Data Protection
Policy: Dunmow Art Group
1) Definitions
- Personal data is information about a person which is identifiable
as being about them. It can be stored electronically or on paper, and
includes images and audio recordings as well as written information.
- Data protection is about how we, as an organisation, ensure we
protect the rights and privacy of individuals, and comply with the law,
when collecting, storing, using, amending, sharing, destroying or deleting
personal data.
2) Responsibility
- Overall and final responsibility for data protection lies with the
management committee, who are responsible for overseeing activities and
ensuring this policy is upheld.
- All volunteers are responsible for observing this policy, and
related procedures, in all areas of their work for the group.
3) Overall policy
statement
- Dunmow Art Group needs to keep personal data about its committee,
members, volunteers and supporters in order to carry out group activities.
- We will collect, store, use, amend, share, destroy or delete
personal data only in ways which protect people’s privacy and comply with
the General Data Protection Regulation (GDPR) and other relevant
legislation.
- We will only collect, store and use the minimum amount of data that
we need for clear purposes, and will not collect, store or use data we do
not need.
- We will only collect, store and use data for:
- purposes for which the individual has given explicit consent, or
- purposes that are in our group’s legitimate interests, or
- contracts with the individual whose data it is, or
- to comply with legal obligations, or
- to protect someone’s life, or
- to perform public tasks.
- We will provide individuals with details of the data we have about
them when requested by the relevant individual.
- We will delete data if requested by the relevant individual, unless
we need to keep it for legal reasons.
- We will endeavour to keep personal data up-to-date and accurate.
- We will store personal data securely.
- We will keep clear records of the purposes of collecting and
holding specific data, to ensure it is only used for these purposes.
- We will not share personal data with third parties without the
explicit consent of the relevant individual, unless legally required to do
so.
- We will endeavour not to have data breaches. In the event of a data
breach, we will endeavour to rectify the breach by getting any lost or
shared data back. We will evaluate our processes and understand how to
avoid it happening again. Serious data breaches which may risk someone’s
personal rights or freedoms will be reported to the Information
Commissioner’s Office within 72 hours, and to the individual concerned.
- To uphold this policy, we will maintain a set of data protection
procedures for our committee and volunteers to follow.
4) Review
This policy will be reviewed every two years
Date………………………………………..
Signature …………………………………………………………….
data protection
procedures
1) Introduction
- Dunmow Art Group has a data protection policy which is reviewed
regularly. In order to help us uphold the policy, we have created the
following procedures which outline ways in which we collect, store, use,
amend, share, destroy and delete personal data.
- These procedures cover the main, regular ways we collect and use
personal data. We may from time to time collect and use data in ways not
covered here. In these cases we will ensure our Data Protection Policy is
upheld.
2) General
procedures
- Data will be stored securely. When it is stored electronically, it
will be kept in password protected files. When it is stored online in a third
party website (e.g. Google Drive) we will ensure the third party complies
with the GDPR. When it is stored on paper it will be filed carefully in a
locked filing cabinet.
- When we no longer need data, or when someone has asked for their
data to be deleted, it will be deleted securely. We will ensure that data
is permanently deleted from computers, and that paper data is shredded.
- We will keep records of consent given for us to collect, use and
store data. These records will be stored securely.
3) Mailing list
- We will maintain a mailing list. This will include the names and
contact details of people who wish to receive, publicity and fundraising
appeals from Dunmow Art Group.
- When people sign up to the list we will explain how their details
will be used, how they will be stored, and that they may ask to be removed
from the list at any time. We will ask them to give separate consent to
receive publicity and fundraising messages, and will only send them
messages which they have expressly consented to receive.
- We will not use the mailing list in any way that the individuals on
it have not explicitly consented to.
- We will provide information about how to be removed from the list
with every mailing.
4) Contacting
committee members
- The committee need to be in contact with one another in order to
run the organisation effectively and ensure its legal obligations are met.
- Committee contact details will be shared among the committee.
- Committee members will not share each other’s contact details with
anyone outside of the committee, or use them for anything other than
Dunmow Art Group business, without explicit consent.
8) Review
These procedures will be reviewed every two years
Date………………………………………..
Signature …………………………………………………………….
No comments:
Post a Comment