Last Updated June 2022
The Framework
GLL Better is committed to operating in a way that complies fully with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. GLL Better recognises that the personal data legitimately required in order to carry out its business must be collected, processed, stored and disposed of fairly, lawfully and with due regard to confidentiality. GLL Better fully respects your privacy.
GLL has a clear internal framework to enable it to meet its obligations in relation to the seven legally enforceable Data Protection Principles laid out in the GDPR and the 2018 Act. You can view these principles here.
All GLL workers and employees have responsibilities under the Data Protection legislation and are trained appropriately for their specific roles. Managers are trained to ensure that within their areas their staff and workers are aware of their responsibilities and adhere to the relevant requirements and processes.
The details of GLL’s registration (Ref No. Z5607003) can be accessed on the Information Commissioner’s website at https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers
Processing and using your data
GLL clearly states in its Privacy Notice its legal basis for processing your personal data, with whom it shares your data, from whom it receives personal data, and how, and for how long, we store your data. The Notice is accessible online at https://www.better.org.uk/privacy and also sets out your rights as a data subject.
Principally we process your data for the purpose for which we collected it, and we share it only with our joint controllers or third parties engaged in software provision, service provision or storage provision. There will be occasions where we are required to share data outside of those principles, for example disclosures in support of the prevention or detection of crime, or the assessment or collection of tax or duty, or if a disclosure is required by law, by order of a court, or for the purpose of or in connection with any legal proceedings.
Security
Managers and staff within GLL will take all necessary steps to make sure that personal data is kept secure at all times against unauthorised or unlawful loss destruction or disclosure. GLL will retain personal data only for as long as it is needed for its original purpose. Any data no longer required will be deleted or disposed of confidentially and completely. Records deleted on live systems will also be deleted from system back-ups and archives, along with any hard copies.
Data Subject Rights
The Data Protection legislation gives rights to individuals in respect of the personal data held about them. Please refer to the Information Commissioner’s Office website (https://ico.org.uk/your-data-matters) for further information on these rights. You can make a request or enquiry regarding your personal data by emailing privacy@gll.org