Privacy Policy

Data Protection Policy

Introduction

Noddfa Community Centre needs to maintain and use personal data about people, eg current, past or prospective employees, volunteers, representatives of voluntary and community organisations, members, to meet its operational and legal obligations.  Noddfa Community Centre recognises the importance of correct and lawful treatment of personal data in order to maintain confidence in the organisation.

Any personal data collected by Noddfa Community Centre, whether it is held on paper, computer or other media will be subject to the appropriate safeguards in order to ensure Noddfa Community Centre complies with the Data Protection Act 1998.

Noddfa Community Centre fully endorses and adheres to the eight principles of the Data Protection Act.

Principles

 Organisations processing personal data must comply with the data protection principles.  Personal information must be:

  1. Fairly and lawfully processed
  2. Processed for specific purposes
  3. Adequate, relevant and not excessive
  4. Accurate and, where necessary, kept up to date
  5. Kept for no longer than necessary
  6. Processed in line with the rights of the individual
  7. Kept secure
  8. Not transferred to countries outside the European Economic Area unless there is adequate protection for the information

In order to meet the requirements of the principles, Noddfa Community Centre will:

  • Observe the conditions regarding the fair collection and use of personal data
  • Meet its obligations to specify the purposes for which personal data is used
  • Collect and process appropriate personal data only to the extent that it is needed to fulfill operational or legal requirements
  • Ensure the quality of personal data used
  • Apply strict checks to determine the length of time personal data is held
  • Ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act
  • Take appropriate security measures to safeguard personal data
  • Ensure that personal data is not transferred abroad without suitable safeguards

Data Controller

 The Board of Trustees of Noddfa Community Centreis responsible for ensuring compliance with the Data Protection Act

Subject Access

 Any individual who is the subject of personal data held by Noddfa Community Centre is entitled to:

  • Ask what information Noddfa Community Centre holds about them and why
  • Ask how to gain access to it
  • Be informed how to keep it up to date
  • Be informed what Noddfa Community Centre is doing to comply with its obligations under the 1998 Data Protection Act

Access to Information

 

Any individual about whom Noddfa Community Centreholds personal data has the right to access personal data held about them on computer and in some manual filing systems.  This right is subject to certain exemptions which are set out in the Data Protection Act.  A copy of the information held can be requested by writing to the Data Controller (subject access request).  This information will be made available within 40 days of receipt of such a request. Noddfa Community Centrereserves the right to charge the maximum fee, in line with the Data Protection Act, for providing this information.  Inaccuracies in the information held can be amended by writing to the Data Controller.

Subject Consent

 

Noddfa Community Centrewill communicate to all data subjects the need to process data for normal purposes.  If the data is sensitive, eg health, race or gender, express consent to process data will be sought.  Processing may be necessary to operate Noddfa Community Centrepolicies, i.e. Health and Safety, Equal Opportunities.

Data Security

 Precautions must be taken against physical loss or damage to data held by Noddfa Community Centre.  Access and disclosure of information must be restricted.  All employees are responsible for ensuring that:

  • Any personal data which they hold is secure, eg membership information
  • Personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party

Employee/Volunteer Responsibilities

 Employees/Volunteers are responsible for:

  • Checking that any personal data provided to Noddfa Community Centre is accurate and up to date
  • Informing Noddfa Community Centre of any changes to information which they have provided, eg changes of address

Breach of Noddfa Community Centre Data Protection Policy will be taken seriously and may result in formal action.

Any individual who considers that the policy has not been followed in respect of personal data held about them by Noddfa Community Centre should write to the Data Controller.

 

Our Supporters

pht
pyc