CCA DATA PROTECTION POLICY
Introduction
The CCA are committed to protecting the rights and privacy of individuals. We need
to collect and use certain types of Data to enable us to carry on our work
surrounding Canewdon Village Hall. This personal information must be collected and
handled securely.
The Data Protection Act 1998 (DPA) and General Data Protection Regulations
(GDPR) govern the use of information about people (personal data). Personal data
can be held on computers, laptops and mobile devices, or in a manual file. The
Trustees are personally responsible for processing and using personal information in
accordance with the Data Protection Act and GDPR. Trustees who have access to
personal information will therefore be expected to read and comply with this policy.
Purpose
The purpose of this policy is to set out the commitment and procedures for protecting
personal data regarding Canewdon Village Hall. Trustees consider the lawful and
correct treatment of personal information as very important to successful working,
and to maintaining the confidence of those with whom we deal with. We recognise
the risks to individuals of identity theft and financial loss if personal data is lost or
stolen.
Personal data
1. Shall be processed fairly and lawfully.
2. Shall be obtained only for one or more of the purposes specified in the Act.
3. Shall be adequate, relevant and not excessive in relation to those purpose(s).
4. Shall be accurate and updated, as and when needed
5. Shall not be kept for longer than is necessary,
6. Shall be processed in accordance with the rights of data subjects under the Act,
7. Shall be kept secure by the Data Controller, who takes appropriate technical and
other measures to prevent unauthorised or unlawful processing or accidental loss or
destruction of, or damage to, personal information.
Applying the Data Protection Act within the charity
We will let people know why we are collecting their data, which is for the purpose of
managing the hall, its hirings and finances. It is our responsibility to ensure the data
is only used for this purpose. Access to personal information will be limited to
Trustees.
Correcting data
Individuals have a right to make a Subject Access Request (SAR) to find out whether
the charity holds their personal data, where it is held, what it is used for and to have
data corrected if it is wrong, to prevent use which is causing them damage or
distress, or to stop marketing information being sent to them. Any SAR must be dealt
with within 30 days. Steps must first be taken to confirm the identity of the individual
before providing information, requiring both photo identification e.g. passport and
confirmation of address e.g. recent utility bill, bank or credit card statement.
Responsibilities
Canewdon Village Hall is the Data Controller under the Act, and is legally
responsible for complying with the Act, which means that it determines what
purposes personal information held will be used for.
The Trustees will take into account legal requirements and ensure that it is properly
implemented, and will, through appropriate management and controls:
a) Collect and use information fairly.
b) Specify the purposes for which information is used.
c) Collect and process appropriate information, and only to the extent that it is
needed to fulfil its operational needs or to comply with any legal requirements.
d) Ensure the rights of people about whom information is held, can be exercised
under the Act. These include: i) The right to be informed that processing is
undertaken. ii) The right of access to one’s personal information. iii) The right to
prevent processing in certain circumstances, and iv) the right to correct, rectify, block
or erase information which is regarded as wrong information.
e) Take appropriate technical and organisational security measures to safeguard
personal information.
f) Treat people justly and fairly whatever their age, religion, disability, gender, sexual
orientation or ethnicity when dealing with requests for information.
All Trustees are aware that a breach of the rules and procedures identified in this
policy may lead to action being taken against them.
Data Protection Officer is Michael Fuller.
This policy and associated procedures will be updated as necessary to reflect best
practice in data management, security and control and to ensure compliance with
any changes or amendments made to the Data Protection Act 1998.
It will be formally reviewed every 2 years.
Date last reviewed: November 2024
Date of next review: November 2026
