The Peace and Hope Trust stores the following information about all its contacts:

Full name, mail address, email address, Gift Aid status (yes or no), total gift aided by tax year.

We also store distribution lists of all contacts’ email addresses for various communications such as
Prayer Lists, Calendars, team coordination etc.

The main data set of contact details is stored on the office network in Newent, which is password-
protected and is not accessible except in the office itself – there is no remote access, and therefore
theft of the hardware is the only feasible risk of compromising the data. The paper storage of data is
restricted to the office. Copies are routinely taken to the Administrator’s laptop which is also
password-protected. None of the data are routinely encrypted as the risk is low.

All of the Trust’s communications, photos and distribution lists are held in the same fashion.

For our teams of volunteers visiting Nicaragua we store medical information which might impact
treatment during their trip, we may share it with team leaders and medical professionals, and we
retain that information up to 7 years in case of any insurance claims. We also store passport details
to facilitate flight bookings, and these details are passed electronically to a volunteer who performs
this task from their home laptop.

The related accounting entries (particularly of note, for personal bank donations by individuals to
the trust) are held by the Trust’s accountant on a password-protected computer at the accountant’s
home address.

The main justification for holding this data is the consent of the Trust’s contacts. Any person who
wishes to remove their details from the electronic files is advised to contact the office, who will
delete the data. The main exception is in the case of tax-related details, for those who have donated
with Gift Aid; the Trust is obliged to hold that information for 7 years in case HMRC choose to
investigate or challenge data based on the electronic files we hold.

We periodically review our list of contacts to extract those who are known to have moved away
without forwarding addresses, or have died. We take routine precautions such as Blind Copying of
emails in order to protect our email distribution lists. We do not pass personal information to
anyone outside of the Trust, and our office staff are trained to protect the data.

Our Data Protection Officer is Stephen Ind, the CEO.