GDPR Notice
MCKS Charitable Food Pantry

MCKS Charitable Food Pantry (the Company) is registered with the Information Commissioner’s Office (ICO) as a data controller and is committed to protecting your personal data and working in accordance with all relevant data protection legislation.

What is the GDPR Notice for

This GDPR Notice is intended to provide information about how the Company will use (or “process”) personal data about individuals including: its current, past and prospective clients.  This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Clients are encouraged to read this notice.

Responsibility for Data Protection

The Company Director has overall responsibility for ensuring that the Pantry comply with all relevant Data Protection obligations, including the collection of data, the storing of data and how this data is used. 

Sarah Kingston is our Data Protection Officer and has responsibility for dealing with any data information requests, data breaches and ensuring our staff are trained to be fully compliant.  (To make an information request please email:

Why do we need to process personal data?

In order to conduct its ordinary duties to clients, the Pantry will need to process a wide range of personal data about, prospective, past and current clients as part of its daily operation.   Some of this information is required to fulfil legal rights, duties or obligations.

The Pantry will collect personal information including, but not limited to the following:

  • To have information on the client to allow us to care for them safely and effectively
  • To hold information on family members to allow us to care for them safely and effectively

Types of Personal Data Processed by the Pantry

This will include by way of example:

  • Names, addresses, telephone numbers
  • Details regarding family members within the same household as the primary client.
  • Reasons for membership of the pantry
  • Attendance records
  • Details of any accidents or incidents that happen on the Pantry premises.
  • Texting of messages via our text messaging service

How the data is collected

In most instances the clients data is provided on the first visit to the pantry. 

Clients are asked to provide us with any updates to this data on a regular basis and to validate the information we hold on them every six months.

In some cases, personal data may be supplied by third parties (for example other professionals or authorities working with the client)

Who has access to the data and who do we share it with

Staff and volunteers within the Pantry who are providing a service for you child will have access to your personnel records.  

Occasionally, the Pantry will need to share personal information with the following:

  • Schools
  • Local Authorities
  • Medical professionals
  • Hospitals and Doctors surgeries
  • Legal/Courts & Bailiffs
  • Police

How long we keep personal data

The Pantry will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason.

Accident and Incident Forms – 22 years

RIDDOR forms – 22 years

Complaints Records – 3 years

Client’s membership information – 2 years from leave date

If you have any specific queries about our data retention, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Data Protection Officer. Please bear in mind that the Pantry will often have lawful and necessary reasons to hold on to some personal data even following such request.

Rights of Access

Individuals have various rights under Data Protection Law to access and understand personal data about them and their child held by the Company, and in some cases ask for it to be erased or amended or have it transferred to others.

Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Data Protection Officer.

The Data Protection Officer will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits (which is one month in the case of requests for access to information).

You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege.