The Skinners' Company takes its responsibility towards its stakeholders' personal privacy seriously.
Stakeholders are defined as:
Loan Hall client details are handled by The Approved Catering Provider and are not shared with the Skinners' Company.
The General Data Protection Regulation (GDPR) (2018) regulates the way in which personal data relating to the aforementioned is stored and for what purpose it is kept. Data comprises identifiable information held both electronically and as hard copy.
The purpose of this policy is to enable the Company to:
The purpose of the GDPR is to protect the rights and privacy of individuals and to ensure that data about them is not processed without their knowledge and is processed with their consent wherever possible. The previous Data Protection Act (1998) set out eight principles, which remain now that GDPR has been introduced.
These eight principles are that data must:
The Company's stakeholders/data subjects have the following rights under GDPR:
Under GDPR, personal data means 'any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
Personal data should only be kept where there is a legitimate interest to do so. Once obtained it should be used for a specific and lawful purpose without being processed any further. Any personal data should be limited to only that which is relevant. GDPR states that the data should be kept for no longer than is necessary for the purposes for which the personal data is processed.
The Skinners' Company will ensure that all personal data is fairly and lawfully obtained and processed and securely held, in accordance with these principles. It will:
The Skinners' Company has identified the following potential key risks:
The Skinners' Company recognises its overall responsibility for ensuring that each entity complies with its legal obligations.
The Clerk/ Chief Executive Officer acts as the Data Protection Officer. The Clerk will:
(The Clerk's/CEO contact details are shown under section 7: Data Breach)
The Skinners' Company will only process information necessary to carry out its work and to provide or administer activities for Company members, Almshouses schemes, grant giving charities, School Governance and administration of staff.
Retention of data is determined by the following lead processors:
The Hall Director ensures the Company has the means to destroy data by shredding hard copy (aided by an off-site shredding company) and deleting electronic files as soon as they are no longer relevant. The Skinners' Company will only keep the information while an individual is a member, Almshouse resident, grant beneficiary or school governor, or as long as necessary for administration purposes up to a maximum of 2-3 years. Past employee details are kept for as long as pension liabilities exist.
Access to data stored by the Company is restricted to those with a need to know or those data subjects who formally request access to their personal file.
The following security measures will be used to protect data:
If a breach of data security is suspected or occurs the Clerk should be informed.
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Any known breach will be reported by the Skinners' Company to the Information Commissioner's Office (ICO) within 72 hours of its discovery. In the event of a data breach, the Clerk must be informed and the individual(s) whose data is involved in the breach will also be notified. The ICO can apply a fine.
If you suspect a data breach, please contact the Clerk:
020 7236 5629
The Clerk-The Data Controller
The Skinners' Company
Skinners' Hall
8 Dowgate Hill
LONDON
EC4R 2SP
The personal information will only be used for the purposes outlined below.
Processing personal data for the above purpose's entails sharing your information with the Company's trading subsidiary Pellipar Services Company Limited, employees and main contractors. Agreements exist between the Skinners Company and such parties that seek to ensure there must be no further disclosure of such personal data.
It is customary for members of the Court and Livery to have their names and home addresses published in the Company diary.
The diary is posted to members of the Company - including those members who reside oversees.
Members may opt out of this practice by contacting the Clerk - clerk@skinners.org.uk
It is necessary upon taking up Freedom of the City of London via the Skinners' Company, for the Company to provide the City of London's Chamberlain's Court with the recipient's name address and their long format birth certificate, which may also contain identifiable parental information. This information is stored in the Common Hall Register.
The City of London state:
In order to meet our obligations in relation to the register of electors for Common Hall each year, we will share your personal data (name, address, title and livery membership) with the Town Clerk & Chief Executive of the City of London Corporation for electoral purposes pursuant to the City of London Ballot Act 1887. A separate privacy notice setting out how your personal data will be processed by the City of London Corporation is available via: https://www.cityoflondon.gov.uk/footer/privacy-notice
Your Membership Profile contains:
You can edit and update your details in real time.
Access your Membership Profile at any time via the Members Area of the Skinners' Company website: www.skinners.org.uk
Then click onto the Edit My Profile button.
If you experience any difficulties logging in to the Members Area of the website or updating your profile please contact the membership team.
By e-mail: membership@skinners.org.uk
By telephone: 0207 2130551
Please note that the Skinners' Company will not be responsible for any errors you might make.
Applicants applying for accommodation will disclose personal data on their application form. The revised 2018 application form will contain the following clause:
It is part of the trustees' responsibilities to ensure that applicants for almshouses are suitably qualified under the terms of the charity's governing document. Trustees therefore need to investigate the personal circumstances of applicants. If your application for accommodation is successful, the personal data supplied on this form and other information relating to an almshouse appointment will be held on file for the duration of your appointment as a resident and for up to three further years. Some details may be checked with relevant organisations, but none will be disclosed for any inappropriate purpose. You may have access to your personal information on request. If your application is unsuccessful, your application form and all other personal data supplied will be destroyed.
The Skinners' Company Almshouse trustees have carried out a Legitimate Interests Assessment which shows that we feel that it is in the interests of both residents and the charity to hold the following data about residents, and if the charity did not hold this data, it would not be able to fulfil its function with regard to support of residents:
Residents have the right to make a Subject Access Request direct to the Skinners' Almshouse Charity Director, to ask to view the personal data which we hold. Residents have the right to rectification, i.e. to have incorrect information amended.
Every 3 months when Scheme Managers review the information on your Resident Record Sheet with you, you are asked to amend any data and to sign to say that the data is accurate.
Residents also have the right to erasure, i.e. the right to be 'forgotten', if you object to the processing of personal data for legitimate interests. However, you need to be aware that if you exercised the right to erasure, the charity would not be able to fulfil its role in supporting you and ensuring you receive the care you need, for example liaising with your family/friends/next of kin, liaising with your GP/consultants/social services/carers about your health and well-being and enabling the charity's staff to signpost residents to appropriate external care. If a resident requested that their personal data was erased, the charity would make a compelling case for why it needs to process that data.
Residents' personal data is held for a maximum of 2 years after a resident dies or leaves their Almshouse. This is so that the charity can liaise where necessary with a resident's next of kin and/or with a nursing home or care home. All personal data is then destroyed.
In addition to the aforementioned procedures if, at any time, you want to verify, update or amend your personal data or preferences please contact us.
Please provide your full name and date of birth, to help us track your application/resident record. You can contact us as follows:
by email: caroline.hamilton@skinners.org.uk
by telephone: 020 7213 0576
by post:
Director of the Skinners' Almshouse Charity
The Skinners' Company
Skinners' Hall
8 Dowgate Hill
LONDON
EC4R 2SP
Please allow up for 10 working days for us to amend your details.
Applicants applying for grants are required to disclose personal data on their application form. The application forms contain the following clause:
It is the trustees' responsibility to ensure that applicants for grants are eligible according to the (named) charity's funding criteria. Trustees therefore need to understand the personal circumstances of applicants. If your application for a grant is successful, the personal data supplied on this form and other information relating to a grant will be kept for two further years. Some details may be checked with relevant organisations, but none will be shared for any purpose not linked to grant assessment or administration. You may have access to your personal information on request. If your application is unsuccessful, your application form and all other personal data supplied will be anonymised or destroyed.
In addition, if, at any time, you want to verify, update or amend your personal data or preferences please contact us.
Please provide your full name and date of birth, to help us track your application record. You can contact us as follows:
By email: charities@skinners.org.uk
By telephone: 020 7213 0561
By post:
The Grants Manager
The Skinners' Company
Skinners' Hall
8 Dowgate Hill
LONDON
EC4R 2SP
Personal information will be used for the purposes outlined below.
Processing personal data for the above purposes entails sharing personal information with fellow governors, the governed school, Companies House, the Charities Commission and related local authorities.
Information is held for the duration of the governor's term of office and for four years or beyond in case Ofsted or Companies House required evidence.
Under normal circumstances schools and academies do not share the personal data of its pupil or staff population.
However, individual's data may be required by the Skinners' Company to work in support of exclusions, complaints and appeals processes.
A Data Sharing Agreement exists between each of our schools/ academies and the Company in order to regulate this flow of personal data and this forms part of the Privacy Agreement between the schools and the parents.
In these cases, the Skinners' Company will obtain permission via the School to access specific information.
No personal data is held by the Skinners' Company beyond the scope of any inquiry/ process. (This may mean once an inquiry is finished or beyond for required legitimate- legal purposes).
In addition to the aforementioned procedures if, at any time, you want to verify, update or amend your personal data or preferences please contact us.
Please provide your full name and date of birth to help us track your record. You can contact us as follows:
By email: education@skinners.org.uk
By telephone: 020 7213 0556
By post:
Director of Education
The Skinners' Company
Skinners' Hall
8 Dowgate Hill
LONDON
EC4R 2SP
Please allow up for 10 working days for us to amend your details.
The Clerk/ Chief Executive has carried out a Legitimate Interests Assessment which shows that the Skinners' Company believes it has a legitimate interest to hold the above personal data for staff and that we would not be able to perform our job in supporting staff without this information.
The Skinners Company must ensure that it only holds data for staff that is absolutely necessary; the Company must not hold inaccurate data, nor hold data for longer than is necessary; the Company must have a procedure for destroying data and must ensure that staff data (both hard copy and electronic) is protected.
Past employee details are kept for as long as pension liabilities exist.
All computers and laptops must be password protected. The passwords must be STRONG (comprising letters - some uppercase some lowercase, numbers and ideally other characters as well). All staff must change their computer or laptop sign on password on receipt of this protocol and change it regularly.
All data subjects have the right to erasure, i.e. the right to 'be forgotten' and legally the Skinners' Company has to make them aware of this. Documentation should make it clear to all data subjects that if they were to exercise this right, the Company would not be able to do their job properly.
All Company related data subjects have the right to make a Subject Access Request - i.e. to ask to see all their personal data/correspondence with them or about them that the Company holds and to have copies of everything. If a Data Subject asked for this, the Company would be legally obliged to show them everything. Therefore, it is vital that staff have nothing written down that staff would not wish the data subject to read.
When disposing of hard copies of personal data, it must be shredded.
Staff are required to be vigilant about possible data breaches which could occur through hacking/phishing. If in doubt about the source of an email or whether it is genuine, please do not open it and check with the Hall Director or IT support first.
If staff suspect a data breach (e.g. that personal data has got into the public domain) please report it to the Clerk asap., who will report it to the Information Commissioner's Office within 72 hours. Staff must ensure that they always complete Windows updates when prompted.
The Skinners' Company GDPR Policy- Revised November 2020