Privacy Policy

Syrian British Professionals Network (SBPN) – Privacy Policy
Effective Date: 24/02/2025

1. Introduction
The Syrian British Professionals Network (SBPN) is committed to ensuring the privacy, security, and proper handling of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines SBPN's responsibilities and procedures for managing personal data.

2. Scope
This policy applies to all SBPN staff, offices, committees, volunteers, members, and third parties who may process or handle personal data on behalf of the organisation.

3. Data Protection Principles
SBPN adheres to the following key principles of data protection:

Lawfulness and Transparency: Personal data must be processed lawfully and transparently.

Purpose Limitation: Data will be collected for specific, explicit, and legitimate purposes.

Data Minimisation: Only necessary data will be collected and processed.

Accuracy: Personal data will be kept accurate and up to date.

Storage Limitation: Data will not be retained for longer than necessary.

Integrity and Confidentiality: Data must be processed securely to prevent unauthorised access.

4. Legal Basis for Processing Personal Data
SBPN processes personal data based on the following legal grounds:

Consent: Where individuals provide explicit consent.

Contractual Obligation: Where processing is necessary to fulfil contractual obligations.

Legal Compliance: Where required by legal obligations.

Legitimate Interests: Where necessary for SBPN’s legitimate interests, provided it does not override individual rights.

5. Data Collection and Processing
SBPN collects and processes personal data for the following purposes:

Managing and registering memberships.

Organising and coordinating events.

Communicating with members.

Complying with legal and regulatory requirements.

Data is collected via SBPN’s official website, which uses HTTPS/SSL encryption protocols to secure all data in transit.

6. Data Security Measures
SBPN implements appropriate security measures to protect personal data, including:

Restricting access to authorised personnel only.

Secure storage of physical and electronic records.

Encrypting and password-protecting digital files.

Data and files are stored on Google Cloud and Google Drive using industry-standard AES-256 encryption.

Only executive members of SBPN—specifically the registered directors and guarantors—are permitted to access member data.

Regular staff training on data security.

7. Data Sharing and Disclosure
SBPN will only share personal data when necessary and with appropriate safeguards, including:

Service providers or partners under data processing agreements.

When legally required (e.g. by regulatory or judicial authorities).

With the individual’s consent for a specific purpose.

8. Individual Rights
Under the UK GDPR, individuals have the following rights:

Right of Access: To request access to the personal data held by SBPN.

Right to Rectification: To request correction of inaccurate or incomplete data.

Right to Erasure: To request deletion of personal data (subject to legal obligations).

Right to Restrict Processing: To request temporary restriction of data processing.

Right to Data Portability: To request transfer of data to another organisation.

Right to Object: To object to processing based on legitimate interests.

Right to Withdraw Consent: To withdraw consent at any time, where applicable.

9. Data Breach Reporting
In the event of a data breach, SBPN will:

Assess the severity and impact of the breach.

Report serious breaches to the Information Commissioner's Office (ICO) within 72 hours.

Notify affected individuals if necessary.

Implement corrective actions to prevent future breaches.

10. Data Retention Policy
SBPN will retain personal data only as long as necessary for legal and operational purposes. Retention periods include:

Membership records: 5 years after membership ends.

Financial records: 6 years (in line with UK tax law).

Event participation data: 2 years.

Email communications: Up to 1 year unless a longer retention is required.

11. Responsibilities

SBPN Board of Trustees: Oversees compliance with data protection laws.

Data Protection Officer (DPO): Manages data security, breach response, and compliance.

SBPN staff and volunteers: Must follow data protection policies and report any breaches.

12. Contact and Complaints
If you have any questions or concerns regarding this policy or your personal data, please contact:

Data Protection Officer Syrian British Professionals Network (SBPN)

If you believe SBPN has not handled your data correctly, you have the right to file a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

13. Policy Review
This policy will be reviewed annually or as necessary in line with changes in UK data protection laws.

Approved by: Founding Committee of the Syrian British Professionals Network (SBPN)Date: 07/03/2025