This document sets out how Just Wheels will;
- comply with the legal obligations in respect of the data it holds about individuals;
- ensure the trustees, employees, and volunteers of Just Wheels understand their responsibilities; and follow good practice.
2. Data Protection Principles
Just Wheels is committed to processing data in accordance with its responsibilities under the General Data Protection Regulation (“GDPR”).
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
3. General Provisions
This policy applies to all personal data kept by Just Wheels.
A nominated Trustee will ensure ongoing compliance with this policy and ensure that it is reviewed at least annually.
4. Lawful, fair and transparent processing
To ensure its processing of data is lawful, fair and transparent, Just Wheels shall maintain a Register of Records; this will detail the applications and systems that hold data and will be reviewed on an annual basis.
Individuals have the right to access their personal data and any such requests made to Just Wheels shall be dealt with in a timely manner.
5. Lawful purposes
All data processed by Just Wheels must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
Just Wheels shall note the appropriate lawful basis in the Register of Records.
Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Just Wheels records.
6. Data minimisation
Just Wheels shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Just Wheels shall take reasonable steps to ensure personal data is accurate.
Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
To ensure that personal data is kept for no longer than necessary, Just Wheels shall maintain a Register of Records which shall be reviewed annually.
The Register of Records shall detail what data should/must be retained, for how long, and why.
Just Wheels shall ensure that personal data is stored securely using where possible encryption or accessible by password only.
Access to personal data shall be limited to personnel who need access and appropriate security will be in place to avoid unauthorised sharing of information.
When personal data is deleted this should be done safely such that the details are irrecoverable.
Appropriate back-up and disaster recovery solutions shall be in place.
A cookie is a tiny data file that resides on your computer, mobile phone, or other device, and allows us to recognize you as a User when you return to the Just Wheels website using the same computer and web browser.
We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.
The list below describe the cookies we use on this site and what we use them for. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)
First Party Cookies
These are cookies that are set by this website directly.
You can find out more about Google’s position on privacy as regards its analytics service at http://www.google.com/intl/en_uk/analytics/privacyoverview.html
WordPress: Our website runs the popular WordPress Blogging/CMS software and cookies are used to store basic data on your interactions with WordPress, and whether you have logged into WordPress.
One type of cookie, called a session cookie, is used to identify a particular visit to the Just Wheels website. Session cookies expire after a short time or when you close your web browser.
We use a session cookie to remember you and we deem these as being strictly necessary to the working of the website. If these are disabled then various functionality on the site will be broken.
More information on session cookies and what they are used for at http://www.allaboutcookies.org/cookies/session-cookies-used-for.html
Third Party Cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site that allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Google+, Digg and Delicious. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use Just Wheels.
Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Just Wheels does not store unencrypted personal information in the cookies.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Just Wheels shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this website (or third-party services employed in this website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the website) and the details about the path followed within the website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this website. The Data Controller, unless otherwise specified, is the Owner of this website.
The means by which the Personal Data of the User is collected and processed.
The service provided by this website as described in the relative terms (if available) and on this site.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small sets of data stored in the User’s device.