Data Protection and Privacy Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data Protection and Privacy Policy"

Transcription

1 Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation. Conciliation Resources maintains certain personal data for the purposes of carrying out its aims and objectives as identified in its Memorandum and Articles of Association and to meet our operational needs and legal obligations. We recognise that this personal data, whether it is held on paper, electronically or in other form, is subject to the appropriate legal safeguards as specified in the UK Data Protection Act Conciliation Resources processes personal data on past, current, and prospective board members, staff, volunteers, donors, individuals and organisations we work with; and suppliers and others with whom we communicate. Attached to this policy are shorter guidelines covering Data Protection and Privacy (appendix 1) and the processing of information obtained via the Conciliation Resources website for marketing s (appendix 2). Conciliation Resources regards the lawful and correct treatment of personal information as very important and crucial to our successful operations. This involves taking precautions against physical loss or damage, and ensuring that access and disclosure are restricted. All staff are responsible for ensuring that: Any personal data held is kept securely; Personal information such as personal mobile phone numbers, personal social media handles or personal addresses, is not disclosed in anyway to any unauthorised third party, without the subject s consent - unless the information is already in the public domain (e.g. Twitter handles are mostly in the public domain). 2. Principles Conciliation Resources fully endorses and adheres to the eight principles of the UK Data Protection Act, These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Staff, volunteers or any other people or organisations associated or working with Conciliation Resources who obtain, handle, process, transport and store personal data for Conciliation Resources must adhere to these principles. The principles require that personal data shall: 1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met; 2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose; 3. Be adequate, relevant and not excessive for those purposes; 4. Be accurate and, where necessary, kept up to date; 5. Not be kept for longer than is necessary for that purpose; 6. Be processed in accordance with the data subject s rights; 7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures; Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 1 of 8

2 8. Not be transferred to a country unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 3. Satisfaction of Principles In order to meet the requirements of the principles, Conciliation Resources has in place appropriate management controls and use strict criteria to: Observe fully the conditions regarding the fair collection and use of personal data; Meet its obligations to specify the purposes for which personal data is used; Collect and process appropriate personal data only to the extent that it is needed to fulfill operational or any legal requirements; Ensure the quality and accuracy of personal data held to the best of Conciliation Resources ability; Apply strict checks to determine the length of time personal data is held; Ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act; Take the appropriate technical and organisational security measures to safeguard personal data; and Ensure that personal data is not transferred outside the EC without suitable safeguards. 4. Compliance with Data Protection Regulations Conciliation Resources is registered with the UK Information Commissioner (ICO) as a Data Controller on its public register of data controllers (Registration number Z ). As identified under the Data Protection Act, Conciliation Resources holds personal data for the following six purposes: Realising the objectives of Conciliation Resources; Staff administration; Advertising, marketing and public relations; Accounts and records; Administration of membership records; and Fundraising. The section below lists the sets of personal data that Conciliation Resources stores and details how the use of the data is in accordance with the Data Protection Act. The use of the data in all cases is in order to realise the charitable aims of Conciliation Resources. 5 Applying the Policy Any breach of this policy will be taken seriously and may result in disciplinary action up-to and including dismissal. Any questions or concerns about the interpretation or operation of this policy should be raised with the Director of Operations, who is Conciliation Resources designated Data Controller. As every staff member or volunteer is expected to use Conciliation Resources databases, they are expected to adhere to the policy at all times. Any staff member or volunteer who believes that the policy has not been followed in respect of their own personal data should raise the matter with their Line Manager in the first instance, or if they are not available with the Director of Operations. Each database has a designated person responsible for the implementation of the Data Protection Policy in relation to that particular database. Members of staff who wish to use the data for mailings may do so only with the authority of the person responsible for the particular database, who will ensure compliance with this policy. The persons responsible for each database or set of personal information is as follows: Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 2 of 8

3 Contacts, Donors and Projects Database Director of Operations Web Sign-ups Communications Manager Personnel Director of Operations Recruitment Director of Operations Any request from a person asking to be removed from a mailing list or database or any other related enquiry should be forwarded to the responsible person, named above, who is responsible for ensuring any request is actioned or enquiry responded to. Any request will normally be completed within 30 calendar days. Any enquiries will be responded to in accordance with the Open Information Policy (P/11/12). Requests for access to personal information Conciliation Resources aims to comply with requests for access to personal information as quickly as possible, and will ensure that it is provided within 30 days of receipt of a request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request. 6. Conciliation Resources Databases Conciliation Resources Contacts Database For its own activities Conciliation Resources maintains a database of contact information about individuals and organisations that is password-protected and only accessible to Conciliation Resources staff (and office-based consultants/volunteers). This database includes people s name, address, address, telephone/fax number(s), job title and employer, plus details of their involvement with Conciliation Resources including funding, events attended and the context in which the information is held, (eg a mediator in a conflict). The information does not constitute sensitive personal data 1 as defined by the 1998 Act. However, in some cases, where such information (about health, ethnicity or gender), is processed, it is purely done for the purpose of monitoring Conciliation Resources policies, such as health and safety or equal opportunities or for the purpose of pursuing the charitable aims of the organisation. Professional and other contacts are added to this database, as and when, using information from a business card or other exchange of contact details, that Conciliation Resources staff have received during business contact with the individual. They are not sent unsolicited mass communications, for example, to publicise an event or Conciliation Resources news, unless they have indicated they would like to receive these mass mailings via Conciliation Resources website. Staff should not add or keep personal data that may be defamatory or inappropriate for the purpose for which the data is kept. Contacts may directly ask, or use the unsubscribe option in any of Conciliation Resources mass s, for their details to be removed from any of Conciliation Resources databases. Details are also removed when they are believed to be invalid or no further use to Conciliation Resources. Third Party e-bulletin system Conciliation Resources sends mass s about its news and latest work via a third party e-bulletin system, currently MailChimp. Users indicate their preferences to receive these s by actively subscribing via the Conciliation Resources website. These preferences are stored in the MailChimp database 2 and copied to the Conciliation Resources Contacts Database. All recipients are given the opportunity to opt-out of these 1 Sensitive personal data is defined as personal data consisting of information about racial or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health or condition, sexual life, criminal proceedings or convictions. 2 MailChimp only has access to names and addresses of people signed up to receive mailings from Conciliation Resources none of which will be shared with a third party. Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 3 of 8

4 communications at any time via an unsubscribe link contained in every e-bulletin. Conciliation Resources Publications For purposes of distribution of printed publications, postal addresses of recipients are shared with a mail house under a strict written agreement which prevents the sharing and secure storage of personal data. Only the PPC Programme Officer or a staff member providing cover for that role is authorised to share the postal addresses of Accord recipients with the company that handles distribution of Conciliation Resources publications. Likewise, only the designated staff member coordinating a mailing of any programme publication (not Accord-related) is authorised to share the postal addresses of recipients with the company handling distribution of the publication. Recruitment Conciliation Resources gathers personal data for the purpose of staff recruitment. Data obtained through recruitment is not used for any other purpose. Only relevant personal information is gathered through the application form, and candidates are informed that the personal information obtained through the form will be used according to this policy. Applicants are informed if any of the data they supply is to be checked. Information is kept secure and not disclosed to a third party except those involved in the recruitment process. Staff involved in recruitment are aware of data protection regulations and are required to handle personal information with sensitivity. Application forms of unsuccessful short-listed candidates are destroyed after twelve months of the position being filled and all score sheets and interview notes are to be passed on to the Director of Operations who will keep them securely for a period of twelve months. Electronic versions of application forms of unsuccessful short-listed candidates are also be deleted after twelve months of the position being filled. Personnel Personal information about staff, consultants and volunteers is processed primarily for statutory HR purposes. Such information includes (where applicable) contact details, next of kin details, bank account data for salary payment, time taken off for sickness, leave, etc. Accident information is kept in a Health & Safety Accident Register maintained by the Operations Officer and kept in Core and Ops. All personal information about staff, whether maintained electronically or manually, is only accessible to the person s direct Line Manager and other appropriate staff as identified in other policies and procedures. At the point that a staff member, consultant or volunteer leaves Conciliation Resources we will seek their permission to maintain their personal contact information on our contacts database. Contact information may continue to be held if the person wishes to be kept informed of Conciliation Resources work. Basic contact information (ie address) is required until at least the end of the financial year in order to send P60s to former staff. Sensitive personal data, if collected at all, is only for the purpose of monitoring HR policies such as Diversity and Inclusion policy. All other Personnel records are managed in accordance with Conciliation Resources Retention of Records Policy. Staff leaving Conciliation Resources are subject to the confidentiality clause in their employment contract whereby they are prohibited from disclosing any confidential information to which they may have had access during their employment at Conciliation Resource. Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 4 of 8

5 7. Access to data Staff, volunteers and other subjects of personal data held by Conciliation Resources have the right to access any personal data that is being kept about them in electronic form. They also have access to paper-based data held in physical filing systems. Any person who wishes to exercise this right should make the request in writing to the Director of Operations. Conciliation Resources reserves the right to charge a modest fee payable for each subject access request. If personal details are inaccurate, they will be amended upon receipt of a written request detailing the inaccuracies that need to be corrected along with the correct information. The computer systems and all information held on them remain Conciliation Resources property at all times. A staff member s , files or telephone messages may be accessed in their absence by another member of staff if necessary for Conciliation Resources activities and with the permission of the Line Manager or, if unavailable, an EMC Director. Computer hard drives and server accounts are also accessed by IT staff for maintenance and admin purposes. 8. Retention of Data Conciliation Resources will keep some forms of information for longer than others. As part of our Risk Management Strategy, Conciliation Resources carries out regular backups of data held on its internal databases and of files held on its server such as s and document files. The backups are either done externally or on our servers on a regular basis and at any point in time, data that is up to two years old can be retrieved. Only designated staff have access to the old data. In the event that data is restored from the backup the staff member carrying out the procedure must be sensitive to the data protection implications of this action. 9. Data Protection/Privacy Statement For the purposes of this policy, to safeguard individual privacy, various statements will be used in the communications. These are as follows: For all s sent from a Conciliation Resources address This is intended only for the named addressee(s) and may contain confidential and/or privileged material. If you have received this in error, please notify Conciliation Resources immediately on and delete the message. For e-bulletins (MailChimp system) You are receiving this because you subscribed via the Conciliation Resources website ( or expressed an interest in receiving such mailings. The above statement appears next to an unsubscribe from this list option and an update subscription preferences option, where users can decide on which types of mailings they want to receive, eg programme-specific, job opportunities. June 2013 Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 5 of 8

6 Appendix 1 Data Protection and Privacy Policy: Guidelines for staff Conciliation Resources is registered with the UK Information Commissioner (ICO) as a Data Controller on the public register of data controllers. We meet the requirements of the Data Protection Act 1988 and have our own detailed policy in place (see Data Protection and Privacy Policy). The following guidelines are provided for staff as a quick guide to complying with this policy: 1. Contacts Database a. Do not enter personal data that may be considered, or is, defamatory or inappropriate for the purpose served by the contacts database. Inappropriate data includes information about racial or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health or condition, sexual life, criminal proceedings or convictions. b. Be attentive to previous comments in the Contacts Database and ensure that comments are deleted or edited as required. c. If a contact asks for their details to be removed from the database, this request must be passed on to the person responsible for the relevant database (see section 5 of the Data Protection Policy). If the contact is subscribed to Conciliation Resources ing lists (via website sign-up, information is recorded on the contacts database), the staff member who receives the request must inform the Communications Manager so that they can be unsubscribed. d. Staff must not give out personal information, eg personal telephone numbers, personal addresses, or personal social media handles without permission of the individual concerned, or unless the information is already in the public domain. 2. Conciliation Resources Publications a. Only the PPC Programme Officer or a staff member providing cover for that role is authorised to share the postal addresses of Accord recipients with the company that handles distribution of Conciliation Resources publications. b. Likewise, only the designated staff member coordinating a mailing of any programme publication (not Accord-related) is authorised to share the postal addresses of recipients with the company handling distribution of the publication. 3. Recruitment a. Information provided by individuals on application forms can only be kept on a Conciliation Resources database if the applicant gives permission for that data to be retained. b. Staff involved in recruitment should ensure personal information is handled with sensitivity. c. Paper application forms of unsuccessful short-listed candidates must be shredded within twelve months of the position being filled along with any score sheets and interview notes. These should be passed to the Director of Operations or Operations Officer who will keep them securely for the period. d. Electronic versions of application forms of unsuccessful short-listed candidates will also be deleted twelve months after the position has been filled. 4. Personnel a. Personal information about staff, consultants and volunteers is processed primarily for statutory HR purposes and should only be available to the staff member concerned, their Line Manager, the Operations Officer or the Director of Operations. No such information should be kept on Shared Files or in the contacts database. Conciliation Resources HR information system is the web based Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 6 of 8

7 Appendix 1 BreatheHR. b. Staff leaving Conciliation Resources are subject to the confidentiality clause in their employment contract whereby they are prohibited from disclosing any confidential information that they may have had access to during their employment at Conciliation Resources. c. Staff leaving Conciliation Resources are entitled to employment references. Personal information relating to Standards of Conduct policies/procedures will be kept on the HR files for the duration stated in those policies or the Retention of Records policy. 5. Information on computers a. The computer systems and all information held on them remain Conciliation Resources property at all times. Staff must not make or keep copies of any Conciliation Resources database on a computer that does not belong to Conciliation Resources. Staff who leave Conciliation Resources must not make or keep copies of any Conciliation Resources database. b. Any non-business-related data stored on Conciliation Resources computer systems (such as personal photographs or music) may be deleted at any time; it is the staff member s responsibility to back up such data if desired. c. A staff member s , files or telephone messages may be accessed by another member of staff if necessary for Conciliation Resources activities and with the permission of the Line Manager or, in their absence, an EMC Director. IT staff have access to all desktops (ie they can see your screen), your s, the contents of desktop and laptop computers including hard drives, and all data stored on Conciliation Resources servers, domain and cloud-based storage, for maintenance, security and admin purposes. 6. Signatures in electronic communications a. The following appears as a footer in all s sent from Conciliation Resources addresses to addresses outside the Conciliation Resources domain: This is intended only for the named addressee(s) and may contain confidential and/or privileged material. If you have received this in error, please notify Conciliation Resources immediately on and delete the message. b. For e-bulletins You are receiving this because you subscribed via the Conciliation Resources website or expressed an interest in receiving such mailings. This statement appears next to an unsubscribe from this list option and an update subscription preferences option, where users can decide on which types of mailings they want to receive, eg programme-specific, job opportunities 7. Applying the Policy a. Any breach of this policy will be taken seriously and may result in formal action upto including dismissal. Any questions or concerns about the interpretation or operation of this policy should be raised with the Director of Operations, who is Conciliation Resources designated Data Controller. June 2013 Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 7 of 8

8 Appendix 2 Mass s: Guidelines for staff Conciliation Resources adheres to the legal framework outlined by the Information Commissioner s Office (ICO) for marketing s. Our approach also ensures relevant and regular outreach to promote our messages. ing contacts These guidelines do not affect the day-to-day ing of your contacts, which you should do from your Conciliation Resources account. You can send s in this way to groups of contacts together, as long as there is a mutual understanding of relevance to all recipients (ie you are not spamming 3 people) eg joint working on projects, organising small meetings. To larger groups of contacts to highlight recent news or with event invitations, the mailing must be done via the Communications Team using the third party e-bulletin system. Mass s You cannot opt contacts in to receive marketing s from Conciliation Resources they must choose to opt-in. You can help your contacts opt-in to receive mass s by filling out their name and address on this page of our website: o Select Conciliation Resources E-News plus the programme/interest area they have. o The contact will be sent an automatically generated explaining they have been added to our subscriber list following some recent communication they would have had with Conciliation Resources. They will be asked to confirm their subscription by clicking on a link. o You will be able to find out if the contact has agreed to the subscription by checking the contact entry on Conciliation Resources Contacts database, which is updated monthly by the IT Officer for new or amended preferences. o If they do not confirm the subscription, we cannot send mass s to them. You can them personally if you wish. You must not help people subscribe to mass mailings if you have not had any personal contact with them. The ICO would consider this as spamming and would investigate Conciliation Resources if we were found to be doing this. The complaint systems on third party e-bulletin platforms are now very rigorous to prevent spamming. Tips If you have large lists of contacts who you think should be subscribed to Conciliation Resources mailings (but the list is too long to make subscribing them individually viable), contact the Communications Team to discuss the options. If you know you will want to send a mass to a considerable number of people you have had no previous personal contact with, you will need to build an approach to tackle this into your forward planning time. You should personally each contact as soon as possible to explain what you would like to them about and that you would like to initiate the subscription process. If they agree, follow the subscription steps in Mass s above to help them subscribe to the mailing. You must continue to add contacts to Conciliation Resources contacts database as well as following the subscription steps above to continue to build Conciliation Resources organisational knowledge. June Spam is unsolicited s sent to groups of people. You are spamming individuals when they did not consent to receiving group s. Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 8 of 8

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each; DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Data Protection and Data security Policy

Data Protection and Data security Policy Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

HOW WE USE YOUR INFORMATION

HOW WE USE YOUR INFORMATION HOW WE USE YOUR INFORMATION This privacy notice tells you what to expect when University of Essex Students Union (referred to as the SU herein) collects personal information. It applies to information

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

E-SAFETY POLICY 2014/15 Including:

E-SAFETY POLICY 2014/15 Including: E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

Data Protection Good Practice Note

Data Protection Good Practice Note Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection

More information

Human Resources Policy No. HR46

Human Resources Policy No. HR46 Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

MIS Privacy Statement. Our Privacy Commitments

MIS Privacy Statement. Our Privacy Commitments MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

The Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation

The Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation The Impact on Marketing-Related Activities of the Data Protection Audience 1. This guidance is intended for all University staff who maintain or use database of contacts for marketing purposes, including

More information

Data protection policy

Data protection policy Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS

START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS Table of Contents 1. ABOUT THIS POLICY... 3 2. WHO WE ARE AND WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA... 3 3. WHERE WE COLLECT YOUR PERSONAL

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

ESTRO PRIVACY AND DATA SECURITY NOTICE

ESTRO PRIVACY AND DATA SECURITY NOTICE ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

Privacy Policy and Disclosure Statement

Privacy Policy and Disclosure Statement Privacy Policy and Disclosure Statement 1. Introduction 1.1 From time to time Pinnacle People (ABN: 813 790 665 06) ("the Company") is required to collect, hold, use and/or disclose personal information

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Zinc Recruitment Pty Ltd Privacy Policy

Zinc Recruitment Pty Ltd Privacy Policy 1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion Policy Relevant to Responsible officer Contact officer Authorisation Date introduced March 2014 Effective date of latest version March 2014 Next review date March 2017 Relevant legislation or source Board

More information

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0 PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner

More information

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Privacy Policy Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Revised Date: 11/01/2008 26/08/2011 19/03/2013 14/02/2014 Review Date: 14/02/2016 PLEASE NOTE: Version control for this document

More information

10 DATABASE PRACTICE

10 DATABASE PRACTICE 10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY [Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

AASA Online Privacy Policy CRP.020

AASA Online Privacy Policy CRP.020 Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Privacy Policy Draft

Privacy Policy Draft Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Data Protection for Charities

Data Protection for Charities Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Data Protection Policy

Data Protection Policy 1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.

More information

Privacy Policy First National Real Estate Cremorne ACN 32096182571

Privacy Policy First National Real Estate Cremorne ACN 32096182571 Privacy Policy First National Real Estate Cremorne ACN 32096182571 First National Group of Independent Real Estate Agents Limited 1 Contents Privacy Statement... 3 Overview... 3 Collection of your personal

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Kinds of information that the Company collects and holds

Kinds of information that the Company collects and holds Privacy Policy Verandah Bar & Bistro Pty Limited Introduction 1. From time to time Verandah Bar and Bistro Pty Ltd ("the Company") is required to collect, hold, use and/or disclose personal information

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

PRIVACY POLICY. Privacy Statement

PRIVACY POLICY. Privacy Statement PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Data Protection Consent Clause and Policy Background

Data Protection Consent Clause and Policy Background Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

Policies, Procedures & Guidelines

Policies, Procedures & Guidelines Policies, Procedures & Guidelines Management Guidance On the Storage and Disposal of Employee Personnel Files Issue Number: 1 Originated by: Human Resource Department Ratified by: SMT & JSPC Agreed by:

More information

Access to Information: Data Protection and Freedom of Information

Access to Information: Data Protection and Freedom of Information Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles

More information