top of page
  • Facebook - Vit Circle
  • Instagram - Vit Circle

Data Privacy

The Arctic Research Group (“ARG”) is committed to protecting the privacy and confidentiality of personal data. This Data Privacy page provides our Data Protection Policy and a link to the website designer Privacy Policy.

Arctic Research Group Data Protection Policy

​Effective Date: 1st January 2026

1. Introduction

The Arctic Research Group (“ARG”) is committed to protecting the privacy and confidentiality of personal data. As part of our work, we collect, process, and store personal data about our supporters, volunteers, staff, donors, and beneficiaries. This Data Protection Policy sets out how we collect, use, store, and protect personal data in line with our obligations under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

2. Purpose of the Policy

The purpose of this policy is to ensure that the ARG complies with all legal requirements regarding the protection of personal data and ensures that any data held is managed appropriately and securely.

3. Scope

This policy applies to all employees, volunteers, trustees, and third parties who handle personal data on behalf of the charity.

4. Data Protection Principles

We will adhere to the following key principles of data protection:

  • Lawfulness, fairness, and transparency: We will process personal data in a lawful, fair, and transparent manner.

  • Purpose limitation: We will collect data for specified, legitimate purposes and will not process it in a way that is incompatible with those purposes.

  • Data minimisation: We will collect only the data that is necessary for our purposes and will ensure that data is kept up-to-date.

  • Accuracy: We will take reasonable steps to ensure that the personal data we process is accurate and kept up to date.

  • Storage limitation: We will not keep personal data for longer than is necessary for the purposes it was collected.

  • Integrity and confidentiality: We will ensure appropriate security measures are in place to protect personal data from unauthorised access, loss, or destruction.

  • Accountability: We will be responsible for ensuring that we comply with all data protection principles and will be able to demonstrate compliance when necessary.

5. Data Collection

We collect the following types of personal data:

  • Contact details (e.g., name, address, email, phone number)

  • Financial information (e.g., donation history, bank details for direct debits)

  • Demographic information (e.g., age, gender, occupation)

  • Volunteer details (e.g., CV, educational and employment history, references, emergency contact details, medical details)

We will only collect personal data that is necessary to carry out our activities, and we will ensure that individuals are aware of the types of data we collect, how it will be used, and the legal basis for processing.

6. Legal Basis for Processing Personal Data

We process personal data for the following lawful purposes:

  • Consent: Where an individual has given their consent for us to use their data.

  • Contractual necessity: Where processing is required to fulfill a contract with the individual (e.g., processing donations, managing volunteer roles).

  • Legal obligation: Where we are required to process personal data to comply with a legal obligation.

  • Legitimate interests: Where we have a legitimate interest in processing personal data, provided that this interest is not overridden by the individual’s rights and freedoms.

7. How We Use Personal Data

We will use personal data for the following purposes:

  • To communicate with supporters, donors, and volunteers

  • To process donations and manage fundraising campaigns

  • To recruit and manage volunteers or staff

  • To comply with legal and regulatory requirements (e.g., financial audits, safeguarding checks)

  • To send newsletters or updates about our work (only with consent)

8. Sharing Personal Data

We will not share personal data with third parties unless:

  • We are required to do so by law or regulation

  • We have explicit consent from the individual

  • The sharing is necessary to perform our functions (e.g., using a third-party service provider to process donations)

Where we do share data with third parties, we will ensure that they are compliant with data protection laws and that appropriate safeguards are in place to protect the data.

9. Data Retention

Personal data will only be retained for as long as necessary to fulfill the purpose for which it was collected. The retention period will vary depending on the type of data and the purpose for which it was collected. Once the data is no longer needed, it will be securely deleted or anonymized.

10. Security of Personal Data

We will take appropriate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or destruction. This includes:

  • Secure storage (e.g., encrypted files)

  • Regular data backups

  • Restricted access to personal data based on roles and responsibilities

  • Staff training on data protection

11. Data Subject Rights

Individuals whose personal data we process have the following rights:

  • Right to access: The right to request a copy of the personal data we hold.

  • Right to rectification: The right to correct any inaccurate or incomplete data.

  • Right to erasure (right to be forgotten): The right to request that we delete personal data under certain conditions.

  • Right to restriction of processing: The right to request that we limit the way we process personal data.

  • Right to data portability: The right to receive personal data in a structured, commonly used, and machine-readable format.

  • Right to object: The right to object to certain types of processing, such as marketing.

  • Rights related to automated decision-making and profiling: We do not carry out any automated decision-making or profiling.

To exercise these rights, individuals should contact us using the contact details provided below.

12. Data Breaches

In the event of a data breach, the ARG will:

  • Take immediate steps to contain and assess the breach

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of individuals

  • Notify affected individuals if the breach is likely to result in a high risk to their rights and freedoms

13. Changes to this Policy

We may update this Data Protection Policy from time to time. Any changes will be communicated to individuals and will be made available on our website.

14. Contact Information

If you have any questions about this policy or wish to exercise any of your rights, please contact:

Arctic Research Group

The Hollow, Penn Lane, Melbourne, United Kingdom, DE73 8EP

+44 7771 838753

steve@arcticresearchgroup.org

www.arcticresearchgroup.org

bottom of page