This store requires javascript to be enabled for some features to work correctly.

0

Privacy policy

Mind Over Mountains: Data Protection Policy

Definitions 

‘Charity’: means Mind over Mountains, a registered charity. 

‘GDPR’:  means the General Data Protection Regulation.

‘Services’:  means the events or programmes carried out by the Charity to achieve it’s charitable purposes.

‘Responsible Person’:  means [name] who is the person responsible for data protection within Mind over Mountains.

‘Register of Systems’: means a register of all systems or contexts in which personal data is processed by the charity. 

‘Participant’:  means the person who takes part in the Charity services.

‘Staff’:  means paid employees and contractors of the Charity.

Personal data’:  means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Operation Policies - Context 

Mind Over Mountains (the “Charity”) is a small charity holding just a small amount of non-sensitive data on a small number of people in the United Kingdom only. 

The Trustees understand and accept their responsibility under the UK General Data Protection Regulation (GDPR) to hold all personal data securely and use it only for legitimate purposes with the knowledge and approval of the data subjects. We currently don’t provide services to customers in the EU or outside of the United Kingdom. 

By the following operational policies and procedures the Trustees undertake to uphold the principles and requirements of the GDPR in a manner which is proportionate to the nature of the personal data being held by the Charity. The policies are based on the Trustees’ assessment, in good faith, of the potential impacts on both the Charity and its data subjects of the personal data held by the Charity being stolen, abused, corrupted or lost. 

 

Personnel 

Data Protection Officer 

In the considered opinion of the Trustees the scope and nature of the personal data held by the Charity is not sufficient to warrant the appointment of a Data Protection Officer. Accordingly, no Data Protection Officer is appointed. 

Data Controller 

Mind Over Mountains will act as the Data Controller. 

Data Processor 

Mind Over Mountains will act as Data Processor unless marketing software is engaged to deliver services, such as newsletters. 

Access to Data 

Except where necessary to pursue the legitimate purposes of the Charity, only the Data Processors shall have access to the personal data held by the Charity. 

Training 

The Data Processors will periodically undergo appropriate training commensurate with the scale and nature of the personal data that the Charity holds and processes under the GDPR. 

 

Privacy Policy 

This Privacy Policy explains how we use any information we collect about you, how you can tell us if you prefer to limit the use of that information and procedures that we have in place to safeguard your privacy. 

Your privacy is very important to Mind Over Mountains and the Charity will obtain, hold and process all personal data provided in accordance with the GDPR for the following lawful purposes: to provide essential services, help with your enquiry or to assist us in providing and improving our service to you. In all cases the information collected, held and processed on our website will include Contact Information. 

We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of an appropriate third party. We will use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside third parties.  

 

The information we collect: 

 

  • Information that you provide by completing forms on our website at www.mindovermountains.org.uk. This includes information provided when making an enquiry via our contact form, booking onto our services and registering to receive update news content from the charity. If you contact us, we may also keep a record of that correspondence.  
  • Your name and signatures on digital waiver forms prior to your participation in our services, or in paper format  
  • Your visual representation in media (photography or videography) taking part in our services and virtual sessions 
  • Your survey feedback following participation in the Charity services which may be provided anonymously at your discretion 
  • Data collected will normally include name, age, contact information including email address, home address, and telephone number, emergency contact and emergency contact number, and any information relating to health conditions and medication, which may be relevant to you taking part in our services  

 

How we protect your information: 

 

All information we collect is stored on our secure servers that are only accessible to Mind Over Mountains staff. We only use recognised and trusted storage providers and software, including Google Drive, Mailchimp, Typeform, Squarespace and Hellosign which are all password protected. 

We acknowledge that many of these cloud based services are hosted and operated outside of the UK and EU.  

 

Unfortunately, the transmission of information via electronic means is not completely secure. Although we do our best to protect your personal data, using an SSL certificate, we cannot guarantee the security of data that you transmit to our site; therefore, any transmission is at your own risk. Once we have received your information, we will use strict internal procedures and security features to try and prevent unauthorised access. 

 

Personal data will only be printed to a physical copy where deemed appropriate and our staff will take extra care to prevent a data breach, securely destroying these hard copies once they are no longer in use. 

Any printed personal data will be filed securely in a location specific for this purpose, by a responsible person within the Charity, and destroyed when no longer required. 

 

How we use your Information: 

 

  • To provide you with information or services that you request from us or which we feel may be of interest to you, where you have consented to be contacted for such purposes. 
  • If you are an existing customer, we will only contact you by electronic means (email) with information about services similar to those which were the subject of a previous sales to you. 
  • For essential communications regarding services that you have purchased or requested 
  • To promote the services of the Charity in the public domain, where consent is provided 
  • We will only contact you by phone/SMS where requested or where an expedited response is deemed necessary to provide the service  
  • To ascertain the impact delivered by the Charity services  

 

When we might disclose your data to third parties: 

 

  • In a very limited number of cases, we may disclose your personal information to third parties when providing services to the charity such as partnership events where consent has been granted. 

 

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligations of the charity, particularly concerning well-being of participants. 

 

Data Retention: 

 

The charity retains personal data for as long is appropriate to provide our services, in accordance with legal, tax, and accounting requirements. Where personal data is no longer required, we will ensure it is disposed of in an appropriate and secure manner.  

 

If we change our Privacy Policy, we will make the changes on this page. Continued use of this service will signify that you agree to any such changes without prior approval. 

  

You may request the removal of your data at any time by contacting our administrator at admin@mindovermountains.org.uk       

 

Data Subject Rights: 

 

Individuals have rights under GDPR law and at any time can request access to any information the charity holds about you and to demand that any inaccurate data be corrected or removed. You also have the right on request to: 

 

  • Be told by whether and for what purpose personal data about you is being processed. 
  • Be given a description of the data and the recipients to whom it may be disclosed. 
  • Have communicated in an intelligible form the personal data concerned, and any information available as to the source of the data. 
  • Be informed of the logic involved in computerised decision-making. 

This information can be provided by emailing admin@mindovermountains.org.uk and this will be provided within 7 days unless requested otherwise. 

If you wish to make a complaint that these rules are not being followed in respect of personal data the Charity holds about you, you should raise the matter with the responsible person. 

If the matter is not resolved to your satisfaction, you have the right to lodge a complaint if you feel the charity has used your data in a way that deem inappropriate. You can contact the supervisory authority in the UK to report a complaint at: https://ico.org.uk/make-a-complaint 

 

Obligations for staff in relation to personal information 

You must comply with the following guidelines at all times: 

  • Do not disclose confidential personal information to anyone except the data subject. In particular, it should not be given to someone from the same family or to any other unauthorised third party unless the data subject has given their explicit written consent to this, or where the person is deemed at risk of immediate harm. 
  • Be aware that those seeking information sometimes use deception in order to gain access to it. Always verify the identity of the data subject and the legitimacy of the request, particularly before releasing personal information by telephone. 
  • Only transmit personal information between locations by fax or e-mail if a secure network is in place, eg, a confidential fax machine or encryption is used for e-mail. 
  • Ensure any personal data you hold is kept securely, either in a locked filing cabinet or, if computerised, it is password protected. 

 

© 2024 Mind Over Mountains

Photography copyright Giles Thurston Photography. Site by Nilexia