Bay Trust Radio Data Protection Approved by the Executive Committee 18 September 2010
In this document: The term “Organisation” means Bay Trust Radio. The term “Data Controller” means the Organisation in its capacity to record and use personal information. The term “Committee” means the managing committee of the Organisation. The term “Member” means any full, associate or probationary member of the Organisation. The term “Data Subject” means any Member or any other identifiable living individual whose personal data is held by the Organisation.
TWO: THE DATA PROTECTION ACT 1998
The Organisation shall comply with the Data Protection Act 1998 and all statutory amendments and re-enactments thereof. It shall follow the eight data protection principles, which say that all data shall be:
- Fairly and lawfully processed;
- Processed for limited purposes;
- Adequate, relevant and not excessive;
- Not kept for longer than is necessary;
- Processed in line with the data subject’s rights;
- Not transferred to countries outside the EU without adequate protection.
The Organisation shall comply with the data processing guidelines under which, as a not-for-profit organisation, it can claim exemption from the registration with the Information Commissioner:
- The processing shall only be for providing or administering activities for individuals who are either members of the Organisation or have regular contact with it.
- The data subjects are restricted to those individuals the processing of whose personal data is necessary for this exempt purpose.
- The data classes are restricted to data which is necessary for this exempt purpose.
- Disclosures other than those made with the consent of the data subjects are restricted to those third parties that are necessary for this exempt purpose.
- Personal data is not kept after the relationship between the organisation and the data subject ends, unless and for so long as it is necessary to do so for the exempt purpose.
THREE: DATABASES HOLDING PERSONAL INFORMATION
Personal Information shall be stored by the Organisation in the following databases:
- The Membership Records; and
- The Contacts List.
FOUR: CONFIDENTIALITY In the interests of confidentiality, the processing of Personal Information shall be limited to the John Williamson, Danny Frith & Claire Lambert, who shall be responsible to the Committee for its security and maintenance. They must pass this data over to any other named Member or delete or destroy the data forthwith, when required so to do by the Committee. Personal Information on Members may be shared with the University Hospitals of Morecambe NHS Foundation Trust to enable them to fulfil their statutory duties to ensure the wellbeing of patients and staff.
FIVE: KEEPING RECORDS UP-TO-DATE Personal Information held by the Organisation shall be kept up-to-date. It is the responsibility of Members and other individuals to inform the Organisation of changes, for example, to their contact details. The Organisation’s records shall be modified to include updates provided by the Data Subject as soon as practical after receipt. An annual check of basic contact details will be sent to all Data Subjects. It is a condition of membership of the Organisation that they confirm that these details are correct. Other Data Subjects shall be removed from the Organisation’s records unless confirmation is received that the details are correct.
SIX: DELETION/DESTRUCTION OF RECORDS
An individual’s membership records shall be deleted/destroyed 5 years after they cease to be a Member of the Organisation. Only basic details of their membership (e.g. name, joining and leaving dates) shall be retained after this date. Records of other Data Subjects shall be deleted on request.
SEVEN: ACCESS TO YOUR RECORDS On request, the Organisation shall supply an individual with a copy of the Personal Information it holds on them. The Organisation will not normally charge for the provision of this information, but the Committee reserve the right to charge in exceptional circumstances.