Data Protection Policy & Guidelines
Information we hold
We hold two types of information:
- organisational information – publicly available information about organisations and some confidential information
- personal information – information about individuals such as names, addresses, …
Access to Information
- We will not hold information about individuals without their knowledge and consent. It is a legal requirement that people know what we are doing with their information and who it will be shared with.
- We will only hold information for specific purposes. We will inform data subjects what those purposes are. We will also inform them if those purposes change.
- If we buy in a mailing list we cannot use it for any other purpose than the original Data Controller specified – we must check original use.
- We will seek to maintain accurate information by creating ways in which data subjects can update the information held.
- Information about Data Subjects will not be disclosed to other organisations or to individuals who are not members of our organisation, staff or trustees except in circumstances where this is a legal requirement, where there is explicit or implied consent or where information is publicly available elsewhere.
- Data Subjects have the option not to receive marketing mailings from us or other organisations.
- Data Subjects will be entitled to have access to information held about them by us and for what purpose within 40 days or submitting a request.
- Subject to any rules of the organisation awarding the funding, information will not be retained once no longer required for its stated purpose, we will not keep more than a project requires or surplus information ‘just in case’. We will establish retention periods and a process to delete personal information when no longer required.
- At the beginning of any new project or type of activity the member of staff managing it will consult the Data Controller about any data protection implications.
- We have procedures for ensuring the security of all electronic personal data. Paper records containing confidential personnel data are disposed of in a secure way. Project documents and staff records are all kept in a locked filing cabinet, IT equipment containing personal information is kept in a looked room or cupboard when not in use.
- We will make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.