GDPR Policy Statement — Daughters of Boudica

GDPR Policy & Statement.

Purpose
Daughters of Boudica is committed to protecting the privacy and security of personal information. This policy explains how we collect, use, store, and safeguard data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Scope
This policy applies to all staff, managers, volunteers, and trustees who have access to personal information on behalf of Daughters of Boudica.

Lawful Basis for Processing
We process personal data under the lawful basis of:
- Consent — when individuals choose to share their details for contact or participation purposes.
- Legitimate Interests — to communicate about wellbeing activities, manage events, and maintain records essential to our charitable operations.

Information We Collect
We collect and store the following personal data:
- Full name
- Email address
- Telephone number
- Any wellbeing information shared voluntarily via email or forms (only when relevant to participation in our services)

How We Collect Data
Personal information is gathered through:
- Online or paper forms
- Email enquiries and correspondence
- Event registrations

How We Use Data
Personal data is used only to:
- Communicate about events, wellbeing support, or related charity activities
- Manage bookings and participation in sessions
- Respond to enquiries

We do not share or sell data to third parties.
Data Access and Storage
- Access to personal data is limited to managers of Daughters of Boudica only.
- Data is stored securely in Google Workspace, protected by password and two-factor authentication.
- Any paper records (if used) are kept in a locked and secure location.

Data Retention
Personal data is retained for one year from the last point of contact, after which it will be securely deleted or anonymised unless further consent is obtained.

Data Subject Rights
Individuals have the right to:
- Access their personal data
- Request correction or deletion
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner’s Office (ICO)
Requests can be made by emailing: hello@daughtersofboudica.org

Data Breach Procedure
In the event of a data breach, managers will assess the situation immediately, contain the breach, and notify the ICO within 72 hours if required.

Review
This policy will be reviewed annually or sooner if regulations or operational practices change.

GDPR & Privacy Statement
At Daughters of Boudica, we value your trust and are committed to protecting your privacy.

We collect only the information necessary to stay in touch and provide wellbeing support — typically your name, email address, and phone number. This information is securely stored on Google Workspace and accessed only by our management team.

We never share your details with third parties.
Your data is held for one year and then securely deleted unless you choose to stay connected.

You can request access to, or deletion of, your data at any time by contacting:
hello@daughtersofboudica.org

For more information about your rights, visit the Information Commissioner’s Office (https://ico.org.uk/).
.

© 2025 Daughters of Boudica CIC. All rights reserved.

Privacy and Confidentiality Policy

Safeguarding Policy and Procedures

GDPR Policy Statement

hello@daughtersofboudica.org