info@inspirehounslow.co.uk
Become a trustee

REVISED INSPIRE HOUNSLOW PRIVACY & DATA PROTECTION POLICY

  1. Introduction 

 Inspire Hounslow is a grant-giving charity which focuses upon providing funds to local charities in the borough to run grass-roots projects.

Inspire Hounslow is committed to providing an environment that respects the identity, dignity, rights, and values of each individual.

2.   Policy statement

This policy is one of a suite of good practice policies and commitments which have been approved by Inspire Hounslow’s Board and are in place so that Inspire Hounslow can meet its responsibilities under legislation.

3.   Purpose and scope

The purpose of this Data Protection Policy is to ensure that Inspire Hounslow (“the Charity”) processes personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection laws. This policy outlines how we collect, store, process, and protect personal data, and ensures transparency and accountability in all our data processing activities.

This policy applies to all employees, trustees, volunteers, contractors, and third parties who have access to personal data held by Inspire Hounslow. It covers all personal data processed by the Charity, regardless of format (electronic, paper-based, etc.). 

  1. Data Protection Principles 

Inspire Hounslow adheres to the following data protection principles, as set out in the UK GDPR: 

  • Lawfulness, fairness, and transparency – We process personal data lawfully, fairly, and transparently. 
  • Purpose limitation – We collect data for specified, explicit, and legitimate purposes and do not process it further in a way incompatible with those purposes. 
  • Data minimisation – We only collect and process the data that is adequate, relevant, and limited to what is necessary. 
  • Accuracy – We ensure that personal data is accurate and kept up to date. 
  • Storage limitation – We retain personal data only as long as necessary for the purposes for which it was collected. 
  • Integrity and confidentiality – We ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage. 
  1. Lawful Basis for Processing 

We only process personal data where there is a lawful basis under the UK GDPR. These may include: 

  • Consent 
  • Contractual necessity 
  • Legal obligation 
  • Vital interests 
  • Public task 
  • Legitimate interests (balanced against individuals’ rights and freedoms) 
  1. Data Subjects’ Rights 

Inspire Hounslow recognises and respects individuals’ rights under data protection law. These include: 

  • Right to be informed 
  • Right of access 
  • Right to rectification 
  • Right to erasure (“right to be forgotten”) 
  • Right to restrict processing 
  • Right to data portability 
  • Right to object 
  • Rights related to automated decision-making and profiling 

Requests from data subjects will be handled in accordance with our Data Subject Rights Procedure. 

  1. Data Collection and Use 

We collect and use personal data only for purposes relevant to our charitable objectives, including but not limited to: 

  • Grant applications and administration 
  • Project delivery and monitoring 
  • Volunteer and staff management 
  • Communications and fundraising 
  • Governance and compliance 

We inform data subjects about the use of their data via appropriate privacy notices. 

  1. Data Sharing 

We only share personal data with third parties when necessary and with appropriate safeguards in place.

These include: 

  • Trusted service providers (e.g., IT and cloud services) 
  • Funding or regulatory bodies 
  • Partner organisations (where appropriate and with consent or lawful basis) 

We conduct due diligence and ensure data processing agreements are in place where required. 

  1. Data Security 

We implement appropriate technical and organisational measures to secure personal data, including: 

  • Secure storage (e.g., encrypted devices, password-protected systems) 
  • Access controls based on roles and need-to-know 
  • Regular data security reviews and staff training 
  • Data breach reporting procedures 
  1. Retention and Disposal 

We retain personal data only as long as necessary, in line with our data retention schedule. Data that is no longer needed is securely deleted or destroyed. 

  1. Accountability and Governance 

Inspire Hounslow maintains appropriate records of processing activities and regularly reviews policies and procedures. 

Key roles include: 

  • Data Protection Officer – Oversees data protection compliance and acts as a point of contact. 
  • Trustees and Management – Ensure organisational accountability. 
  1. Data Breach Reporting 

All data breaches must be reported immediately to the Data Protection Lead. Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours, where required. 

  1. Responsibilities 
  • all staff and volunteers are responsible for: 
    • Understanding and complying with this policy 
    • Completing data protection training 
    • Reporting any concerns, breaches, or incidents promptly 
  • the Trustees are responsible for developing and reviewing this policy 
  • the Chair has overall responsibility for overseeing operation of this policy 
  1.  Policy information

 Inspire Hounslow are committed to reviewing our policies and good practice every two years or in line with legislation changes  

Policy Approved:  15 July 2025

Policy Review:       July 2026

Responsibility:       Chair and Board of Trustees