top of page

Data Protection Policy

1. Purpose

South Gloucestershire Armed Forces Day is committed to protecting the privacy and personal information of everyone we work with, including veterans, serving personnel, reservists, military families, volunteers, supporters and partner organisations.

This policy explains how we collect, store, use and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to:

  • All volunteers

  • Committee members

  • Anyone acting on behalf of South Gloucestershire Armed Forces Day

3. Information We Hold

We may collect:

  • Names

  • Email addresses

  • Telephone numbers

  • Postcodes

  • Armed Forces community connection

  • Communication preferences

  • Volunteer information

  • Emergency contacts (where appropriate)

4. Our Principles

We will ensure personal information is:

  • Processed lawfully, fairly and transparently.

  • Collected only for legitimate purposes.

  • Kept accurate and up to date.

  • Limited to what is necessary.

  • Stored securely.

  • Retained only as long as necessary.

  • Protected against loss or unauthorised access.

5. Responsibilities

The committee is responsible for ensuring compliance with this policy.

All volunteers must:

  • Keep personal information confidential.

  • Only access information needed for their role.

  • Never share contact lists without permission.

  • Report any suspected data breach immediately.

6. Storage

Personal information will normally be stored in:

  • Google Forms

  • Google Sheets

  • Google Drive

Access will only be given to authorised committee members.

Passwords must be strong and two-factor authentication should be enabled wherever possible.

7. Sharing Information

We will not sell or distribute personal information.

Information will only be shared:

  • With the person's consent.

  • Where legally required.

  • Where necessary to organise events or provide agreed services.

8. Retention

We will review contact lists annually.

Information that is no longer needed or where consent has been withdrawn will be securely deleted.

9. Data Breaches

Any suspected loss, theft or unauthorised disclosure of personal information must be reported to the Chair as soon as possible.

The committee will investigate and take appropriate action.

10. Review

This policy will be reviewed annually or sooner if legislation changes.

bottom of page