Privacy and the GDPR
Poems in the Waiting Room (PitWR), as a UK registered charity, is subject to the General Data Protection Regulations, (GDPR, May 2018). This note sets out how our charity complies with the regulations. Terms in bold are those used in the GDPR.
GDPR covers the collection, holding, processing and use of personal data.
Poems in the Waiting Room is a 'data controller' holding the names, addresses and email addresses of those we have contact with as part of the operation of the charity. We do not hold bank account details, medical records or any other personal information.
What personal data we have?
We hold names, postal addresses and in some cases email addresses for the following 'data subjects':-
All the personal data we use is received from the data subjects themselves via their correspondence with us direct, or via the online donation system that we use. Missing data, for example post codes, may be obtained from public sources.
Why do we hold this data?
How is the personal data protected?
How is the personal data processed?
We have three 'data processors' associated with our charity who work with the personal data we hold as follows:
We do not, and will not in future, pass personal data on to any other organisation for any purpose not listed above.
How long is the personal data held for?
As of May 2018, personal data is held indefinitely, though this practice is under review. However in the following circumstances we will delete the personal data we hold:
Contact Poems in the Waiting Room by post or email, and we will ensure that personal data we hold about you will be deleted.
GDPR covers the collection, holding, processing and use of personal data.
Poems in the Waiting Room is a 'data controller' holding the names, addresses and email addresses of those we have contact with as part of the operation of the charity. We do not hold bank account details, medical records or any other personal information.
What personal data we have?
We hold names, postal addresses and in some cases email addresses for the following 'data subjects':-
- Donors to PitWR.
- Friends of PitWR – donors who have opted to join our Friends scheme
- Purchasers of our Collected Edition
- Poets who submit poems
- Practice managers who run healthcare waiting rooms.
All the personal data we use is received from the data subjects themselves via their correspondence with us direct, or via the online donation system that we use. Missing data, for example post codes, may be obtained from public sources.
Why do we hold this data?
- To acknowledge and provide receipts for donations
- To deliver the poetry card scheme which is our principle charitable activity
- To provide news to Friends of PitWR
- To co-ordinate the consideration of submitted poems for use in the poetry card
- To handle the sale of copies of the Collected Edition and answer any queries arising
How is the personal data protected?
- Data is held both on computer in spreadsheets and email systems, and in manual form, both in a secure premises
- Copies of some personal data are backed up to a password protected account on a cloud-based service, to insure against accidental loss.
- Master copies of the data are held for
- Money received by cheque payment, plus the value and purpose of the money received
- Surgeries, including if a Friend supports the supply of cards
- Friends, including when they last donated
How is the personal data processed?
We have three 'data processors' associated with our charity who work with the personal data we hold as follows:
- Our Friends scheme manager, who receives correspondence, and logs personal data relating to
- donations
- requests from practice managers to receive our poetry cards
- requests to joining the Friends scheme,
- purchase of our Collected Edition
- Our printers, who receive copies of name and address data for
- Practice managers, so that printed copies of our poetry card can be posted to them.
- Friends of PitWR, so that copies of the Friends newsletter can be posted to them
- Our submissions manager, who collates the names and addresses of poets who submit poems for consideration, so that permission can be requested should the poems be selected, and appropriate acknowledgement given.
We do not, and will not in future, pass personal data on to any other organisation for any purpose not listed above.
How long is the personal data held for?
As of May 2018, personal data is held indefinitely, though this practice is under review. However in the following circumstances we will delete the personal data we hold:
- Where posted packs of poetry cards are returned to us, in which case the practice manager name and address of the practice are deleted from the Master spreadsheet
- Where posted copies of Friends newsletters are returned to us, the name and address of the Friend are removed from the Master spreadsheets
- Where we have not had a further donation from a Friend two years after their first donation we remove their data from the Master spreadsheet.
Contact Poems in the Waiting Room by post or email, and we will ensure that personal data we hold about you will be deleted.