07399111650 runnerscic@gmail.com
Mon – Fri: 8:00am – 7:00pm

Data Protection Policy

Data Protection

1. Introduction

Runners Media CIC is committed to protecting the personal data of its staff, volunteers, service users, and partners. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data is handled lawfully, fairly, and transparently.

This policy explains how we collect, store, process, and protect personal data in line with legal requirements and best practice.

2. Purpose

  • Ensure compliance with the UK GDPR and Data Protection Act 2018.
  • Protect the privacy and rights of individuals whose personal data we collect.
  • Promote transparency in how data is used and stored.
  • Minimise the risk of data breaches or misuse.
Binary Face

3. Scope

  • All personal data processed by Runners Media CIC, whether electronically or in paper form.
  • All directors, staff, volunteers, contractors, and partners who handle personal data on behalf of the organisation.

4. Definitions

  • Personal Data: Any information relating to an identifiable person (e.g. name, contact details, image, IP address).
  • Special Category Data: Sensitive data such as racial or ethnic origin, health information, political views, religious beliefs, etc.
  • Processing: Any action performed on personal data (e.g. collecting, storing, sharing, or deleting).
  • Data Subject: The individual whose personal data is being processed.
  • Data Controller: Runners Media CIC, which determines how and why personal data is processed.
  • Data Processor: A third party that processes data on our behalf (e.g. email marketing services, cloud storage providers).
Policy Book

5. Lawful Bases for Processing

  • Consent – When individuals have given clear permission for their data to be used for a specific purpose.
  • Contract – When processing is necessary to fulfil a contract or service agreement.
  • Legal Obligation – When processing is required to comply with a legal duty.
  • Legitimate Interests – When processing is necessary for the organisation’s operations, unless outweighed by the individual’s rights and freedoms.
  • Vital Interests – To protect someone’s life in emergencies.
  • Public Task – When carrying out an official function or task in the public interest.

6. Types of Data We Collect

  • Contact details (e.g. name, email, phone number, address)
  • Photographs, video, and audio recordings (with consent)
  • Demographic information (age, gender, ethnicity – where relevant)
  • Volunteer or staff application details (e.g. DBS checks, references)
  • Feedback or survey responses
  • Website or social media usage data (e.g. analytics, cookies)

We only collect data that is necessary and relevant for our community, media, or operational activities.

Secure File

7. Data Security

  • Stored securely in encrypted, password-protected digital systems or locked physical storage.
  • Accessed only by authorised personnel.
  • Shared only when necessary, with secure transfer methods.
  • Retained only for as long as necessary (see Section 9).
  • Disposed of securely (e.g. data wiped, paper shredded).

8. Individual Rights

  • Be informed about how their data is used.
  • Access their personal data (Subject Access Request).
  • Request correction of inaccurate or incomplete data.
  • Request erasure (‘right to be forgotten’) in certain cases.
  • Restrict or object to data processing.
  • Request data portability (if applicable).
  • Withdraw consent at any time (where consent is the legal basis).
Data Retention

9. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected.

  • Staff and volunteer records: 6 years after leaving
  • Project-related data (e.g. videos, interviews): 3–5 years or per funding requirements
  • Mailing lists: Until consent is withdrawn
  • DBS and safeguarding records: In line with legal retention periods

An annual review of stored data will be carried out to ensure compliance.

10. Data Sharing and Third Parties

We do not sell or trade personal data. We may share data with:

  • Funders or partners (only with consent or as part of project evaluation)
  • External processors (e.g. cloud services, newsletter providers) under data processing agreements
  • Legal authorities (when legally required)

All third-party data processors must comply with UK GDPR standards.

Data Chart

11. Data Breaches

Any data breach—such as loss, theft, or unauthorised access—must be reported immediately to the Director. We will assess the risk and, if necessary, report to the Information Commissioner's Office (ICO) within 72 hours.

Individuals affected by serious breaches will be informed promptly.

12. Training and Responsibilities

All staff, volunteers, and contractors handling personal data will receive basic data protection training during induction.

The Director or nominated Data Protection Lead will oversee compliance and respond to data-related concerns.

13. Policy Review

This policy will be reviewed every two years or when relevant legislation changes.

The latest version will be made available on our website and in volunteer/staff handbooks

Conclusion

Runners Media CIC values the trust placed in us by our community, partners, and team. We are committed to upholding your privacy and rights by ensuring your personal data is handled lawfully, fairly, and with care.

Phone

We’re interested in working together

07399111650

Email

Have a project in mind? Send a message.

runnerscic@gmail.com

info@runnerscic.org

Location

Registered Address

12 Hessel Street, E1 2LP,UK

Training Address:

1-11 Assembly Passage, E1 4UT,UK

Contact Now

Get In Touch With Us

Contact us and our team will respond to your enquiry with all the necessary details..

Contact Illustration