Data Protection Policy
From 25 May 2018 General Data Protection Regulation (GDPR) comes into force which imposes much tighter controls on how personal data is processed in the EU and also the UK (even after Brexit). According to GDPR ‘personal data’ means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. Of particular interest to us is 'Personal data that has been pseudonymised' (e.g. using a unofficial name or alias) as this can fall within the scope of GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
GDPR and how C2P operates
Members (Those who have registered as users of this network) provide a limited amount of personal data sufficient for they themselves to be identified and contacted i.e. their name, email and phone number. This information will be held securely for the legitimate purposes of running the network and will not be passed to any third party (i.e. anyone outside the member network).
When a referral is requested by a member acting as a sponsor, it is taken as understood that this involves passing the contact details of that individual member to another automatically selected member who may be able to act as a gatekeeper for the referral.
Members will be asked to opt-in to such communication as part of the registration process and also given the option to update their details or resign from the network both on-line and via a web link in all subsequent emails. Members of the network also have the legal right to be 'forgotten', and this will be done by the removal of their names and personal data from the database. However, the remaining internal member ID will be retained in order to maintain the integrity of the database and to facilitate the reporting of generic referral data.
Personal data of those being referred should not be entered into the C2P system. An alias, partial or even the full name of an returnee is not considered personal data without supporting data that would uniquely identify them. Therefore no such supporting data should be submitted or held in this system. The same could be said for someone's intended return city/district and month of arrival. Sponsors should however be careful NOT to provide additional specific detail that might allow an individual to be clearly identified.