Community Action Dacorum Privacy Policy

Home > Privacy policy

Community Action Dacorum (CAD) is committed to making sure that the personal data we hold about service users,
staff, volunteers, suppliers and others we work with is protected and processed in accordance with our legal duties
and responsibilities under the Data Protection Act (1998) and EU General Data Protection Regulation (GDPR).

Community Action Dacorum is the data controller which means that we decide how your personal data is processed
and for what purposes and is registered with the Information Commissioner’s Office (ICO)

We understand that the people we work with trust us to keep their information safe and take this responsibility very
seriously. Our privacy policy applies to the personal data provided to us by individuals themselves or by others on
behalf of individuals and sets out how we may use the personal data when delivering the services offered by
Community Action Dacorum.

Who are we?

Community Action Dacorum is a charity that provides a circle of support to the local community. As a council for
voluntary service, we believe in bringing people together to achieve more in their communities and improve quality of

We support member organisations (voluntary and community groups) at every stage of their development,
provide funding advice, development support and volunteer centre services. As well as providing support to voluntary
and community groups we participate in one off projects or pieces of work and manage and deliver services and
projects that support local individuals, businesses and community groups.

These include:
• HITS Interpreting and Translation Service
• Community Transport (including Door2Store and Day trippers)
• The Repair Shed
• Hemel Hempstead Shopmobility
• Connect Dacorum
• Radio Dacorum
• Creative Learning
• European project work
• Paid for services including DBS Checks, Payroll and printing
• Building Better Opportunities
• Bringing Communities Together

What is personal data?

Any information relating to an identified, or identifiable, natural living person (‘data subject’). An identifiable natural
person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as: a name an
identification number location data an online identifier a person’s age* also, by reference to one or more of the
following factors specific to the individual: physical physiological genetic mental economic cultural identity social

Definition of Special Category Data under GDPR

Also referred to as Sensitive Personal Data. Personal data revealing the following about, or used to uniquely identify, any natural living person: racial or ethnic origin political opinions religious or philosophical beliefs trade union membership genetic data biometric data a person’s age* data concerning health data concerning a natural person’s sex life or sexual orientation

When do we collect personal data about you?

We collect your personal data when you
• Become a member of Community Action Dacorum
• Become a service user or use any of our paid for services
• Participate in any of our events or training activities
• Work in partnership with CAD
• Have commissioned a service from us or a service has been commissioned on your behalf by a third party
• Supply CAD with goods and/or services
• When you apply for a job with Community Action Dacorum
• When you become an employee or volunteer with Community Action Dacorum

Why do we collect personal data?

We collect your personal data, for the performance of a contract to which the data subject is party or in order to take
steps at the request of the data subject prior to entering into a contract.

We collect and use personal data

For contractual and legal obligations to which the data subject is party to
• To manage, deliver and develop our services.
• For responding to enquiries
• For the purposes of health and safety
• To fulfil our charitable objectives to promote, organise and facilitate co-operation and partnership working

What type of personal data is collected?

The personal data that we collect will be relevant and legitimate for the purposes listed above

How do we collect your personal data?

We collect your personal data directly from you as a data subject/contract holder when embarking on a contract with

We collect personal data directly either from you as the data subject, a third party acting on your behalf or from
publicly available sources.

How do we use your personal data?

We will only keep personal data limited to necessary purpose, including information and support to our service users,
volunteers, staff, stakeholders, funders and HMRC

How long do we keep your personal data?

We will not keep personal data for any longer than necessary to fulfil the purpose for which the data was initially
collected including as required by law or regulation. We will take all necessary steps to keep your data relevant and up
to date.

We will keep personal data in line with legal obligations or for a maximum of two years and will take all necessary
steps to keep your data relevant and up to date

Your personal data and your rights

We will uphold your rights to:
• Fair, lawful and transparent processing of personal data
• Specified, explicit and informed legitimate purpose
• Adequate, relevant and limited to necessary purpose
• All reasonable steps to keep data accurate and up-to-date
• Data not kept in identifying format beyond necessary use
• Take all appropriate organisation or technical measures
• Accountability

You have the right to:
• Request copies of any personal information that we hold.
• Ask us to correct any personal information you believe is inaccurate
• In certain circumstances, ask us to delete your personal information
• Ask us to restrict the processing of your personal data in certain circumstances
• Object to the processing of your personal data in some circumstances

If you wish to exercise any of these rights or have any queries about your personal data or privacy rights, please