Privacy Policy Highland & Islands Blood Bikes

Privacy Policy

1.0 Policy Objective
Highland and Islands Blood Bikes (HAIBB) is committed to protecting the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we collect, use, store, and protect personal data.
If you have any questions about this policy, please contact our secretary at secretary@haibloodbikes.co.uk
Phone: 0843 289 7577
Address: Highland & Islands Blood Bikes, Unit 4 Highland House, 20 Longman Rd, Inverness, IV1 1RY

2.0. Who is Responsible for this Policy
The Secretary is responsible for the maintenance of this policy. A Trustee(s) is responsible for approval of the policy. All volunteers are responsible for the observance and success of this policy and should ensure that they take the time to read and understand it.

3.0. When will this Policy be reviewed
The policy will be reviewed a maximum of two year following its approval.

4.0. How will changes be notified
The latest version of the policy will be made available to members within ‘Three Rings’, under Filestore/Members Area. New versions will be announced via email to all members.

5.0. Key Terminology
• Personal Data: Any information that identifies an individual.
• Data Controller: HAIBB, which determines the purpose and means of data processing.
• Processing: Any operation performed on personal data (e.g., collection, storage, deletion).
• Data Subject: Individual(s) whose personal data is collected.

6.0 Legal Basis for Processing Personal Data
Under Article 6 of UK GDPR, HAIBB processes personal data under the following lawful basis:
• Legitimate interest: Managing volunteers and service provision.
• Legal obligation: Compliance with UK laws and regulations.
• Consent: When required, such as for marketing / PR communications.

7.0. Data We Collect
We collect the following types of personal data:
• Volunteer information: Name, contact details, next of kin, qualifications (e.g., driving records), police check (disclosure), shift details, and onboarding/training history.
• Suppliers, Supporters and donors: Name, contact details, and donation history/ purpose.
• Website users: IP addresses, cookies, and analytics data (Google Analytics).
We do not collect special category data (e.g., race, religious beliefs etc.) unless required for legal or safety reasons.

8.0. How We Use Personal Data
We process personal data to:
• Manage volunteer operations and schedules.
• Maintain compliance with NHS agreements.
• Respond to enquiries and communicate with supporters.
• Improve our website and services.
We do not use personal data for unsolicited marketing.

9.0. Data Retention Policy
We retain personal data for:
• Volunteer records: Duration of service + 1 year.
• Financial records (donations, grants): 6 years (legal compliance).

• Website analytics: 26 months (Google Analytics standard retention).

10.0. Data Protection & Security
HAIBB implements security measures to protect personal data, including:
• Encrypted storage of electronic records.
• Limited access controls for authorised personnel.
• Regular reviews of security procedures.
In the event of a data breach, HAIBB will assess the risk and notify affected individuals and the Information Commissioner’s Office (ICO) within 72 hours, where required.
ICO Report a Breach

11.0. Data Subject Rights
Under UK GDPR, individuals have the right to:
• Access: Request a copy of personal data.
• Rectification: Correct inaccuracies.
• Erasure: Request deletion (subject to legal obligations).
• Restriction: Limit processing.
• Objection: Withdraw consent where applicable.
• Portability: Request transfer of data.
To exercise your rights, contact our Secretary at secretary@haibloodbikes.co.uk ICO Guide to Individual Rights

12.0. Third-Party Data Sharing
We do not sell or share personal data except where necessary:
• Service providers: IT support, cloud storage, or financial transaction processors.
• Legal authorities: Where required by law (e.g., HMRC for tax compliance).
• Analytics services: Google Analytics (anonymised data only).

13.0. Website Cookies & Analytics
Our website uses cookies for:
• Website functionality.
• Analytics to improve user experience (Google Analytics).
You can manage cookie preferences via browser settings or our cookie consent tool. ICO Guide to Cookies

14.0 Vehicle Tracking & Camera Data
HAIBB operates vehicles equipped with GPS tracking devices and onboard cameras for safety, operational efficiency, and compliance with legal obligations. The data collected includes:
• GPS location data: Real-time vehicle tracking for route management and safety.
• Onboard camera footage: Recording of journeys for accident investigation, insurance claims, and security purposes.

14.1 Legal Basis for Processing
We process this data under the following legal bases:
• Legitimate Interest: To ensure operational management and volunteer safety.
• Legal Obligation: Compliance with road traffic laws and insurance requirements.

14.2 How Long We Store This Data
• GPS tracking data: Stored for 3 Years (by RAM Tracking) for operational review and safety audits.
• Camera footage: Stored for 30 days, unless needed for investigations or legal purposes.

14.3 Who Has Access to This Data?
• HAIBB operations team for route management and volunteer safety.
• Insurance providers in case of accidents.
• Law enforcement agencies if required by law.

If you have concerns regarding vehicle tracking or camera usage, please contact our Operations Manager at operations@haibloodbikes.co.uk