Lawful, fair and transparent processing - we only use user data for purposes related to their experience on our platform, and we provide clear and transparent explanations of how user data is accessed and utilized.
Limitation of purpose, data and storage - no personal data, other than what is necessary, be requested, and user data is deleted once the legitimate purpose for which it was collected is fulfilled.
Data subject rights - users have the right to ask how their data will be used.
Consent - clear and explicit consent must be asked from each user. Once collected, this consent must be documented, and all users are allowed to withdraw his consent at any moment.
Personal data breaches - SCHS maintains a Personal Data Breach Register to document any cases of data breaches, and users will be informed of any data breaches within 72 hours of identifying the breach.
Privacy by Design - SCHS utilizes technical mechanisms to protect personal data in the design of our systems and processes, by default.
Data Protection Impact Assessment - SCHS conducts a Data Protection Impact Assessment when initiating a new significant changes or products, relating to processing of personal data.
Data transfers - SCHS ensures that personal data is protected and GDPR requirements respected, even if processing is being done by a third party.
Timely personal data deletion - if a user requests to have their account and all personally identifying data deleted from our platform, the SCHS follows the GDPR "right to be forgotten" and "storage limitation" principles, in that we notify the user of the action planned (within 30 days, usually within 24 hours) to ensure that the deletion request is honored without undue delay.
Awareness and training - SCHS creates awareness among its affiliates and volunteers about key GDPR requirements.