Data Protection Policy

Last updated: 17 September 2025

Humshaugh Net Zero CIC (“we”, “our”, “us”) is committed to protecting the personal data we hold about individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out how we collect, use, store, and protect personal data, and the rights of individuals whose data we process.

  1. Purpose

    • The purpose of this policy is to ensure that Humshaugh Net Zero CIC processes personal data in compliance with data protection law, respects individuals’ rights, and maintains transparency.

  2. Scope

    • This policy applies to all personal data held by Humshaugh Net Zero CIC relating to members, investors, staff, volunteers, suppliers, and any other individuals we interact with.

  3. Data Protection Principles

    We comply with the following principles when processing personal data:

    • Lawfulness, fairness, and transparency.
    • Purpose limitation (used only for specified purposes).
    • Data minimisation (only what is necessary).
    • Accuracy (keeping data up to date).
    • Storage limitation (retained only as long as necessary).
    • Integrity and confidentiality (ensuring security).
    • Accountability (demonstrating compliance).

  4. Lawful Bases for Processing

    We process personal data under the following lawful bases:

    • Consent (where individuals have given clear consent).
    • Contract (where processing is necessary for an agreement).
    • Legal obligation (to comply with the law).
    • Legitimate interests (where our interests are not overridden by individuals’ rights).

  5. Data We Collect

    We may collect and process the following personal data:

    • Contact details (name, address, email, phone number).
    • Membership and investment details.
    • Financial information (where legally required).
    • Records of communications with us.
    • Technical information (via our website and IT systems).

  6. Data Security

    • We take appropriate technical and organisational measures to ensure personal data is secure, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.

  7. Data Sharing

    We only share personal data where necessary and lawful, for example:

    • With regulators, auditors, or banks for compliance purposes.
    • With trusted service providers who support our operations.
    • Where required by law.

  8. Data Retention

    • We retain personal data only for as long as necessary to fulfil the purposes we collected it for, and to comply with legal and regulatory requirements.

  9. Individual Rights

    Individuals have the following rights under data protection law:

    • The right to be informed about how their data is used.
    • The right of access to their personal data.
    • The right to rectification of inaccurate or incomplete data.
    • The right to erasure (‘the right to be forgotten’).
    • The right to restrict processing.
    • The right to data portability.
    • The right to object to processing.
    • Rights in relation to automated decision making and profiling.

    Requests to exercise these rights should be directed to us (see Contact section).

  10. Data Breaches

    • In the event of a data breach, we will assess the risk to individuals and notify the Information Commissioner’s Office (ICO) and affected individuals where required by law.

  11. Roles and Responsibilities

    • The Board of Humshaugh Net Zero CIC is responsible for ensuring compliance with this policy and data protection law.
    • All staff, volunteers, and contractors handling personal data must follow this policy.

  12. Contact Us

    If you have any questions about this policy or your data, please contact:

    Humshaugh Net Zero CIC
    10 Beechcroft, Humshaugh, Hexham, NE46 4DN
    action@humshaughnetzero.org
    07900 917047

    You also have the right to complain to the Information Commissioner’s Office (ICO) (www.ico.org.uk).