1. Purpose

The purpose of this Data Protection Policy is to outline the principles and procedures that Be One follows to ensure compliance with data protection laws and regulations, protect the privacy and security of personal data, and inform individuals about their rights regarding their personal data.

  1. Scope

This policy applies to all personal data collected, processed, stored, or transmitted by Be One, whether in electronic or manual format, and applies to all employees, volunteers and third-party service providers who handle personal data on behalf of Be One.

  1. Data Protection Principles

Be One adheres to the following data protection principles:

– Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and in a transparent manner.

– Purpose limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

– Data minimisation: Personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

– Accuracy: Personal data is accurate and, where necessary, kept up to date.

– Storage limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

– Integrity and confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

  1. Responsibilities

– The Data Protection Officer (DPO), appointed by Be One, is responsible for overseeing compliance with data protection laws and regulations, developing and implementing data protection policies, and providing guidance on data protection matters.

– All employees, volunteers, and third-party service providers are responsible for ensuring the confidentiality, integrity, and security of personal data they handle and for complying with data protection laws, regulations, and policies.

  1. Data Collection and Processing

– Personal data is collected and processed lawfully, fairly, and transparently, with individuals informed of the purposes for which their data is processed.

– Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

– Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

– Personal data is kept accurate and, where necessary, up to date.

  1. Data Security

– Be One implements appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data and to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

– Access to personal data is restricted to authorised individuals on a need-to-know basis, and volunteers and employees are trained on data protection principles and procedures.

– Personal data is stored securely, with access controls, encryption, and other security measures implemented as necessary.

  1. Data Subject Rights

– Individuals have the right to access, rectify, erase, restrict processing, object to processing, and data portability regarding their personal data held by Be One.

– Be One responds to data subject requests promptly and in accordance with applicable data protection laws and regulations.

  1. Data Breach Management

– Be One has procedures in place to detect, report, and investigate personal data breaches.

– In the event of a data breach, Be One notifies the relevant supervisory authority and affected individuals as required by law and takes appropriate remedial action to mitigate the impact of the breach.

  1. International Data Transfers

– Personal data transfers are conducted in compliance with applicable data protection laws and regulations, with appropriate safeguards implemented to protect the privacy and security of personal data.

  1. Data Protection Training and Awareness

– Be One provides regular training and awareness programmes to employees and volunteers on data protection laws, regulations, and policies to ensure understanding and compliance.

  1. Policy Review

– This Data Protection Policy is reviewed regularly and updated as necessary to ensure compliance with changes in data protection laws, regulations, and best practices.

  1. Contact Information

– For inquiries or concerns regarding data protection practices at Be One Charity, please contact the Data Protection Officer by emailing members@beone.foundation