1. Why we have this Policy
At SDSN Youth, we're committed to respecting your privacy. The SDSN Youth need to collect and use certain types of information about people (personal data) with whom we deal in order to operate and carry out our legitimate purposes. This Data Protection Policy and Privacy Notice provide information about data protection and how it applies to the internal staff of SDSN Youth, its volunteers, and its potential recruited volunteers, together with providing the steps to be taken by Human Resources Business Partners who have access to or store the personal data of individuals with whom the SDSN Youth Program has or may have a professional relationship.
2. GDPR definitions you should know:
Personal Data: Any information relating to an identified or identifiable natural person
(in this case, the volunteers).
Sensitive Data: This includes Race/ethnicity, Political Opinions, Religious/Philosophical
Beliefs, Union Membership, Genetic Data, Biometric Data, Health Data, and Sexual
Orientation. The use of this data must be strictly controlled and encrypted. If it is not
essential no need to ask for it.
Data Controller: Global People and Culture Team Department
Data Processor: This is a person or tool contracted by you to carry out the processing
of the data (for example InitLive).
Affirmative Consent: You are required to explain what personal data is being collected,
how it will be used and the consequences of use to your volunteers. You will need to
be able to demonstrate that consent was knowingly and freely given; whatever method
you use to capture consent, you need proof that you have received it.
3. Who this Policy relates to
This policy applies to all volunteers engaged in activities supporting and delivering the
SDSN's Youth objectives. Members of staff are required to abide by an equivalent
In SDSN Youth Organization, we understand that legal requirements may be different
in all countries but we try to include as much as regulation policies as possible to
protect your personal data information.
4. Other Policies, Procedures, and/or Guidelines you need to read
All volunteers should read this Policy in conjunction with the SDSN's other data
protection and information security policies and guidance including the below:
5. Overview of this Policy
Policies and is designed to ensure we are all aware of and meet our responsibilities
towards SDSN's personal data.
personal data that the SDSN Youth Organization collects must meet the following
Lawfulness, fairness and transparency
Wherever personal data is collected an individual is provided with information on why we are collecting the information, what we will do with it, how long we will retain that information, etc. In the case of recruitment, this is reflected in a Privacy Notice available via the application form.
There is always a legitimate ground to collect that data:
a) Consent (the individual wishes to be contacted)
b) Contract (to fulfill a contract)
c) Legal obligation (to fulfill a legal requirement)
d) Vital interest (to protect someone’s life) e) Public interest (to perform tasks in the public interest)
f) Legitimate interests to both the SDSN Youth Organization and that individual
Personal data shall be adequate, relevant and limited to what is necessary to the purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data shall be kept in a form that permits identification of individuals for no longer than is necessary for the purposes for which they are processed.
Integrity & Confidentiality
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Volunteers will be able to request the personal data held on them. SDSN Youth Organization needs to provide it to them within 30 days of the request,
The SDSN Youth Organization shall be responsible for, and be able to demonstrate compliance with the general GDPR.