Re: SDSN Youth opportunity

1. Why we have this Policy

At SDSN Youth, we're committed to respecting your privacy. The SDSN Youth need to collect and use certain types of information about people (personal data) with whom we deal in order to operate and carry out our legitimate purposes. This Data Protection Policy and Privacy Notice provide information about data protection and how it applies to the internal staff of SDSN Youth, its volunteers, and its potential recruited volunteers, together with providing the steps to be taken by Human Resources Business Partners who have access to or store the personal data of individuals with whom the SDSN Youth Program has or may have a professional relationship.

2. GDPR definitions you should know:

Personal Data: Any information relating to an identified or identifiable natural person

(in this case, the volunteers).

Sensitive Data: This includes Race/ethnicity, Political Opinions, Religious/Philosophical

Beliefs, Union Membership, Genetic Data, Biometric Data, Health Data, and Sexual

Orientation. The use of this data must be strictly controlled and encrypted. If it is not

essential no need to ask for it.

Data Controller: Global People and Culture Team Department

Data Processor: This is a person or tool contracted by you to carry out the processing

of the data (for example InitLive).

Affirmative Consent: You are required to explain what personal data is being collected,

how it will be used and the consequences of use to your volunteers. You will need to

be able to demonstrate that consent was knowingly and freely given; whatever method

you use to capture consent, you need proof that you have received it.

3. Who this Policy relates to

This policy applies to all volunteers engaged in activities supporting and delivering the

SDSN's Youth objectives. Members of staff are required to abide by an equivalent

policy.

In SDSN Youth Organization, we understand that legal requirements may be different

in all countries but we try to include as much as regulation policies as possible to

protect your personal data information.

4. Other Policies, Procedures, and/or Guidelines you need to read

All volunteers should read this Policy in conjunction with the SDSN's other data

protection and information security policies and guidance including the below:

5. Overview of this Policy

  • This Policy is written in line with global requirements regarding Data Protection

Policies and is designed to ensure we are all aware of and meet our responsibilities

towards SDSN's personal data.

  • The Data Protection principles mean that, to be lawful, the collection and use of

personal data that the SDSN Youth Organization collects must meet the following

criteria:

Lawfulness, fairness and transparency Wherever personal data is collected an individual is provided with information on why we are collecting the information, what we will do with it, how long we will retain that information, etc. In the case of recruitment, this is reflected in a Privacy Notice available via the application form.

Purpose limitation

There is always a legitimate ground to collect that data:

a) Consent (the individual wishes to be contacted)

b) Contract (to fulfill a contract)

c) Legal obligation (to fulfill a legal requirement)

d) Vital interest (to protect someone’s life) e) Public interest (to perform tasks in the public interest)

f) Legitimate interests to both the SDSN Youth Organization and that individual

Data minimization Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed.

Accuracy Personal data shall be accurate and, where necessary, kept up to date.

Storage limitation Personal data shall be kept in a form that permits identification of individuals for no longer than is necessary for the purposes for which they are processed.

Integrity & Confidentiality Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Control Volunteers will be able to request the personal data held on them. SDSN Youth Organization needs to provide it to them within 30 days of the request,

Accountability The SDSN Youth Organization shall be responsible for, and be able to demonstrate compliance with the general GDPR.