The Ellesmere Centre Data protection policy 2018
1. THE ELLESMERE CENTRE holds three types of information which are covered by this policy:-
Organisational information – publicly available information about organisations and some confidential information.
Personal information – information about individuals such as names, addresses, job titles
Sensitive personal information – in general this kind of information is only held about employees. There are, however, instances where sensitive information is held about other people. For example, information about dietary requirements at Conference might allow a person’s religion to be deduced. Membership of the Sexuality Issues Network Group might also be seen as sensitive data.
Information about organisations is not covered by the Data Protection Act. However, there is sometimes ambiguity about whether certain information is personal or organisational, therefore, with regard to organisational information THE ELLESMERE CENTRE strives to achieve best practice and for these reasons organisational information is covered by this policy.
The organisations and people about which THE ELLESMERE CENTRE holds information are referred to in this policy as data subjects
2. THE ELLESMERE CENTRE will not hold information about individuals without their knowledge and consent.
3. THE ELLESMERE CENTRE will only hold information for specific purposes. It will inform data subjects what those purposes are. It will also inform them if those purposes change. The only exception to this is that THE ELLESMERE CENTRE will make it clear to members that it is a condition of their membership that THE ELLESMERE CENTRE will decide what should happen to information supplied about the organisation (but not about individuals within the organisation).
4. Information will not be retained once it is no longer required for its stated purpose.
5. THE ELLESMERE CENTRE will seek to maintain accurate information by creating ways in which data subjects can update the information held.
6. Data subjects will be given the option not to receive marketing mailings from THE ELLESMERE CENTRE, or other organisations (but see 3 above).
7. Data subjects will be entitled to have access to information held about them by THE ELLESMERE CENTRE.
8. Information about data subjects will not be disclosed to other organisations, to individuals who are not THE ELLESMERE CENTRE staff, or members of the Board of Trustees, except in circumstances where there is a legal requirement, where there is explicit, or implied consent, or where the information is publicly available elsewhere.
9. THE ELLESMERE CENTRE has procedures for ensuring the security of all personal data. Paper records containing confidential personnel data are disposed of in a secure way.
10. The Ellesmere Centre keeps all personal information stored on the computer securely. The computer is password protected and the office is kept locked at all times when unmanned.
11. THE ELLESMERE CENTRE has procedures covering all areas of its work, which it follows to ensure that it achieves the aims set out above.
A Named Trustee will be designated as the Data Protection Compliance Officer for THE ELLESMERE CENTRE.
12. At the beginning of any new project or type of activity the member of staff managing it will consult the Named Trustee about any data protection implications.
13. There may be situations where THE ELLESMERE CENTRE works in partnership with other organisations on projects which require data sharing. THE ELLESMERE CENTRE will determine which member of the organisation is to be the Data Controller and will ensure that the Data Controller deals correctly with any data which THE ELLESMERE CENTRE has collected.
14. All new staff will be given training on the data protection policy and procedures.
15. THE ELLESMERE CENTRE will carry out an annual review of its data protection policy and procedures.
16. Any member of the public can request to be removed from the database at any time by contacting the office directly, by telephone, or by emailing firstname.lastname@example.org.