Resp Person: Jude Williams, Chief Executive
Last reviewed: May 2021
Next review date: Aug 2021
The Literacy Pirates is a charity registered with The Charity Commission in England and Wales under registration number 1145115 and is a company limited by guarantee in England and Wales under registration 7790039. The registered office address is 136-138 Kingsland High Street, Dalston, E8 2NS.
The Literacy Pirates must process personal data (including special categories of data / sensitive personal data) so that it can provide its services and deliver its programmes of work, as such we acts as a data controller. The Literacy Pirates Data Protection Officer is Veronica Ghobert at firstname.lastname@example.org
In order to meet GDPR standards we take the following actions:
- Regular assessment and review of data protection policies and procedures The DPO ensures the policy is updated annually, procedures reviewed every six months, data cleansed every six months and ensures staff are adequately trained to comply with GDPR.
- Data subject requests (DSR). Ensure that any formal requests are actioned (change, restrict, access) regarding their personal data.
- Breach notification. Ensure that any breach is risk assed and reported. A personal data breach is ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.’
The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in recent history, replacing that of the 1995 EU Data Protection Directive (European Directive 95/46/EC). It aims to support the rights individuals have on data about themselves which is collected and stored. It also aims to detect, identify and mitigate against data breaches or leaks for all companies in the EU, as well as enforcing the reporting on these issues. Any business that deals with EU nationals must comply with the legislation.
The Literacy Pirates also uses Third Party suppliers and software to process, control and manage data. These systems have been audited in line with GDPR commitments. In the context of this statement, ‘data subject’ refers to the person or entity submitting data and can include employees, pupils, tutors, programme participants, and other individuals or organisations that The Literacy Pirates works with.
Processing personal data
We process personal data relating to Literacy Pirates young people, volunteers, staff, funders and supporters, in order to manage and administer The Literacy Pirates programmes, and keep people informed about any work that we are completing.
What data do we collect and how?
Young people under the age of 16 years old
Your parents/guardians and school provide us with your name, pupil number, address, phone numbers, emails, as well as parental and guardian names, emails, telephone numbers and postal address. We collect educational progress data, Special Educational Needs status, ethnicity and eligibility for Pupil Premium Funding /Free School Meals status, whether you are in care or a care leaver, and relevant behaviour and health information. We record progress and relevant information from attendance and participation in the programme.
The Literacy Pirates is required by law to treat certain categories of personal information with even more care, these are called sensitive or special categories of personal information and different lawful bases apply to processing them. The Literacy Pirates collects sensitive personal information relating to the ethnicity and disability information of our programme participants. We do this in order to ensure we deliver our programme to those that need it, with equity and give equal opportunities to participate.
We collect video footage of live online lessons of the children and volunteers, these are recorded for safeguarding, training and monitoring purposes.
Volunteers over the age of 16 years old
You give us your name, address, phone numbers, emails, ethnicity, age, gender, occupation and place of work/work status, and Disclosure and Barring System information. We collect video footage of live online lessons of the children and volunteers, these are recorded for safeguarding, training and monitoring purposes.
Funders and supporters
We collect from publicly available information and data you give us through contact with staff, our website, and third-party donation platforms; your name, email, address, as well as financial information to process donations. We record communications between us.
You give us name, email, address, emergency contacts, bank account details, and we collect Disclosure and Barring System information as well as performance related information through your tenure. We collect video footage of live online lessons of the children and volunteers, these are recorded for safeguarding, training and monitoring purposes.
Consent and what do we do with your data?
We obtain data through legitimate interest of publicly available data and through consent of the data subject in regard to special category information and marketing.
There is legitimate reason for us to process your data in a reasonable and expected manner. Our legitimate interests are as follows:
- Registering and maintaining records of young people on the programme, volunteers and supporters in order to administer all aspects of the charity’s work;
- For monitoring, evaluating, and researching the effectiveness of our programmes;
- Support fundraising activity, including communications with current and potential supporters;
- Contacting you to seek your consent where we need it;
- Giving you information about similar products or services that you have used from us recently.
- Legal obligation might require us to disclose data third parties such as LADO, the courts, the local authority or the police where obliged to do so.
How we store your data
We have put in place physical, electronic and managerial procedures to safeguard and secure data that we collect and process.
Data is accessed by staff through work devices. Devices and database software are password protected. The devices are also protected by Anti-Virus and Encryption software.
We use encrypted external Hard drivers for back up data. These devices are kept in locked cabinet in our office.
Printed out information are shredded as soon as no longer needed or secured in a lockable cabinet located in the office.
How long we store your information for
Personal information stored online is disposed of after four years from the point in which that person is no longer involved in the organisation.
Video footage of live online lessons are kept for the duration of the programme, plus 6 months after the end of the programme.
Young people’s data after they graduate is used in an aggregated, anonymised way. This data is then stored for future research and evaluation. We have completed a separate Legitimate Interest Assessment specifically for storing graduated young people’s data. This data is retained and analysed to allow for strategic organisational planning.
Volunteers’ information after they last session is used in an aggregated, anonymised way. This data is then stored for future research and evaluation. We have completed a separate Legitimate Interest Assessment specifically for storing this data. This data is retained and analysed to allow for strategic organisational planning. We have completed a separate Legitimate Interest Assessment specifically for storing this data.
We hold Gift Aid information for seven years.
We do not hold any information about jobs and volunteering applicants, without their consent, for more than three months after the recruitment process is complete.
How we collect data on our website
We collect analytical data from Google and our website, operated on the WordPress platform, along with Twitter, Facebook and Instagram. This information helps us communicate more effectively with supporters about how we are making a difference in young peoples’ literacy, confidence and perseverance.
Our website, www.literacypirates.org, operates Cookies. Cookies are small amounts of data generated by a website and saved by your web browser. Cookies remember information about you, in order to make your online experience smoother. You can change the way Cookies work on your computer through your Settings.
Who we share your data with
We will never sell your information.
We have two types of contractual partners that we do share information with.
- School and referral partners, or statutory bodies operating like school, evaluation partners and referral partners (for instance social workers looking after in-care children) who refer young people to our learning programme. We share information that helps us deliver our Learning Programme to the highest standards and impact. We inform school and referral partners of a young person’s progress throughout the year. We will also share information that keeps young people safe as part of our Safeguarding duties.
- Organisations involved in our volunteering programme. We have a contractual partnership with companies that are part of our volunteering programme. The organisation shares information with us with individuals’ consent. We share information about attendance and observable behaviour of volunteers to the organisation; as well as sharing any information that ensures we keep young people we work with safe.
Photos or video footage can be shared on our social media platform when consent has been given.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for sharing information is your consent.
We might share information without consent if there is reason for concern for the individual or the safety of a young person; in which case we might contact a statutory body or our contractual partner.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
How to complain about the way we handle your data
If you would like more information, a request or wish to raise a concern about the way we have handled your data email our Data Protection Officer Veronica Ghobert at email@example.com or calling 020 3227 1777.
You can also have the right to raise concerns to the Information Commissioner’s Office on 0303 123 1113 or at https://www.ico.org.uk