Privacy & Data Protection Policy

Introduction

  1. Matlock Civic Association has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
  2. These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.

General procedures

  1. Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored on paper it will be filed carefully in a locked filing cabinet.
  2. When we no longer need data (for example when a member or friend leaves Matlock Civic Association), or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.
  3. We will keep records of consent given on Annual Membership Forms for us to collect, use and store data. These records will be stored securely.
  4. In circumstances where it is necessary to share contact details between members, such as mutual consultation on matters or projects of Association interest, members must undertake not to pass on those details to any third party.

Contacting Trustees

  1. The trustees need to be in contact with one another in order to run the Association effectively and ensure its legal obligations are met.
  2. Trustee contact details will be shared with one another.
  3. Trustees will not share each other’s contact details with anyone outside of the else, or use them for anything other than Matlock Civic Association business, without explicit consent.

Overall policy statement

  1. Matlock Civic Association needs to keep personal data about its trustees, members and friends in order to carry out group activities.
  2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the UK General Data Protection Regulation (GDPR) and other relevant legislation.
  3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
  4. We will only collect, store and use data for:
    • purposes for which the individual has given explicit consent, or
    • purposes that are in our our group’s legitimate interests, or
    • to comply with legal obligations, or
    • to perform public tasks.
  5. We will provide individuals with details of the data we have about them when requested by the relevant individual.
  6. We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.
  7. We will endeavor to keep personal data up-to-date and accurate.
  8. We will store personal data securely.
  9. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
  10. We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.
  11. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back.
  12. To uphold this policy, we will maintain a set of data protection procedures for our trustees and members to follow.

 Review

This policy will be reviewed every three years

Date………………………………………..

Signature (Chair)…………………………………………………………….

Signature (Secretary)…………………………………………………………