stores personal data securely in electronic and paper formats. Access to personal data is restricted to authorised staff and trustees. We take all reasonable steps to ensure that personal information is protected from unauthorised access, alteration, disclosure, or destruction.

When personal data is no longer required, it will be securely deleted. Any devices or storage media containing personal data will be cleared prior to disposal or sale.

4. Data Accuracy and Retention

We review personal data regularly to ensure it is accurate and up to date. Individuals are encouraged to inform HAOS of any changes to their personal information.

Personal data will be retained only as long as necessary for the purposes for which it was collected, or as required by law.

5. Your Rights

Under the UK GDPR, you have the following rights:

Right to access – request a copy of the personal data we hold about you
Right to rectification – request corrections to inaccurate or incomplete data
Right to erasure – request deletion of your personal data, where lawful
Right to restrict processing – limit how your data is used
Right to data portability – receive a copy of your data in a portable format
Right to object – object to processing in certain circumstances

Requests for access, correction, or deletion of personal data should be made in writing to the HAOS Manager. We aim to respond to such requests within 28 days.

6. Data Sharing

HAOS will not sell or share personal data with third parties for marketing purposes. Personal data may be shared with trusted partners, contractors, or regulatory bodies where necessary for service delivery, legal obligations, or safeguarding purposes. All sharing will comply with UK GDPR and national guidance for charities and educational organisations.

7. Data Breaches

HAOS has a Data Breach Policy. Any actual or suspected breach of personal data must be reported to the HAOS Manager immediately.

The Manager will assess the breach and determine whether notification to the Information Commissioner’s Office (ICO) and affected individuals is required.
Reporting will follow ICO guidance for small charities.

8. Responsibilities

HAOS Manager: Responsible for implementing this policy, maintaining records, and reporting breaches
Administrator: Responsible for processing personal data in accordance with this policy
All staff, volunteers, and trustees: Must maintain confidentiality and handle personal data responsibly

Failure to follow this policy may result in disciplinary action.