GDPR POLICY

 1. Introduction 

The Mothers Daughters Sisters Mentoring Program (hereafter referred to as "MDS Mentoring Program") is dedicated to transparency in handling personal information to meet the requirements of the General Data Protection Regulation (GDPR). We are committed to ensuring the protection of personal data and respecting the privacy of all individuals participating in our mentoring program. This GDPR Policy outlines our practices concerning the collection, use, and safeguarding of the personal data of participants. 

2. Data Collection and Usage 

• Participants' information (names, addresses, telephone numbers, email addresses, social media handles) - To facilitate effective communication, mentor-mentee matching, and program coordination. 
• Media (Pictures and videos) -  To create promotional content, marketing materials, testimonials, or documenting program activities 
• Industry experience (professions, titles) - To help build a picture of the scope of industries and experiences involved in the program 
• Information on Mentoring experience - To ascertain the experience levels of participating mentors 
• Information on networking - To guide in offering networking opportunities 
• Information related to availability and reasons for periods of unavailability -  To assess your suitability for participating in the program's sessions 

3. Data Sources 

• Mentors' data is derived from the information provided in the mentor registration forms, as submitted by the mentor.  
• Mentees data will be obtained from third-party organizations with whom we have established partnerships.  

4. Legal Basis for Processing 

The MDS Mentoring Program processes personal data based on the legal basis of consent, contractual necessity, and legitimate interests, ensuring that the processing is fair, transparent, and aligned with the program's objectives. 

5. Data Sharing 

5.1 Internal Sharing: 

• Information will only be shared internally with staff responsible for operations, administrations, events, and marketing activities. 

5.2 External Sharing: 

• Data will be shared with partnering organizations 
• Data will be shared with third parties for Customer Relations Management (CRM) system support, IT network management, training purposes, and professional advisers. 
• Third parties are obligated to threat data with security and in accordance with the law. 
• Media (videos and pictures) may be used for marketing and promotions such social media campaigns. 

5.3 Consent: 

• Participant consent will be sought before sharing any personal data beyond the scope of program administration, except where required by law. 
• If you do not want consent for third party sharing, you cannot be a participant as we partner with other organizations to make the program successful. 

6. Data Security 

• Personal data will be stored securely and will only be accessible to authorized personnel involved in the administration of the program. 
• Personal data is stored in password-protected electronic systems and, if applicable, encrypted for additional security. 
• Third parties processing data on our behalf are bound by confidentiality and security measures. 

7. Data Retention 

• Personal data will be retained only for the duration necessary to fulfil the purposes outlined in this Policy, and in accordance with legal requirements. 

8. Legal Rights;  

8.1 Accessing Personal Information 

• Access to personal information is free of charge, subject to verification of identity. 
• Unfounded or excessive requests may incur a reasonable fee or may be refused. 
• Withdrawal of consent is allowed, and complaints can be directed to the Information Commissioner’s Office (ICO). 

8.2 Participants have the right to: 

• Access their personal data. 
• Correct inaccuracies in their personal data. 
• Request the deletion of their personal data. 
• Object to the processing of their personal data. 

Requests related to these rights should be submitted to the CEO. 

9. Legal Responsibilities of Volunteers 

• Volunteers are responsible for upholding and adhering to our policy. 
•  Specific responsibilities include not taking or storing pictures of participants on personal devices and securely storing and disposing of beneficiary data. 

10. Data Breach Notification 

In the event of a data breach, the program will promptly assess the situation, take necessary corrective actions, and notify affected individuals and relevant authorities in compliance with GDPR regulations. 

11. Updates to the GDPR Policy 

This policy may be updated periodically, and participants will be informed of any significant changes. The most recent version of the Policy will be available on the program's website. 

By participating in the MDS Mentoring Program, individuals acknowledge and agree to the terms outlined in this GDPR Policy.  

Kindly note that this is a UK GDPR policy. For any inquiries or concerns regarding personal data, participants can contact the program at [info@mdsmentoringprogram.org].