Policy Hub

Data Protection Policy

Data Protection Policy

PATT Foundation – Data Protection Policy

Agreed by trustees March 2018

1. Introduction

1.1 PATT Foundation Ltd (PATT) recognises the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the UK Data Protection Act, incorporating the General Data Protection Regulations (GDPR).

1.2 Where children and vulnerable adults are concerned, PATT’s safeguarding policy shall take precedence.

1.3 PATT is a Data Controller for the purposes of the Data Protection Act. The PATT Treasurer is the person responsible for all data protection matters

1.4 PATT fully endorses and adheres to the six principles of the Data Protection Act. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Trustees and any others who obtain, handle, process, transport and store personal data for PATT must adhere to these principles.

2. The Principles

The six GDPR principles require that personal data is:

  1. a) processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

3. The data that PATT holds, why we hold it and what we do with it

3.1 The following is a list of the personal data we hold on donors/supporters and the format in which it is kept:

a) Details of donors including name, address, bank account and giving details are on the Treasurer’s home PC. This data is held for administration and legal purposes relating to donations (e.g. processing gift aid claims and records and maintaining accounting records).

b) Details of donors including name, address, (some) email addresses, bank account and giving details are also held in paper format, at the Treasurers home address in the form of Gift Aid declarations and standing order mandates. This data is held for administration and legal purposes relating to donations (e.g. processing gift aid claims and records and maintaining accounting records).

c) For donors and supporters that have consented, email addresses are held by the Chair of Trustees on an Excel spreadsheet and Outlook database. This data is held for the purposes of informing individuals of news, events, activities and prayer points.

e) The PATT website collects limited data for someone who wants to donate (name, email address and donation amount) and for someone who wants to join the newsletter (name and email address). This information will be transferred by the PATT webmaster to the Treasurer and Chair to be used for a) and c) above.

All the above information is given freely by the donors.

3.2 The following is a list of the personal data we hold on trustees, in their role as a trustee (and not as a donor/supporter) and the format in which it is kept:

    a) Home address, date of birth and other trusteeships held, held on the Treasurer’s home PC. This data is held for the purpose of Charities Commission records.

3.3 We may, from time to time hold information on individual beneficiaries. This is restricted to name and is used to process payments to ensure that money is given to the correct beneficiary.

3.4 We do not keep any sensitive personal data

4. Consent

4.1 Consent of personal data to PATT must be freely given, specific, informed and unambiguous.

4.2 The PATT website includes our full data privacy statement which is GDPR compliant. The donor form on the website has a consent statement in line with 4.3 below.

4.3. The PATT Gift Aid/Standing Order Form has a consent statement allowing “opt in” only consent for mailing list purposes. There is also a link on the Form to the Data Privacy statement on the website which clearly states what the data collected will be used for.

4.4. Very occasionally consent for data will be given by phone. For example, in an informal telephone conversation with a supporter who shows interest, we may ask for their email address, so we can send the newsletter. Where this happens, we should wherever possible follow up by email to confirm that the supporter has freely given consent for their personal data to be used in this way.

4.5 The need to process data for normal purposes has been communicated to all data subjects.

5. Maintaining Confidentiality

5.1 PATT will treat personal information as private and confidential and not disclose any data to anyone other than the trustees of the charity and legal bodies (e.g. Charities Commission and HMRC) to facilitate the administration and day-to-day work of the charity.

5.2 Information and data stored by PATT will not be distributed in any form such as digital, hard copy or any other form which might breach the GDPR.

5.3 Personal data will not be given or sold to any other person, company or charity.

5.4 All associates who have access to personal data obtained under this policy will be required to agree to and sign this Data Protection Policy.

  1. 5.5 There are four exceptional circumstances to the above permitted by law:
  1. a) Where we are legally compelled to do so
  2. b) Where there is a duty to the public to disclose
  3. c) Where disclosure is required to protect our interest
  4. d) Where disclosure is made at your request or with your consent

6. Deletion and Accuracy of Data

6.1 Data will be held during the time the person is a donor of PATT and for paper data will be deleted 6 years after the donor stops donating. This allows us to comply with statutory rules on Gift Aid.

6.2 If PATT receives a written request from the donor to delete personal data then we will do this within 30 days. The exception to this will be where there is a need to keep statutory records for a longer period.

6.3 If we delete personal data we will also inform any third parties that may have copies of the data and request them to delete the same data.

6.4 PATT strives to keep accurate data in all cases.

6.5 If personal details are found to be inaccurate, they can be amended upon request. If PATT receives a request to check or amend inaccurate data, then we will do this within 30 days.

6.6 If we amend inaccurate data we will also inform any third parties that may have copies of the data and request them to amend the same data.

7. Security of Data

7.1 This section relates to data that PATT holds as per Section 3.

7.2 All home computers that hold FoK personal data are password protected and protected by anti virus software.

7.3 Donation records are held on the Treasurer’s computer, is individually password protected and can only be accessed by selected trustees who have specific permission to do. It is backed up regularly.

7.4 All trustees who store personal information obtained under this policy on any electronic system outside of Donations Co-Ordinator are required to do so in accordance with the principles of the [Data Protection Bill] and to take due care to ensure that the information remains secure using passwords and encryption where appropriate. This includes:

  1. a) Email / telephone / address books held on personal computers, mobile phones, PDA’s etc
  2. b) Data stored on memory sticks and/or portable hard drives

8. Right to access personal data

8.1 Subjects of personal data held by PATT the right (with some legal exceptions) to access any personal data that is being kept about them either electronically or in paper-based filing systems. This right may be withheld if the personal information also relates to another individual.

  1. 8.2 Specifically, all individuals who are the subject of personal data held by PATT are entitled to:
  1. a) Ask what information the charity holds about them and why.
  2. b) Ask how to gain access to it.
  3. c) Be informed how to keep it up to date.
  4. d) Be informed what PATT is doing to comply with its obligations under the Data Protection Bill.

8.3 Any person who wishes to exercise this right should make the request in writing to the Treasurer, using the standard letter which is available on-line from www.ico.gov.uk. PATT reserves the right to charge a reasonable administration fee for each subject access request.

8.4 PATT aims to comply with requests for access to personal information as quickly as possible but will ensure that it is provided within 30 days of receipt of a completed form.

8.5 The ability to request access to data is stated in the FPATT data privacy notice (see 4.2)

9. Data Breaches

  1. 9.1 For PATT a data breach is most likely to happen if:
  1. a) We obtain personal data from a way that is not controlled – i.e. not through the website nor through the Gift Aid/Donor form.
  2. b) We physically lose data – from a Cyber-attack or from physical documents being stolen. We have controls to prevent this from happening as much as we can.
  3. c) We send personal data to someone else without consent (even if by accident).
  4. d) We alter personal data without consent (even if by accident).

9.2 PATT take any suspicions of a data breach seriously and will act immediately to determine whether a breach has occurred.

9.3 Where we are aware of a breach we will notify both the Charities Commission and the ICO within 72 hours, even if we do not have full details of the breach.

9.4 We will notify individuals concerned if there is a risk to them (e.g. if bank details were taken) and will do this within 72 hours.

9.5 All data breaches will be recorded and noted by the trustees at a trustee meeting. In all cases we will discuss whether the breach could have been prevented and what further safeguards we need to put into place.

10. Photographs

10.1 Photographs taken at PATT events may include individuals or groups of individuals attending these events. These photographs will be used solely for PATT advertising, marketing and public relations, and may thus appear in any advertising internal and or external, website or other publicity material.

10.2 The photographer will ask for permission before using such photographs.

Download Policy

Safeguarding Policy

Safeguarding Policy

Plant A Tree Today Foundation – Safeguarding Policy

FINAL Agreed by trustees February 2018

1. Introduction and Scope

1.1 PATT work indirectly with children and vulnerable adults during fundraising and tree planting events.

1.2 This Safeguarding policy applies to all trustees, volunteers and helpers or anyone working or volunteering on behalf of PATT.

1.3 The aim of a safeguarding policy is to ensure an organisation understands its duty to protect its beneficiaries, staff and volunteers, and operate in a safe and secure environment. Therefore, the purpose of this policy is:

  • To protect children and young people who attend PATT events
  • To provide volunteers and staff with the overarching principles that guide PATT’s approach to safeguarding and child protection

1.4 The following definitions of “child” and “vulnerable adult” are used throughout this policy:

  • A child is under 18 years of age, in accordance with the UN Convention on the Rights of the Child
  • A vulnerable adult is a person aged 18 years or over who is or may need community care services by reason of mental or other disability, age or illness; and who is or may be unable to take care of him or herself, or unable to protect him or herself against significant harm or exploitation. This definition comes from the UK Government document “No secrets”.

1.5 We adhere to the UN Convention on the Rights of the Child and have as our starting point as a definition of abuse, Article 19 which states:  

  • “States Parties shall take all appropriate legislative, administrative, social and educational measures to protect the child from all forms of physical or mental violence, injury or abuse, neglect or negligent treatment, maltreatment or exploitation, including sexual abuse, while in the care of parent(s), legal guardian(s) or any other person who has the care of the child.”
  • Such protective measures should, as appropriate, include effective procedures for the establishment of social programmes to provide necessary support for the child and for those who have the care of the child, as well as for other forms of prevention and for identification, reporting, referral, investigation, treatment and follow-up of instances of child maltreatment described heretofore, and, as appropriate, for judicial involvement.
  • Also for adults the UN Universal Declaration of Human Rights, with particular reference to Article 5 which states: “No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment.”

2. Our commitment

2.1 As trustees of PATT we accept the UN Universal Declaration of Human Rights and the International Covenant of Human Rights, which states that everyone is entitled to “all the rights and freedoms set forth therein, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status”. We also concur with the Convention on the Rights of the Child which states that children should be able to develop their full potential, free from hunger and want, neglect and abuse. They have a right to be protected from “all forms of physical or mental violence, injury or abuse, neglect or negligent treatment or exploitation, including sexual abuse, while in the care of parent(s), legal guardian(s), or any other person who has care of the child.”

2.2 As trustees we are committed to build constructive links with statutory and voluntary agencies involved in safeguarding both in the UK and in Thailand.

3.        Working with other organisations

3.1 Where PATT gives grants to other organisations, we will ask to see a copy of the safeguarding policy and be satisfied as to the organisation’s commitment to protecting their beneficiaries, staff and volunteers from any abuse.

4.  Responding to an allegation of abuse

4.1   We will respond without delay to every complaint made that a child, young person or vulnerable adult, for whom we are responsible, may have been harmed by a trustee, volunteer, helper or anyone connected to PATT.

4.2  The person in receipt of allegations or suspicions of abuse should report concerns as soon as possible to Andrew Steel (hereafter the “Safeguarding Co-ordinator”)

4.3 Suspicions must not be discussed with anyone other than those nominated above. A written record of the concerns should be made in accordance with these procedures and kept in a secure place.

4.4 Whilst allegations or suspicions of abuse will normally be reported to the Safeguarding Co-ordinator, the absence of the Safeguarding Co-ordinator should not delay referral to the relevant authorities

4.5 The Trustees will support the Safeguarding Co-ordinator in their role, and accept that any information they may have in their possession will be shared in a strictly limited way on a need to know basis.

4.6 The role of the Safeguarding Co-ordinator is to collate and clarify the precise details of the allegation or suspicion and pass this information on to statutory agencies who have a legal duty to investigate.

4.7 Where the allegation of abuse takes part in the work of one of PATT’s partners then the safeguarding policies and procedures of that organisation will take precedent. However, the trustees of PATT retain the right to obtain information of such abuse and investigations and/or ask for a further independent investigation to take place.

5.   Allegations of abuse against a PATT trustee or volunteer

5.1 If an accusation is made against a PATT trustee or volunteer whilst following the procedure outlined above, the Trustees will need to consider whether to suspend the trustee or volunteer whilst investigations take place and notify any relevant authority .

5.2 In addition to this, consideration should be given to whether a referral should be made to the Disclosure and Barring Service (DBS) which manages the list of those people deemed unsuitable for working with children or vulnerable adults.

5.3 As an allegation of abuse against a child or vulnerable adult is rightly classified as a serious incident by the Charity Commission, the Chair of Trustees will have to immediately report any such allegations to the Charity Commission.

5.4 When visiting FoK projects, wherever possible, a trustee or volunteer of FoK should not be left alone with children or vulnerable adults, unless they have DBS clearance and the beneficiary organisation has cleared them to do so.

6.  Supporting those affected by abuse

6.1 The Trustees are committed to offering pastoral care, working with statutory agencies as appropriate, and support to all those who have been affected by abuse who have contact with or are part of PATT.

Download Policy

Grant Making Policy

Grant Making Policy

Plant A Tree Today Foundation – Grant Making Policy

FINAL Agreed Feb 2018

1. Charitable purpose and objective

1.1. The trustees apply the funds of PATT at their discretion and in accordance with the charitable purposes and objectives of the charity.

1.2. Any trustee can consider a grant and make recommendations in accordance with the charitable purposes and objectives. Any decision whether to award a grant remains solely the responsibility of the trustees. Any grant must be circulated and agreed by a majority of trustees before it is sent.

2. Principles applied in determining support.

In awarding grants, the trustees will apply the following principles;

2.1. The trustees will consider any requests that relate to its primary charitable purpose.

2.2. Each request or situation will be considered on its own merits. Where situations have been previously considered (whether successful or not) any due diligence undertaken to reach an earlier decision will be made available to the trustees.

2.3. The trustees will carry out sufficient due diligence to ensure that the request or situation meets the charitable purposes.

2.4. The trustees are content to work in partnership with other grant making bodies where funding of an entire project is beyond the scope of any single organisation.

3. Applicant and partner due diligence

3.1. The trustees will carry out sufficient due diligence on any potential beneficiary to ensure:

  • The identity of the beneficiary;
  • That funds are applied in accordance with the charity’s charitable purpose;
  • That there are appropriate safeguarding policies in place;
  • That funds are not knowingly used for:
    • o Money laundering in accordance with the operative Money Laundering regulations
    • o Terrorist financing in accordance with the Terrorist Act 2000;
    • o Bribery in accordance with the 2010 Bribery Act.

3.2. In cases where the charity is not the only supporter of the work or project, and to protect its reputation, the trustees may choose to extend any due diligence beyond the proposed beneficiary and to include other partner supporting organisations.

3.3. The trustees will adopt an informal risk rated approach to due diligence. Risk factors will include; the size of the grant; the country of residence of the proposed recipient; the geographical location in which the grant will be applied; the nature of the relationship between the charity and the applicant.

3.4. Grant size will be an important risk factor and the larger the grant the greater will be the likely level of due diligence undertaken.

3.5. Where the proposed beneficiary is well known to the trustees and the relationship has been long standing and well established, the amount of due diligence undertaken is likely to be reduced.

3.6. The results of any due diligence will not last indefinitely. In cases where beneficiaries are supported for a significant period of time, additional due diligence will be undertaken on a change of circumstances that might impact the beneficiary.

4. Administration

4.1. Where specific needs or situations are known, grants may be made at the discretion of the trustees without any form of request.

4.2. For larger grants, trustees should be confident:

  • Of the purpose of the proposed grant including an understanding of the work and the way in which the grant will be managed and applied;
  • Of the person(s) responsible for the management of the grant and for overseeing the work;
  • That all local applicable laws and working practices associated with the work are fully and properly applied;
  • That suitable safeguarding policies are in place in cases where the applicant works with children or vulnerable adults.

4.3. For very large grants, the trustees would expect a written report (on request) setting out the progress and achievements for the period covered against budget and detailing any forthcoming changes to either the nature or the location of ongoing work. This is in addition to the requirements set out in 4.2. Such documentation could include a progress certificate of works done.

4.4. With the agreement of the charity and the beneficiary, grants will be provided by means of an electronic banking transfer. The charity’s normal payment authorisation process will be applied to any payments.

4.5. Where the grant is for a specified project or purpose, and in situations where that purpose does not proceed or where any grant or part thereof remains unused, unused funds must be returned or on agreement of all Trustees allocated to other institution needs.

4.6. Where formal written applications have been received, or other records maintained, these will be stored and subsequently disposed of in accordance with prevailing Data Protection legislation.

4.7 Evidence is required that any grants are used for the purpose for which they are given. The precise nature will vary but could include signature, photographic evidence, or a written report. In addition, trustees may also choose to visit schemes to witness the use of grants.

5. Decision making

5.1. The decision of the trustees on whether to award a grant is final.

5.2. The trustees are not obliged to provide an explanation to applicants in the event that their application is not successful.

Download Policy
Gathering policies...
Gathering policies...
Gathering policies...
Get in touch
Address

C/O Dutton Moore Aldgate House, 1-4 Market Place, Hull, England, HU1 1RS

Connect

info@pattfoundation.org

01482 276 701

Newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
About us

The Plant A Tree Today (PATT) Foundation is a UK Registered Charity established in 2005. We are a passionate and dedicated organisation and with your support we take action against climate change by planting native trees, reforesting areas which have been destroyed through illegal logging, development and agriculture.

What we do
Our MissionWellbeingEducationCommunity
Information
About UsOur ImpactTake ActionOur ProjectsNewsCareers
Useful links
Policy HubBecome a VolunteerMake a DonationMy Account

Copyright © 2023 – PATT Foundation All Right Reserved.
Registered Charity Commission no.1117158

Digital & Technology partner Pan Galactic