Data Protection Policy
Introduction
Alpha Grove Community Centre is fully committed to compliance with the requirements of the regulations governing the Data Protection Act 1998 (DPA), which came into effect on 1st March 2000. As a result, we are required to maintain and keep certain personal data about individuals/users for the purposes of satisfying our operational and legal duties. We understand the importance of correct and lawful treatment of personal data as it helps to maintain confidence in our centre and ensure that these data are by no means compromised.
We process personal data which includes; information about our; current, past, and potential employees; customers; suppliers, and other organisations with whom we have business dealings. Personal data may consist of data kept on paper, computer, or other electronic media; all of which are protected under the Data Protection Act 1998.
Principles:
Alpha Grove Community Centre endorses and adheres to the eight principles of the Data Protection Act summarised below.
Data must:
I. be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
II. be processed fairly and lawfully and shall not be processed unless certain conditions are met.
III. be adequate, relevant, and concise for those purposes.
IV. be accurate and up to date.
V. only be kept for as long as is necessary for the purpose for which it was obtained.
VI. be processed in accordance with the data subject’s rights.
VII. be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and the centre measure.
VIII. not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedom of data subject in relation to the processing of personal data.
These principles apply to obtaining, handling, processing, transportation, and storage of personal data. Employees and agents of Alpha Grove Community Centre who obtain, handle, process, transport, and store personal data for us must adhere to these principles at all times.
Types of Data
The DPA lays down conditions for the processing of any personal data and makes a distinction between personal data and “sensitive” personal data. Personal data is defined as data relating to a living individual who can be identified from that data; or from that data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
Sensitive personal data is defined as personal data consisting of information regarding an individual’s racial or ethnic origin; political opinion; religious or other beliefs; trade union membership; physical or mental health or condition; sexual life; or criminal proceedings or convictions.
The Data Protection Act 1998 (DPA) regulates the processing of personal data. The DPA would therefore not prevent the sharing of organisation or business information. Note that the term ‘processing’ in this context refers to the collection and manipulation of items of data to produce meaningful information.
Handling of personal/sensitive information:
Alpha Grove Community Centre will handle personal/sensitive information through proper management and the use of stringent standards and controls:
- Observe fully the conditions concerning the fair collection and use of personal information
- Specify the purpose for which information is used or to be used.
- Collect and process information only to the extent that it is needed to fulfil operational needs or legal requirements
- Endeavour always to ensure the quality of information used
- not keep information for longer than required, operationally or legally
- always endeavour to safeguard personal information by physical and technical means (ie keeping paper files and other records or documents containing personal/sensitive data in a secure environment; protecting personal data held on computers and computer systems by the use of secure passwords, which where possible, are changed periodically and ensuring that individual passwords are not easily compromised)
- ensure that personal information is not transferred abroad without suitable safeguards
- ensure that the rights of people about whom the information is held can be fully exercised.
In addition, Alpha Grove Community Centre will ensure that: - there is someone with specific responsibility for data protection in the centre (the designated Data Protection Officer) – Currently Centre Manager.
- all staff managing and handling personal information understand that they are contractually responsible for following good data protection practice
- all staff managing and handling personal information are appropriately trained to do so
- all staff managing and handling personal information are appropriately supervised
- a clear procedure is in place for anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, and that such enquiries are promptly and courteously dealt with
- methods of handling personal information are regularly assessed and evaluated
- any data sharing is carried out under a written agreement, setting out the scope and limits of the sharing
- any disclosure of personal data will be in compliance with approved procedures.
Access to personal data:
Individuals whose personal data are held by us are entitled to:
- ask what information we hold about them and why
- ask how to gain access to it
- be informed how to keep it up to date
- have inaccurate personal data corrected or removed
- prevent us from processing information or request that it is stopped if the processing of such data is likely to cause substantial, unwarranted damage or distress to the individual or anyone else
- be informed what we are doing to comply with our obligations under the Data Protection Act.
This right is subject to certain exemptions which are set out in the Data Protection Act. Any person who wishes to exercise this right should make a request in writing to the Centre manager/Trustees.
We reserve the right to charge the maximum fee payable for each subject access request. If personal details are incorrect, they will be amended upon request. If by providing this information we would have to disclose information relating to or identifying a third party, we will only do so provided the third party gives consent, otherwise we may edit the data to remove the identity of the third party.
Personal information will only be released to the individual to whom it relates. The disclosure of such information to anyone else without their consent may be a criminal offence. Any employee who is in doubt regarding a subject access request should check with the Data Protection Officer, the Centre manager from whom prior permission is required for any information to be sent outside of the UK.
We aim to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days of receipt of a written request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
Cookies
Alpha Grove Community Centre website site, like many others, uses small files called cookies to help customise user experience. ‘Cookies’ are small text files that are stored by the browser (for example, Internet Explorer or Safari) on your computer or mobile phone. They allow websites to store such things as user preferences. You can think of cookies as providing a “memory” for the website, enabling it to recognise a user and respond appropriately.
They improve things by:
- remembering settings, so you don’t have to keep re-entering them whenever you visit a new page
- remembering information you’ve given (eg your postcode) so you don’t need to keep entering it
- measuring how you use the website so we can make sure it meets your needs.
Our cookies aren’t used to identify users personally. We don’t gather personal information about a user, to share with others.
Freedom of information:
The Freedom of Information Act 2000 provides public access to information held by public authorities. We are not a public sector body and therefore do not respond directly to FOI requests. However, we are Charity and may respond directly to sectors dealing with charity issues.
Implementation, monitoring, and review of this policy:
This policy will take effect on 1 May 2019. The Data Protection Officer (Centre Manager) has overall responsibility for implementing and monitoring this policy, which will be reviewed on a regular basis following its implementation (at least annually) and additionally whenever there are relevant changes in legislation or to our working practices.
Any questions or concerns about the interpretation or operation of this policy should be taken up in the first instance with your line manager.
This policy is not contractual but indicates how Alpha Grove Community Centre intends to meet its legal responsibilities for data protection. Any breach will be taken seriously and may result in formal disciplinary action. Any employee who considers that the policy has been breached in any way should raise the matter with his/her manager or the Data Protection Officer (Centre Manager).