DATA PROTECTION POLICY
This statement explains how Leket UK handles and uses data we collect about you. Our full legal name is [ ] and we are contactable at [ ].
Our purpose and legal basis for processing personal data
Our purpose in asking for and holding personal data is to communicate with our supporters and to process and record donations and reclaim Gift Aid. We ask for the minimum data to enable us to communicate with you by post, telephone or email, and to fulfil our statutory duties to determine eligibility for Gift Aid and to keep financial records of donations. The legal bases for our processing your personal data is (i) your consent and (ii) for compliance with our statutory obligations.
LEKET ISRAEL (INSERT FULL LEGAL NAME) administers our data on their database system. We have a written agreement with LEKET ISRAEL that it will act only on our instructions, will not, with the exception below, pass on personal data to any third party, and will maintain appropriate data security, physical, and organizational controls to give assurance that no unauthorized person will access your data. Our instructions to LEKET ISRAEL ensure that the data is used only for the purposes above.
The exception whereby LEKET ISRAEL passes data to a third party is to use to process credit card donations. Its contract with the third party processor ensures that the credit card data is used only for obtaining payment and is not otherwise transmitted to third parties or stored.
Otherwise we do not transfer personal data to third parties except through the necessary operations of collecting donations or Gift Aid or providing reporting required by HMRC.
We ensure the security of data by limiting access to specific members of staff. They have access only through individual passwords, with procedures to ensure that data is used only for the purposes noted above.
You have the right to obtain a copy of the data we hold on you. If the data is incorrect, we will correct it at your request. You also have the right to withdraw your consent at any time. If you withdraw your consent we will cease to hold your data, except where we have a statutory obligation. To exercise these rights, please contact [email protected].
Destruction of data
We will, to the best of our abilities, destroy data after a donor has been inactive for 3 years or withdraws consent. However, we will keep data where we have a statutory obligation to do so, for example holding data on donations for six years after the end of the tax year.
1 Leket Israel will process data for Leket UK regarding donors and donations. It will process this data only under the written instructions of Leket UK and will maintain appropriate data security, physical, and organisational controls to give assurance that no unauthorized person will access the data.
2 The parties agree that for the purposes of the European Union’s General Data Protection Regulation (GDPR) Leket UK is the controller of the data and Leket Israel is the processor.
3 Leket Israel will maintain confidentiality over the data and will implement procedures to ensure that its staff and anyone else with access to the data also maintains confidentiality.
4 It will not subcontract any processing without the written agreement of Leket UK. It is agreed that it can subcontract credit card processing to “CREDIT ISRAEL” subject to a written contract under which CREDIT ISRAEL takes on the substance of clauses 1, 2, 3, 4, 5, 6, 7, 8, and 9 of this agreement, with Leket Israel being controller and CREDIT ISRAEL processor.
5 Leket Israel’s processing will include keeping backups of its database so that in the event of an error the database can be reconstructed. It will keep backups on a rolling basis for a period necessary to achieve this purpose and will then deleted them.
6 It will document all of its procedures for processing data and will make this available to Leket UK as required. It will also allow Leket UK or its agents reasonable access to test that procedures and controls are working.
7 In the event of a personal data breach, Leket Israel will inform Leket UK of the full circumstances and will give every reasonable assistance in supporting Leket UK in its responsibilities under article 33 of GDPR.
8 Leket Israel will give all reasonable support to Leket UK to fulfil a subject data request under GDPR.
9 This agreement will continue until either party gives 12 months’ notice. On termination, Leket Israel will provide the full database to Leket UK in an electronic format to be agreed, and will delete all copies of the data in its possession and require subcontractors to do likewise.
10 Leket UK will use the data and data processing services to support its fundraising for Leket Israel.