Policy statement

CHFG is committed to a policy of protecting the rights and privacy of individuals, CHFG needs to collect and use certain types of Data in order to carry on our work. This personal information must be collected and dealt with appropriately.

The Data Protection Act 1998 (DPA) governs the use of information about people (personal data). Personal data can be held on computer or in a manual file, and may include names, email addresses, minutes of meetings, and photographs from events. CHFG will remain the data controller for the information held. CHFG and its volunteers will be personally responsible for processing and using personal information in accordance with the Data Protection Act.

The Trustee Board members, staff and volunteers running CHFG who have access to personal information, will be expected to read and comply with this policy.


The purpose of this policy is to set out CHFG’s commitment and procedures for protecting personal data. CHFG regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal with.

Legal Requirements

Data are protected by the Data Protection Act 1998, which came into effect on 1 March 2000. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data are not processed without their knowledge or their consent.
Purpose of data held by CHFG
Data may be held by us for the following purposes:

  1. Staff Administration
  2. Fundraising
  3. Realising the objectives of the Charity
  4. Newsletter
  5. Promoting events (we will not use information for direct marketing)
  6. Information and Databank Administration
  7. Research
  8. Volunteers

Data Protection Principles

In terms of the Data Protection Act 1998, we are the ‘data controller’, and as such determine the purpose for which, and the manner in which, any personal data are, or are to be, processed. We must ensure that we have:

  1. Personal data shall be processed fairly and lawfully
  2. Processed for limited purpose

We will not use data for a purpose other than those agreed above. If the data held by us are requested by external organisations for any reason, this will only be passed if data subjects agree in writing that we may pass on their contact details. Data subjects can unsubscribe from our mailing list at any time and all email correspondence contains the option to unsubscribe. Once you have unsubscribed you will no longer receive correspondence from us. We have strict procedures for joining our mailing list and use a ‘double opt in’ procedure whereby, once the form has been completed, a confirmation email will be sent for agreement.

  1. Adequate, relevant and not excessive

CHFG will only gather information to meet our manifesto aims.  This includes the subjects name, email address, job title, organisation, location, involvement with CHFG and areas of interest.

  1. Accurate and up-to-date

We will occasionally ask our supporters to update their data where relevant. All amendments will be made immediately. It is the responsibility of individuals and organisations to ensure the data held by us are accurate and up-to-date. Completion of an appropriate form (provided by us) will be taken as an indication that the data contained are accurate. Individuals should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of CHFG to act upon notification of changes to data, amending them where relevant.

  1. Processed in accordance with the individual’s rights

All individuals that CHFG hold data on have the right to:

  • be informed upon the request of all the information held about them within 30 days;
  • prevent the processing of their data for the purpose of direct marketing;
  • the removal and correction of any inaccurate data about them;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling
  1. Secure

Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information. The Data Processor is Mailchimp, please click here to review their policy.