Data Protection Policy to comply with General Data Protection Regulations and UK law
1. The Petworth Society (the Society) finds it necessary to keep certain personal information regarding its Members. The information is required for the Society to operate efficiently. Under the General Data Protection Regulations (GDPR) and UK law, the Society is the ‘data controller’ of that personal information.
2. This document sets out the Society’s policy on Data Protection.
3. Any questions regarding the Data Protection Policy should be addressed to the Treasurer, The Petworth Society, Coppards, Middle Street, Petworth, GU28 0BE.
4. The personal information is required by the Society to function and will not be used for any other purpose. No personal information designated as ‘Sensitive’ will be held.
5. Attached to this policy is the Society’s Privacy Notice which will be issued to the individuals whose data is held on request. The Privacy Notice details the Society’s approach to Data Protection.
6. The Privacy Notice sets out the following:
i. The ‘lawful reason’ for processing the personal information.
ii. The information the Society holds and how it is obtained.
iii. How the personal information will be kept up to date.
iv. How the information will be used.
v. How long the information will be held for.
vi. Who the individual should contact if there is an issue.
vii. Consent requirements.
7. Because of the type of personal information held by the Society, the very limited amount of processing and the voluntary nature of the organisation, it is considered that ‘implied consent’ is sufficient to comply with GDPR and UK law.
8. Except for HMRC, where applicable, no personal information will be passed to a third party, without the specific agreement of the individual or a court order.
9. The Membership Secretary is responsible for the security of the personal information held by the Society.
10. Any computer on which the Society holds personal information will be password protected. Any hard copy information will be kept in a secure environment.
11. The information held by the Society will be the minimum necessary for the required purpose.
12. Personal information which is no longer required will be disposed of in a secure manner.
13. Individuals are entitled to be told what information the Society hold about them on request and to be given a copy of the information
14. Where there is a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to the personal data. The Society will consider as soon as possible, and within 72 hours, what action it needs to take. In the unlikely event that the breach might have a significant detrimental effect on the individuals, the Information Commissioners Office (ICO) will be informed together with the individuals concerned.
15. The Society will review this Data Protection Policy, and the necessity to hold the personal information, every two years.