About Safe Haven – A Ray of Hope
GDPR policy
1. Introduction
Safe Haven – A Ray of Hope (“Safe Haven – A Ray of Hope”) is committed to conducting its operations in accordance with all applicable UK data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy outlines how Safe Haven – A Ray of Hope collects, processes, stores, and disposes of personal data, and the responsibilities of all staff and third parties in ensuring compliance.
Personal Data is defined as any information relating to an identified or identifiable individual. Safe Haven – A Ray of Hope, as a Data Controller, is accountable for ensuring that all personal data is processed lawfully, fairly, and transparently.
2. Scope
This policy applies to:
-
All Safe Haven – A Ray of Hope entities, employees, volunteers, and contractors
-
All personal data processed in relation to Safe Haven – A Ray of Hope’s operations, beneficiaries, donors, partners, and suppliers
-
All processing, including collection, storage, transfer, and destruction, in both electronic and manual forms
This policy excludes personal data of employees, which is governed by a separate HR data policy.
3. Data Protection Officer (DPO)
The DPO is responsible for oversight of data protection within the organisation.
Name:Blessing Olalemi
Contact:info@safehavenhope.com
Staff must contact the DPO if:
-
They are unsure of the legal basis for data processing
-
They are relying on or collecting explicit consent
-
They need to draft privacy notices
-
They are conducting direct marketing or planning to share data with third parties
-
A data breach or complaint has occurred
-
They are conducting a DPIA or engaging in automated decision-making
4. Policy Governance
4.1 Policy Dissemination and Enforcement
All Safe Haven – A Ray of Hope employees and contractors must understand and comply with this policy. Third-party processors must provide assurance of compliance before being granted access to personal data.
4.2 Data Protection by Design
All new projects or systems involving personal data must undergo a Data Protection Impact Assessment (DPIA). Findings must be reviewed and approved by senior management.
4.3 Compliance Monitoring
An annual data protection audit will be conducted. Key areas to be assessed include:
-
Awareness and training
-
Privacy by Design and Default
-
Consent practices
-
Record keeping and retention
-
Third-party data processing
-
Security controls
5. Data Protection Principles
Safe Haven – A Ray of Hope processes personal data according to the following GDPR principles:
| Principle | Description |
|---|---|
| Lawfulness, Fairness and Transparency | Processing must be lawful, fair and transparent to the data subject. |
| Purpose Limitation | Data is collected for specific, legitimate purposes and not used beyond these. |
| Data Minimisation | Only the data needed for the intended purpose is collected and processed. |
| Accuracy | Data is kept accurate and up-to-date. |
| Storage Limitation | Data is stored only as long as necessary for the intended purpose. |
| Integrity and Confidentiality | Data is kept secure against loss, misuse, or unauthorised access. |
6. Accountability
Safe Haven – A Ray of Hope must be able to demonstrate compliance with all six principles. Documentation and records of processing activities will be maintained.
7. Data Collection Guidelines
Personal data should generally be collected directly from the data subject unless:
-
It is necessary for vital interests or legitimate business purposes
-
It is obtained from authorised third parties with appropriate safeguards
If data is collected indirectly, the individual must be informed unless:
-
They already have the information
-
A legal exemption applies
-
Disclosure would breach confidentiality obligations
Notification must be made no later than one year after collection.
8. Review
This policy shall be reviewed annually or sooner if there are significant changes to legislation or organisational practice.
Approved by:
Blessing Olalemi: May 30th
Kerry- Ann Batten: May 29
John Olalemi: May 30th
Last reviewed: May 30th 2025 | Next review: June 2026