Data Protection and Privacy Policy
|
|
- Betty Caldwell
- 8 years ago
- Views:
Transcription
1 Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation. Conciliation Resources maintains certain personal data for the purposes of carrying out its aims and objectives as identified in its Memorandum and Articles of Association and to meet our operational needs and legal obligations. We recognise that this personal data, whether it is held on paper, electronically or in other form, is subject to the appropriate legal safeguards as specified in the UK Data Protection Act Conciliation Resources processes personal data on past, current, and prospective board members, staff, volunteers, donors, individuals and organisations we work with; and suppliers and others with whom we communicate. Attached to this policy are shorter guidelines covering Data Protection and Privacy (appendix 1) and the processing of information obtained via the Conciliation Resources website for marketing s (appendix 2). Conciliation Resources regards the lawful and correct treatment of personal information as very important and crucial to our successful operations. This involves taking precautions against physical loss or damage, and ensuring that access and disclosure are restricted. All staff are responsible for ensuring that: Any personal data held is kept securely; Personal information such as personal mobile phone numbers, personal social media handles or personal addresses, is not disclosed in anyway to any unauthorised third party, without the subject s consent - unless the information is already in the public domain (e.g. Twitter handles are mostly in the public domain). 2. Principles Conciliation Resources fully endorses and adheres to the eight principles of the UK Data Protection Act, These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Staff, volunteers or any other people or organisations associated or working with Conciliation Resources who obtain, handle, process, transport and store personal data for Conciliation Resources must adhere to these principles. The principles require that personal data shall: 1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met; 2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose; 3. Be adequate, relevant and not excessive for those purposes; 4. Be accurate and, where necessary, kept up to date; 5. Not be kept for longer than is necessary for that purpose; 6. Be processed in accordance with the data subject s rights; 7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures; Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 1 of 8
2 8. Not be transferred to a country unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 3. Satisfaction of Principles In order to meet the requirements of the principles, Conciliation Resources has in place appropriate management controls and use strict criteria to: Observe fully the conditions regarding the fair collection and use of personal data; Meet its obligations to specify the purposes for which personal data is used; Collect and process appropriate personal data only to the extent that it is needed to fulfill operational or any legal requirements; Ensure the quality and accuracy of personal data held to the best of Conciliation Resources ability; Apply strict checks to determine the length of time personal data is held; Ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act; Take the appropriate technical and organisational security measures to safeguard personal data; and Ensure that personal data is not transferred outside the EC without suitable safeguards. 4. Compliance with Data Protection Regulations Conciliation Resources is registered with the UK Information Commissioner (ICO) as a Data Controller on its public register of data controllers (Registration number Z ). As identified under the Data Protection Act, Conciliation Resources holds personal data for the following six purposes: Realising the objectives of Conciliation Resources; Staff administration; Advertising, marketing and public relations; Accounts and records; Administration of membership records; and Fundraising. The section below lists the sets of personal data that Conciliation Resources stores and details how the use of the data is in accordance with the Data Protection Act. The use of the data in all cases is in order to realise the charitable aims of Conciliation Resources. 5 Applying the Policy Any breach of this policy will be taken seriously and may result in disciplinary action up-to and including dismissal. Any questions or concerns about the interpretation or operation of this policy should be raised with the Director of Operations, who is Conciliation Resources designated Data Controller. As every staff member or volunteer is expected to use Conciliation Resources databases, they are expected to adhere to the policy at all times. Any staff member or volunteer who believes that the policy has not been followed in respect of their own personal data should raise the matter with their Line Manager in the first instance, or if they are not available with the Director of Operations. Each database has a designated person responsible for the implementation of the Data Protection Policy in relation to that particular database. Members of staff who wish to use the data for mailings may do so only with the authority of the person responsible for the particular database, who will ensure compliance with this policy. The persons responsible for each database or set of personal information is as follows: Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 2 of 8
3 Contacts, Donors and Projects Database Director of Operations Web Sign-ups Communications Manager Personnel Director of Operations Recruitment Director of Operations Any request from a person asking to be removed from a mailing list or database or any other related enquiry should be forwarded to the responsible person, named above, who is responsible for ensuring any request is actioned or enquiry responded to. Any request will normally be completed within 30 calendar days. Any enquiries will be responded to in accordance with the Open Information Policy (P/11/12). Requests for access to personal information Conciliation Resources aims to comply with requests for access to personal information as quickly as possible, and will ensure that it is provided within 30 days of receipt of a request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request. 6. Conciliation Resources Databases Conciliation Resources Contacts Database For its own activities Conciliation Resources maintains a database of contact information about individuals and organisations that is password-protected and only accessible to Conciliation Resources staff (and office-based consultants/volunteers). This database includes people s name, address, address, telephone/fax number(s), job title and employer, plus details of their involvement with Conciliation Resources including funding, events attended and the context in which the information is held, (eg a mediator in a conflict). The information does not constitute sensitive personal data 1 as defined by the 1998 Act. However, in some cases, where such information (about health, ethnicity or gender), is processed, it is purely done for the purpose of monitoring Conciliation Resources policies, such as health and safety or equal opportunities or for the purpose of pursuing the charitable aims of the organisation. Professional and other contacts are added to this database, as and when, using information from a business card or other exchange of contact details, that Conciliation Resources staff have received during business contact with the individual. They are not sent unsolicited mass communications, for example, to publicise an event or Conciliation Resources news, unless they have indicated they would like to receive these mass mailings via Conciliation Resources website. Staff should not add or keep personal data that may be defamatory or inappropriate for the purpose for which the data is kept. Contacts may directly ask, or use the unsubscribe option in any of Conciliation Resources mass s, for their details to be removed from any of Conciliation Resources databases. Details are also removed when they are believed to be invalid or no further use to Conciliation Resources. Third Party e-bulletin system Conciliation Resources sends mass s about its news and latest work via a third party e-bulletin system, currently MailChimp. Users indicate their preferences to receive these s by actively subscribing via the Conciliation Resources website. These preferences are stored in the MailChimp database 2 and copied to the Conciliation Resources Contacts Database. All recipients are given the opportunity to opt-out of these 1 Sensitive personal data is defined as personal data consisting of information about racial or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health or condition, sexual life, criminal proceedings or convictions. 2 MailChimp only has access to names and addresses of people signed up to receive mailings from Conciliation Resources none of which will be shared with a third party. Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 3 of 8
4 communications at any time via an unsubscribe link contained in every e-bulletin. Conciliation Resources Publications For purposes of distribution of printed publications, postal addresses of recipients are shared with a mail house under a strict written agreement which prevents the sharing and secure storage of personal data. Only the PPC Programme Officer or a staff member providing cover for that role is authorised to share the postal addresses of Accord recipients with the company that handles distribution of Conciliation Resources publications. Likewise, only the designated staff member coordinating a mailing of any programme publication (not Accord-related) is authorised to share the postal addresses of recipients with the company handling distribution of the publication. Recruitment Conciliation Resources gathers personal data for the purpose of staff recruitment. Data obtained through recruitment is not used for any other purpose. Only relevant personal information is gathered through the application form, and candidates are informed that the personal information obtained through the form will be used according to this policy. Applicants are informed if any of the data they supply is to be checked. Information is kept secure and not disclosed to a third party except those involved in the recruitment process. Staff involved in recruitment are aware of data protection regulations and are required to handle personal information with sensitivity. Application forms of unsuccessful short-listed candidates are destroyed after twelve months of the position being filled and all score sheets and interview notes are to be passed on to the Director of Operations who will keep them securely for a period of twelve months. Electronic versions of application forms of unsuccessful short-listed candidates are also be deleted after twelve months of the position being filled. Personnel Personal information about staff, consultants and volunteers is processed primarily for statutory HR purposes. Such information includes (where applicable) contact details, next of kin details, bank account data for salary payment, time taken off for sickness, leave, etc. Accident information is kept in a Health & Safety Accident Register maintained by the Operations Officer and kept in Core and Ops. All personal information about staff, whether maintained electronically or manually, is only accessible to the person s direct Line Manager and other appropriate staff as identified in other policies and procedures. At the point that a staff member, consultant or volunteer leaves Conciliation Resources we will seek their permission to maintain their personal contact information on our contacts database. Contact information may continue to be held if the person wishes to be kept informed of Conciliation Resources work. Basic contact information (ie address) is required until at least the end of the financial year in order to send P60s to former staff. Sensitive personal data, if collected at all, is only for the purpose of monitoring HR policies such as Diversity and Inclusion policy. All other Personnel records are managed in accordance with Conciliation Resources Retention of Records Policy. Staff leaving Conciliation Resources are subject to the confidentiality clause in their employment contract whereby they are prohibited from disclosing any confidential information to which they may have had access during their employment at Conciliation Resource. Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 4 of 8
5 7. Access to data Staff, volunteers and other subjects of personal data held by Conciliation Resources have the right to access any personal data that is being kept about them in electronic form. They also have access to paper-based data held in physical filing systems. Any person who wishes to exercise this right should make the request in writing to the Director of Operations. Conciliation Resources reserves the right to charge a modest fee payable for each subject access request. If personal details are inaccurate, they will be amended upon receipt of a written request detailing the inaccuracies that need to be corrected along with the correct information. The computer systems and all information held on them remain Conciliation Resources property at all times. A staff member s , files or telephone messages may be accessed in their absence by another member of staff if necessary for Conciliation Resources activities and with the permission of the Line Manager or, if unavailable, an EMC Director. Computer hard drives and server accounts are also accessed by IT staff for maintenance and admin purposes. 8. Retention of Data Conciliation Resources will keep some forms of information for longer than others. As part of our Risk Management Strategy, Conciliation Resources carries out regular backups of data held on its internal databases and of files held on its server such as s and document files. The backups are either done externally or on our servers on a regular basis and at any point in time, data that is up to two years old can be retrieved. Only designated staff have access to the old data. In the event that data is restored from the backup the staff member carrying out the procedure must be sensitive to the data protection implications of this action. 9. Data Protection/Privacy Statement For the purposes of this policy, to safeguard individual privacy, various statements will be used in the communications. These are as follows: For all s sent from a Conciliation Resources address This is intended only for the named addressee(s) and may contain confidential and/or privileged material. If you have received this in error, please notify Conciliation Resources immediately on cr@c-r.org and delete the message. For e-bulletins (MailChimp system) You are receiving this because you subscribed via the Conciliation Resources website ( or expressed an interest in receiving such mailings. The above statement appears next to an unsubscribe from this list option and an update subscription preferences option, where users can decide on which types of mailings they want to receive, eg programme-specific, job opportunities. June 2013 Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 5 of 8
6 Appendix 1 Data Protection and Privacy Policy: Guidelines for staff Conciliation Resources is registered with the UK Information Commissioner (ICO) as a Data Controller on the public register of data controllers. We meet the requirements of the Data Protection Act 1988 and have our own detailed policy in place (see Data Protection and Privacy Policy). The following guidelines are provided for staff as a quick guide to complying with this policy: 1. Contacts Database a. Do not enter personal data that may be considered, or is, defamatory or inappropriate for the purpose served by the contacts database. Inappropriate data includes information about racial or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health or condition, sexual life, criminal proceedings or convictions. b. Be attentive to previous comments in the Contacts Database and ensure that comments are deleted or edited as required. c. If a contact asks for their details to be removed from the database, this request must be passed on to the person responsible for the relevant database (see section 5 of the Data Protection Policy). If the contact is subscribed to Conciliation Resources ing lists (via website sign-up, information is recorded on the contacts database), the staff member who receives the request must inform the Communications Manager so that they can be unsubscribed. d. Staff must not give out personal information, eg personal telephone numbers, personal addresses, or personal social media handles without permission of the individual concerned, or unless the information is already in the public domain. 2. Conciliation Resources Publications a. Only the PPC Programme Officer or a staff member providing cover for that role is authorised to share the postal addresses of Accord recipients with the company that handles distribution of Conciliation Resources publications. b. Likewise, only the designated staff member coordinating a mailing of any programme publication (not Accord-related) is authorised to share the postal addresses of recipients with the company handling distribution of the publication. 3. Recruitment a. Information provided by individuals on application forms can only be kept on a Conciliation Resources database if the applicant gives permission for that data to be retained. b. Staff involved in recruitment should ensure personal information is handled with sensitivity. c. Paper application forms of unsuccessful short-listed candidates must be shredded within twelve months of the position being filled along with any score sheets and interview notes. These should be passed to the Director of Operations or Operations Officer who will keep them securely for the period. d. Electronic versions of application forms of unsuccessful short-listed candidates will also be deleted twelve months after the position has been filled. 4. Personnel a. Personal information about staff, consultants and volunteers is processed primarily for statutory HR purposes and should only be available to the staff member concerned, their Line Manager, the Operations Officer or the Director of Operations. No such information should be kept on Shared Files or in the contacts database. Conciliation Resources HR information system is the web based Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 6 of 8
7 Appendix 1 BreatheHR. b. Staff leaving Conciliation Resources are subject to the confidentiality clause in their employment contract whereby they are prohibited from disclosing any confidential information that they may have had access to during their employment at Conciliation Resources. c. Staff leaving Conciliation Resources are entitled to employment references. Personal information relating to Standards of Conduct policies/procedures will be kept on the HR files for the duration stated in those policies or the Retention of Records policy. 5. Information on computers a. The computer systems and all information held on them remain Conciliation Resources property at all times. Staff must not make or keep copies of any Conciliation Resources database on a computer that does not belong to Conciliation Resources. Staff who leave Conciliation Resources must not make or keep copies of any Conciliation Resources database. b. Any non-business-related data stored on Conciliation Resources computer systems (such as personal photographs or music) may be deleted at any time; it is the staff member s responsibility to back up such data if desired. c. A staff member s , files or telephone messages may be accessed by another member of staff if necessary for Conciliation Resources activities and with the permission of the Line Manager or, in their absence, an EMC Director. IT staff have access to all desktops (ie they can see your screen), your s, the contents of desktop and laptop computers including hard drives, and all data stored on Conciliation Resources servers, domain and cloud-based storage, for maintenance, security and admin purposes. 6. Signatures in electronic communications a. The following appears as a footer in all s sent from Conciliation Resources addresses to addresses outside the Conciliation Resources domain: This is intended only for the named addressee(s) and may contain confidential and/or privileged material. If you have received this in error, please notify Conciliation Resources immediately on cr@c-r.org and delete the message. b. For e-bulletins You are receiving this because you subscribed via the Conciliation Resources website or expressed an interest in receiving such mailings. This statement appears next to an unsubscribe from this list option and an update subscription preferences option, where users can decide on which types of mailings they want to receive, eg programme-specific, job opportunities 7. Applying the Policy a. Any breach of this policy will be taken seriously and may result in formal action upto including dismissal. Any questions or concerns about the interpretation or operation of this policy should be raised with the Director of Operations, who is Conciliation Resources designated Data Controller. June 2013 Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 7 of 8
8 Appendix 2 Mass s: Guidelines for staff Conciliation Resources adheres to the legal framework outlined by the Information Commissioner s Office (ICO) for marketing s. Our approach also ensures relevant and regular outreach to promote our messages. ing contacts These guidelines do not affect the day-to-day ing of your contacts, which you should do from your Conciliation Resources account. You can send s in this way to groups of contacts together, as long as there is a mutual understanding of relevance to all recipients (ie you are not spamming 3 people) eg joint working on projects, organising small meetings. To larger groups of contacts to highlight recent news or with event invitations, the mailing must be done via the Communications Team using the third party e-bulletin system. Mass s You cannot opt contacts in to receive marketing s from Conciliation Resources they must choose to opt-in. You can help your contacts opt-in to receive mass s by filling out their name and address on this page of our website: o Select Conciliation Resources E-News plus the programme/interest area they have. o The contact will be sent an automatically generated explaining they have been added to our subscriber list following some recent communication they would have had with Conciliation Resources. They will be asked to confirm their subscription by clicking on a link. o You will be able to find out if the contact has agreed to the subscription by checking the contact entry on Conciliation Resources Contacts database, which is updated monthly by the IT Officer for new or amended preferences. o If they do not confirm the subscription, we cannot send mass s to them. You can them personally if you wish. You must not help people subscribe to mass mailings if you have not had any personal contact with them. The ICO would consider this as spamming and would investigate Conciliation Resources if we were found to be doing this. The complaint systems on third party e-bulletin platforms are now very rigorous to prevent spamming. Tips If you have large lists of contacts who you think should be subscribed to Conciliation Resources mailings (but the list is too long to make subscribing them individually viable), contact the Communications Team to discuss the options. If you know you will want to send a mass to a considerable number of people you have had no previous personal contact with, you will need to build an approach to tackle this into your forward planning time. You should personally each contact as soon as possible to explain what you would like to them about and that you would like to initiate the subscription process. If they agree, follow the subscription steps in Mass s above to help them subscribe to the mailing. You must continue to add contacts to Conciliation Resources contacts database as well as following the subscription steps above to continue to build Conciliation Resources organisational knowledge. June Spam is unsolicited s sent to groups of people. You are spamming individuals when they did not consent to receiving group s. Shared_Files:Operations:Policies_Guidelines:Approved:Data_Protectection_and_Privacy:Data Protection and Privacy Policy.docx Page 8 of 8
DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationHow To Know What You Can And Can'T Do At The University Of England Students Union
HOW WE USE YOUR INFORMATION This privacy notice tells you what to expect when University of Essex Students Union (referred to as the SU herein) collects personal information. It applies to information
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationThe Manchester College
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
More informationHuman Resources Policy No. HR46
Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationE-SAFETY POLICY 2014/15 Including:
E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationThe Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation
The Impact on Marketing-Related Activities of the Data Protection Audience 1. This guidance is intended for all University staff who maintain or use database of contacts for marketing purposes, including
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationData protection policy
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationMIS Privacy Statement. Our Privacy Commitments
MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationData Protection Policy
Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationESTRO PRIVACY AND DATA SECURITY NOTICE
ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationUNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationZinc Recruitment Pty Ltd Privacy Policy
1. Introduction Zinc Recruitment Pty Ltd Privacy Policy We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles. This policy applies to information collected
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationSTART UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS
START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS Table of Contents 1. ABOUT THIS POLICY... 3 2. WHO WE ARE AND WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA... 3 3. WHERE WE COLLECT YOUR PERSONAL
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationPrivacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014
Privacy Policy Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Revised Date: 11/01/2008 26/08/2011 19/03/2013 14/02/2014 Review Date: 14/02/2016 PLEASE NOTE: Version control for this document
More information10 DATABASE PRACTICE
10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationCatalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.
PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationPRIVACY POLICY. Privacy Statement
PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationPrivacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion
Policy Relevant to Responsible officer Contact officer Authorisation Date introduced March 2014 Effective date of latest version March 2014 Next review date March 2017 Relevant legislation or source Board
More informationROYAL AUSTRALASIAN COLLEGE OF SURGEONS
1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More informationAASA Online Privacy Policy CRP.020
Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationPrivacy Policy Draft
Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that
More informationUNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY
UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationData Protection Policy
1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.
More informationPolicies, Procedures & Guidelines
Policies, Procedures & Guidelines Management Guidance On the Storage and Disposal of Employee Personnel Files Issue Number: 1 Originated by: Human Resource Department Ratified by: SMT & JSPC Agreed by:
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationBLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY
BLUE BADGE INSURANCE PTY LTD BLUE BADGE COMMUNITY AUSTRALIA PTY LTD PRIVACY POLICY Version 1-1 1 July 2015 Blue Badge Insurance Australia Pty Ltd 2014 ABN 59 162 783 306 A.R. No. 438547 is an Authorised
More informationPrivacy Policy First National Real Estate Cremorne ACN 32096182571
Privacy Policy First National Real Estate Cremorne ACN 32096182571 First National Group of Independent Real Estate Agents Limited 1 Contents Privacy Statement... 3 Overview... 3 Collection of your personal
More informationKinds of information that the Company collects and holds
Privacy Policy Verandah Bar & Bistro Pty Limited Introduction 1. From time to time Verandah Bar and Bistro Pty Ltd ("the Company") is required to collect, hold, use and/or disclose personal information
More informationData Protection for Charities
Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationData protection. The employment practices code
Data protection The employment practices code Contents 3 Contents About the code 4 Managing data protection 11 Good practice recommendations 11 Part 1: Recruitment and selection 14 About Part 1 of the
More informationDirect Recruitment Privacy Policy
Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationSt. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy
Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles
More information2. What personal information do we collect and hold?
PRIVACY POLICY Conexus Financial Pty Ltd [ABN 51 120 292 257], (referred to as Conexus, us, we" or our"), are committed to protecting the privacy of the personal information that we collect and complying
More informationData Protection Consent Clause and Policy Background
Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,
More informationCode of Practice on Data Protection for the Insurance Sector
Code of Practice on Data Protection for the Insurance Sector (Approved by the Data Protection Commissioner under Section 13 (2) of the Data Protection Acts, 1988 and 2003) Forward I am very happy to be
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More information