Privacy & Data Protection Policy (UK GDPR)
Effective Date: 07 May 2026
Review Date: Annually
Organisation: Diaspora Voices Cymru Hub CIC
- Introduction
Diaspora Voices Cymru Hub CIC (“we”, “our”, or “us”) is committed to protecting and respecting the privacy, dignity, and personal information of all individuals who engage with our organisation.
This Privacy and Data Protection Policy explains how we collect, use, store, protect, and manage personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations (PECR)
- Relevant safeguarding and confidentiality obligations
We are committed to ensuring that personal data is handled lawfully, fairly, transparently, securely, and responsibly.
- About Us
Diaspora Voices Cymru Hub CIC is a community-focused organisation working to support diaspora communities through inclusion, dialogue, empowerment, advocacy, cultural engagement, and community development initiatives.
For the purposes of data protection law, Diaspora Voices Cymru Hub CIC acts as the “Data Controller” for the personal information we collect and process.
- The Personal Data We Collect
We may collect and process the following categories of personal information:
Personal Identification Information
- Full name
- Address
- Telephone number
- Email address
- Date of birth (where relevant)
Community Participation Information
- Event attendance
- Programme participation
- Volunteer involvement
- Survey responses
- Community engagement activities
Equality and Diversity Information
Where appropriate and lawful, we may collect:
- Ethnicity
- Language preferences
- Gender identity
- Disability information
- Cultural or community background
This information is collected only where necessary and with appropriate safeguards.
Safeguarding Information
We may process safeguarding-related information where there is a legal or safeguarding obligation to do so.
Website and Technical Information
When using our website, we may collect:
- IP address
- Browser type
- Device information
- Website usage data
- Cookies and analytics data
- How We Collect Information
We collect information through:
- Website contact forms
- Registration forms
- Event sign-ups
- Surveys and questionnaires
- Volunteer applications
- Email or telephone communication
- Social media interaction
- Partner referrals
- Community engagement activities
We only collect information that is necessary for our legitimate organisational purposes.
- Our Lawful Basis for Processing Data
Under UK GDPR, we rely on one or more of the following lawful bases:
Consent
Where you have given clear consent for us to process your information.
Legitimate Interests
Where processing is necessary for our legitimate community and organisational activities.
Legal Obligation
Where we are legally required to process or retain information.
Vital Interests
Where processing is necessary to protect someone from serious harm.
Public Task
Where activities support community development, inclusion, safeguarding, or social wellbeing objectives.
For special category data (such as ethnicity or health-related information), we apply additional lawful conditions under Article 9 UK GDPR.
- How We Use Personal Information
We may use personal information to:
- Deliver community programmes and services
- Communicate with participants and volunteers
- Manage events and registrations
- Monitor participation and impact
- Improve our services and activities
- Meet safeguarding responsibilities
- Comply with legal obligations
- Manage recruitment and volunteering
- Respond to enquiries or complaints
- Produce anonymised reporting for funders and partners
We will never sell personal data to third parties.
- Sharing Personal Information
We only share personal data where necessary, lawful, and proportionate.
Information may be shared with:
- Local authorities
- Safeguarding agencies
- NHS or health partners
- Funding bodies (anonymised where possible)
- Professional advisers
- IT and website service providers
- Regulatory or legal authorities
We require all third parties to respect the security and confidentiality of personal data.
- Safeguarding and Confidentiality
Where safeguarding concerns arise, confidentiality may need to be breached to protect an individual from harm.
Safeguarding disclosures may be shared with appropriate authorities where:
- There is a risk of harm
- A legal duty applies
- A safeguarding referral is required
All safeguarding information will be handled sensitively and securely.
- Data Storage and Security
Diaspora Voices Cymru Hub CIC takes appropriate technical and organisational measures to protect personal data against:
- Unauthorised access
- Loss or theft
- Misuse
- Disclosure
- Damage or destruction
Security measures include:
- Password-protected systems
- Secure cloud storage
- Restricted access controls
- Confidentiality obligations
- Staff and volunteer training
- Data Retention
We only retain personal information for as long as necessary.
Retention periods depend on:
- Legal obligations
- Safeguarding requirements
- Funding requirements
- Operational necessity
When information is no longer required, it will be securely deleted or destroyed.
- Your Rights Under UK GDPR
Under UK GDPR, individuals have the right to:
- Access their personal data
- Request correction of inaccurate data
- Request erasure of data (“right to be forgotten”)
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner’s Office (ICO)
Requests will normally be responded to within one calendar month.
- Cookies and Website Analytics
Our website may use cookies and analytics tools to improve user experience and monitor website performance.
Cookies may collect:
- Browser information
- Device information
- Website usage statistics
Users can manage cookie preferences through their browser settings.
A separate Cookie Policy may also apply.
- Children and Young People
Where we engage with children or young people, additional safeguarding and data protection measures will apply.
We will:
- Obtain parental or guardian consent where appropriate
- Minimise data collection
- Ensure information is handled safely and responsibly
The welfare and privacy of children are paramount.
- International Data Transfers
Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place in accordance with UK GDPR requirements.
- Data Breaches
Any suspected or actual data breach will be:
- Investigated promptly
- Recorded appropriately
- Reported where legally required
Where a breach poses a risk to individuals’ rights and freedoms, we may notify:
- The Information Commissioner’s Office (ICO)
- Affected individuals
- Contact Information
For questions, concerns, or requests relating to this policy or personal data, please contact:
Diaspora Voices Cymru Hub CIC
Email: info@diasporavoices.org.uk
Telephone: +44 7833832260
Location: Wales, United Kingdom
- Complaints
If you are unhappy with how we handle your personal information, you have the right to complain to the Information Commissioner’s Office (ICO).
Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk
Telephone: 0303 123 1113
We encourage individuals to contact us first so we can attempt to resolve concerns directly.
- Policy Review
This policy will be reviewed annually or sooner where:
- Legislation changes
- Organisational changes occur
- New services or technologies are introduced
- Regulatory guidance is updated
Diaspora Voices Cymru Hub CIC is committed to maintaining high standards of privacy, transparency, accountability, and data protection compliance.
Approval
Approved by: Motunrayo Shodimu
Position: Director Operations
Date: 07/05/2026
