Details of our relevant policies are shown below.
The introduction of the General Data Protection Regulation (GDPR) and new Data Protection Act 2018 affects the way in which organisations handle personal data to protect the rights and freedoms of individuals.
Dewar Arts Awards is committed to managing and safeguarding your data.
This policy statement sets out what you need to know about how we meet our obligations to ensure that your personal data is protected.
Our committment to you and how these changes affect you
Any personal data that Dewar Arts Awards holds about you as an applicant or awardee is now protected to a greater extent by the tighter requirements placed on Dewar Arts Awards under GDPR.
You also have enhanced rights in regards to your data, including the rights to erasure and to object to processing.
As an organisation we collect, use and store personal data for lots of different reasons.
We collect personal data for the purpose of processing funding applications, analysing patterns and trends and to send out invitations to Dewar Arts Awards events.
All of this data is processed in a way that is legal, fair and transparent.
We will never send or sell your data to any other business or organisation.
Your data is only shared with our administrator for processing purposes and with our trustees for decision-making.
What data do we keep and how is this stored?
The Application Stage
The application form is completed and submitted online and it is kept electronically along with 2 references. This information is distributed to our Board of Trustees for discussion at our trustees meeting. Once the meeting concludes, this documentation is then destroyed.
A copy of the application form and the unsuccessful letter are kept electronically for a period of 6 months. Thereafter, the documents are deleted.
For those applicants who are successful, an electronic file of their application form, their references and their award letter is kept along with a record of any subsequent extension applications, progress made and awards granted. To ensure good governance, a breakdown of how the award was spent is also retained. Applicants also submit final reports at the end of their course or project including their results.
The awardees are then asked to submit information for a profile which can be set up for them on our website.
Since our funding originates from the Scottish Government, the application forms, references, progress reports, results and award letters for successful applicants are taken to General Register House in Edinburgh for archiving.
The requirements for the submission of progress, final reports and results is clearly explained in the terms and conditions of each award.
Most information is kept electronically and a series of security measures are taken to keep data secure.
IT equipment contains firewall and anti virus protection.
IT equipment is password protected.
Paper documentation is destroyed once it is no longer needed.
Any paper information which needs to be retained is locked in a secure location.
All banking transactions are cross checked by trustees and our accountants.
Bank details provided by awardees are deleted once they have received their award payment.
Dewar Arts Awards uses Commercial Online Banking which is subject to banking scrutiny measures.
Reporting of Data Breaches
Where a security incident or data breach occurs which has compromised or may compromise personal data then Dewar Arts Awards is in a position to meet our obligations by notifying the Information Commissioner’s Office with 72 hours.
This policy will be monitored and reviewed as appropriate to ensure ongoing compliance with GDPR.