Data Protection Policy
New Priestwood Community Association
Data Protection Policy
The New Priestwood Community Association recognises that it has statutory obligations under the Data Protection Act 1998 to maintain accurate data safe from unauthorised use and access. The document sets out the procedures that the Association will undertake to ensures that it complies with its legal obligations.
The New Priestwood Community Association has identified the Secretary as the person responsible for the Data Protection Policy. The Secretary will be responsible for the managing the promotion and use of the policy within the organisation.
Trustees will be responsible for ensuring that the policy is complied with by the organisation. All organisations using the premises will be expected to follow the principles of the policy.
The policy will be reviewed at two year intervals or sooner, if relevant legislation changes.
The New Priestwood Community Association will register with the Data Protection Commission if the information they store requires this.
Collecting and storing data
Only data that assists and furthers the meeting of objectives of the New Priestwood Community Association will be collected and stored. This will include membership details and individual contact details. When data is collected the organisation will inform the individual of the purpose and use of this data.
No unauthorised transmission of data regarding an individual will be transferred from one person to another person/organisation without that person’s knowledge. Information transfer out of the organisation will require specific consent.
Data from telephone conversations will be hand written records only. Data no longer required will be deleted.. Membership data will be held only whilst membership is current. On termination of membership the information relating to that member will be deleted entirely unless this information falls under other laws which may take priority. These include:
Injury, accident or incident.
Fire Drill Records
Any data collected on children or young people will be with the knowledge and permission of the person with their parental responsibility.
Staff (including seconded or contracted), Trustees or volunteers who have authorised access to personal data should not use or disclose information in any manner that is incompatible with the purpose for which it is being held. Failure to comply with the above requirements may result in disciplinary action as outlined in the trustee code of conduct.
Personal Data will not be shared or sold to any other person.
This policy is awaiting approval.
Signed: Annette Mason Centre Manager
Review due on: 22nd May 2018
General Data Protection Regulation (GDPR)
You have the right to be removed from our mailing list at any time. You also have the right to be forgotten. Forgotten means that we will delete all your personal information from all of our records. Please let us know at any time if you wish to be removed from our contact list or would like to be forgotten. There may be a time where we cannot remove you entirely this could be that during the course of our work with you, we may be alerted to a safeguarding concern. If this is the case we may have to pass this information onto the local authority safeguarding team, police or other statutory party without your permission. Where it is safe to do so we will make this clear to you at the time. You have the right to request what information we have about you. If you would like to know, please ask us. You also have a right to update or correct this information where it is out of date or incorrect.