Privacy Policy

Your privacy is important to us

Wildlife Trusts Wales
Data Protection Policy


Wildlife Trusts Wales is committed to good practice in the handling of personal data and careful compliance with the requirements of the Data Protection Act and GDPR. Wildlife Trusts Wales is committed to good data management, to protect people from harm. In the main this means keeping information securely in the right hands, and holding good quality information.
Wildlife Trusts Wales also ensures that it takes account of the legitimate concerns of individuals about the ways in which their data may be used. In particular, Wildlife Trusts Wales aims to be open and transparent in the way it uses personal data and, where relevant, to give individuals a choice over what data is held and how it is used.

The most important risks which this policy addresses are:
Negligent loss of data that would cause concern to people whose data was lost and would seriously affect Wildlife Trusts Wales’s reputation. Inappropriate disclosure of data about supporters, donors and those involved in our activities.
• Due to low volumes of data there is a potential lack of sufficient familiarity to the ways of data handling
• Errors in the way data on vulnerable people is collected, handled, used or authorised
• Operational procedures and guidance to paid staff and volunteers (in staff handbook) set out more detailed ways in which these risks can be managed and the objectives achieved.

The Board of Trustees of Wildlife Trusts Wales recognises its overall legal responsibility for Data Protection compliance.
Day to day responsibility for Data Protection is delegated to the Chief Executive Officer as the nominated Data Protection Controller. The main responsibilities of the Data Protection Controller are:
• Briefing the board on their and Wildlife Trusts Wales’s Data Protection responsibilities
• Reviewing Data Protection and related policies
• Managing data sharing
• Advising other staff and volunteers on Data Protection issues
• Ensuring that Data Protection induction and regular training takes place
• Approving unusual or controversial disclosures of personal data
• Approving contracts with Data Processors (external contractors and suppliers of outsourced services)
• Notification (i.e. registration with the Information Commissioner)
• Handling requests from individuals for their personal data
All staff have the following responsibilities:
• Assisting the Data Protection Controller in identifying aspects of their area of work which have Data Protection implications so that guidance can be provided as necessary
• Ensuring that their activities take full account of Data Protection requirements
• Including Data Protection and confidentiality in the induction and training of all staff and through guidance to volunteers involved in data processing.
All staff and volunteers are responsible for understanding and complying with the procedures that Wildlife Trusts Wales has adopted to ensure Data Protection compliance. Volunteers who hold data on participants in activities, however informally, are required to recognise that they hold this data on behalf of Wildlife Trusts Wales and that they must follow relevant Trust policies and procedures at all times.

Confidentiality and security
Wildlife Trusts Wales recognises that a privacy policy on confidentiality of personal data, in particular that of donors, supporters and participants in our activities, underpins security. It also maintains a series of guidelines that set out how staff and volunteers are authorised to access which data and for which purposes. In particular, these clarify when data may be disclosed outside Wildlife Trusts Wales and whether such disclosures require the individual’s consent. All staff and volunteers are required to abide by any security measures designed to protect personal data from loss, misuse or inappropriate disclosure.

Specific legal provisions
Wildlife Trusts Wales maintains an up to date Notification with the Information Commissioner as required by law.
All contracts between Wildlife Trusts Wales and external data processors are reviewed by the Data Protection Controller for compliance with Data Protection Act requirements.