Data Protection Policy
BECKENHAM QUILTERS DATA PROTECTION POLICY - last reviewed March 2019
“Data Protection Legislation”
Data Protection legislation means the Data Protection Act 1998, the Privacy and Electronic Communications Regulations (EC Directive) Regulations 2013 (SI 2426/2003 as amended), and all applicable laws and regulations, including any replacement UK or EU data protection legislation relating to the Processing of Personal Data, including, where applicable, the guidance and codes of practice issued by the information Commissioner’s Office.
The Data Protection Legislation (“the Legislation”) is concerned with the protection of human rights in relation to personal data. The aim of the Legislation is to ensure that personal data is used fairly and lawfully and that where necessary the privacy of individuals is respected.
During the course of the activities of Beckenham Quilters(“we”) will collect, store and process personal data about our members. This policy sets out the basis on which we will process any personal data we collect from BQ members.
The Chair of BQ is responsible for ensuring compliance with the Legislation and with this policy.
Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to the Chair
Processing Personal Data
All personal data should be processed in accordance with the Legislation and this policy.
Processing includes obtaining, holding, maintaining, storing, erasing, blocking and destroying data.
Personal data is data relating to a living individual. It will not include data relating to a company or organisation, although any data relating to individuals within companies or organisations may be covered.
The personal data BQ collects and uses is factual - the name, address, telephone numbers and email address.
Compliance with the Legislation
Anyone who has responsibility for processing personal data must ensure that they comply with the data protection principles in the Legislation. These state that personal data must:
- be obtained and used fairly and lawfully;
- be obtained for specified lawful purposes and used only for those purposes;
- be adequate, relevant and not excessive for those purposes;
- be accurate and kept up to date;
- not be kept for any longer than required for those purposes;
- be used in a way which complies with the individual’s rights (this includes rights to prevent the use of personal data which will cause them damage or distress, to prevent use of personal data for direct marketing, and to have inaccurate information deleted or corrected);
- be protected by appropriate technical or organisational measures against unauthorised access, processing or accidental loss or destruction;
- not be transferred outside the European Economic Area unless with the consent of the data subject or where the country is determined to have adequate systems in place to protect personal data.
Handling Personal Data and Data Security
Manual records relating to members or others should be kept secure. Computer files should be password protected.
BQ will take particular care of sensitive data and security measures will reflect the importance of keeping sensitive data secure (definition of sensitive data is set out below).
BQ procedures will be regularly monitored and reviewed to ensure data is being kept secure.
Where personal data needs to be deleted or destroyed adequate measures will be taken to ensure data is properly and securely disposed of. This will include destruction of files and back up files and physical destruction of manual files. Particular care should be taken over the destruction of manual sensitive data (written records) including shredding.
All data will be stored in a secure location and precautions will be taken to avoid data being accidentally disclosed. Personal data stored on a laptop should be password protected.
The Rights of Individuals
The Legislation gives individuals certain rights to know what data is held about them and what it is used for. In principle everyone has the right to see copies of all personal data held about them. There is also a right to have any inaccuracies in data corrected or erased. Data subjects also have the right to prevent the processing of their data for direct marketing purposes.
Any request for access to data under the Legislation should be made to the Chair of BQ in writing. In accordance with the Legislation BQ will ensure that written requests for access to personal data are complied with within 30 days of receipt of a valid request.
When a written data subject access request is received the data subject will be given a description of a) the personal data, b) the purposes for which it is being processed, c) those people and organisations to whom the data may be disclosed, d) be provided with a copy of the information in an intelligible form.
Sensitive Data
BQ will not request sensitive data,
Changes to this Policy
We reserve the right to change this policy at any time. Where appropriate we will notify data subjects of those changes by mail or email.
Print 