|
- Home
- Privacy Policy
|
ISKO UK Privacy Policy 1. Definitions 1.1 Personal data is information about a living person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information. 1.2 Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law , when collecting, storing, using, amending, sharing, destroying or deleting personal data. 2. Responsibility 2.1 Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld. 3. Overall policy statement 3.1 ISKO UK needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities. 3.2 We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and other relevant legislation. 3.3 We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need. · purposes for which the individual has given explicit consent, or · purposes that are in our group’s legitimate interests, or · contracts with the individual whose data it is, or · to comply with legal obligations, or · to protect someone’s life, or · to perform public tasks 3.5 We will provide individuals with details of the data we have about them when requested by the relevant individual. 3.6 We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons. 3.7 We will endeavour to keep personal data up-to-date and accurate. 3.8 We will store personal data securely. 3.9 We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes. 3.10 We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so. 4. Review This policy will be reviewed every two years Agreed by the ISKO UK Executive Committee on: 11th June 2018 ISKO UK Chair: David Haynes ISKO UK Secretary: Sylvie Davies (adapted from ‘Data Protection for Community Groups’ published by Brighton & Hove Community Works, May 2018 Next review due: June 2020 We need to refer to GDPR and UK Data Protection Act UK Chapter or ISKO International? Give examples of volunteers who would have access to personal data We need to explain where we store data (Wild apricot, Conftool, MMS (and Springer Verlag ?) We need to be more specific about the usage of personal data (renewal notices, payments, events announcement and registration etc…) We need to be more specific and explain our membership policy. For instance MMS keeps the data for 2 years after membership has lapsed We should remove data from individuals who are no longer members. Here we need to create an internal document that examines potential data breach We have not set up any procedures for that purpose. We need to create a data breach policy |