Data Protection Policy Statement
Norfolk Conservation Ltd. is committed to a policy of protecting the rights and privacy of members in accordance with The Data Protection Act 1998. Any breach of The Data Protection Act 1998 is considered to be an offence and will incur appropriate penalties.
Managing Data Protection
Norfolk Conservation Ltd. is a not-for profit organisation and does not need to register with the Information Commissioner; however, in order to ensure best practice Norfolk Conservation Ltd. will endeavour to adhere to the Data Protection Principles.
Data Protection Principles
To meet the requirements of the Data Protection Act 1998, Norfolk Conservation Ltd. fully endorses the eight principles stated therein, and all will adhere to them at all times.
These principles are as follows.
- Personal data shall be processed fairly andlawfully and, in particular, shall not be processed unless specific conditionsare met.
- Personal data shall be obtained only for one ormore specified and lawful purposes and shall not be further processed in anymanner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant andnot excessive in relation to the purpose or purposes for which they areprocessed.
- Personal data shall be accurate and, wherenecessary, kept up to date.
- Personal data processed for any purpose orpurposes shall not be kept for longer than is necessary for that purpose orthose purposes.
- Personal data shall be processed in accordancewith the rights of data subjects under the Act.
The Norfolk Conservation Ltd. trustees will take responsibility for data protection in the Trust and will ensure the requirements of the Act are enforced.
Purpose of Norfolk Conservation Ltd. Data
In terms of the Data Protection Act 1998, the Norfolk Conservation Ltd. Committee is the ‘data controller’, and as such determines the purpose for which, and the manner in which, any personal data is processed.
• Administration • Accounts & Records • Advertising, Marketing & Public Relations
Data will be:
- Processed for Limited purpose
The Data Controller will not use data for a purpose other than those agreed by Norfolk Conservation Ltd. trustees. If the data held is requested by external organisations for any reason, this will only be passed on if Norfolk Conservation Ltd. members agree. External organisations must state the purpose of processing, agree not to copy the data for further use and sign a contract agreeing to abide by The Data Protection Act 1998 and the Norfolk Conservation Ltd. Data Protection Policy.
- Adequate, relevant and not excessive
The Data Controller will monitor the data held ensuring there is neither too much nor too little data in respect of the individuals about whom the data is held. If data given or obtained is excessive for such purpose, it will be immediately deleted or destroyed.
Norfolk Conservation Ltd. members should notify the Data Controller of any changes, to enable personnel records to be updated accordingly and members have the right to review their data at any time. The Data Controller will invite members to review their data once a year to ensure it is accurate and up-to-date. Any amendments will be made immediately and data no longer required will be deleted or destroyed. Completion of an appropriate form (provided by The Data Controller) will be taken as an indication that the data contained is accurate.
- Not kept longer than necessary
Data will not be retained for longer than it is required. All personal data will be deleted or destroyed after one year of non-membership has elapsed.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.
Monitoring and Review
Reviewed April 2018
The Trustees will review this policy every two years