Data Protection Policy - Sustainable Hackney

Similar documents
Islam21c.com Data Protection and Privacy Policy

DATA PROTECTION POLICY THE HOLST GROUP

Data Protection policy

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

Element Finance Solutions Ltd Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy

Data Protection Policy

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

BELLISSIMA BEAUTY SALON PRIVACY NOTICE

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

GDPR Data Protection Policy

UWC International Data Protection Policy

Privacy notice. Last updated: 25 May 2018

Subject: Kier Group plc Data Protection Policy

Hertfordshire Natural History Society

CAPPELLA NOVOCASTRIENSIS Data Protection Policy

Motorola Mobility Binding Corporate Rules (BCRs)

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

PRIVACY POLICY. Introduction:

UWTSD Group Data Protection Policy

Data Protection Policy

EU Data Protection Agreement

PRIVACY POLICY. 1. Introduction

Made In Hackney Data Protection Policy Last Updated:

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

Data Protection policy

The British Museum. Data Protection Code of Practise. 1 Introduction

Data protection policy

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Privacy Policy Statement Last update 25 th May 2018.

PS Mailing Services Ltd Data Protection Policy May 2018

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Emsi Privacy Shield Policy

CITY SECURITY MAGAZINE

DATA PROTECTION POLICY

HOW WE USE YOUR INFORMATION

Data protection. 3 April 2018

We may change the privacy notice from time to time by amending this page.

A Homeopath Registered Homeopath

BEAUTIFUL DRINKS LTD.

Site Builder Privacy and Data Protection Policy

PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION

Contract Services Europe

When you join the Hedon Fan Club, we process the following personal data:

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder

Website Privacy Statement

Adelaide Fringe is committed to protecting the privacy of its artists, employees, prospective employees, venues and the general public.

PRIVACY NOTICE. Privacy notice. What personal data we collect and the Legal Basis. Who are we? The personal data we would collect from/process on you

UKIP needs to gather and use certain information about individuals.

EU Data Protection Agreement

Data Protection Privacy Notice

THE DATA PROTECTION ACT (1998) AND YOUR CLUB/COUNTY ASSOCIATION

Data Protection Policy

PRIVACY POLICY. 1. Scope of this Policy

SYDNEY FESTIVAL PRIVACY POLICY

3. Available Membership Categories and the associated services and benefits are published on the BMF website.

Privacy Policy. Full name and contact details (including your contact number, and postal address).

Privacy Policy Inhouse Manager Ltd

Privacy Policy. What type of personal information we collect. The type and amount of information we collect depends on why you are providing it.

INCLUDE-ED PRIVACY POLICY

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

We respect your privacy and we promise to do the following: Without limitation, any of the following Data may be collected:

What information is collected from you and how it is used

Privacy and Data Protection Policy

Cognizant Careers Portal Privacy Policy ( Policy )

I domobile PRIVACY POLICY Version The privacy of all of our Users is very important to us. When you, as an App-user, use the Service

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Privacy Policy Identity Games

Fishers Green Sailing Club Privacy Policy

FAST Data Protection Policy

WE ARE COMMITTED TO PROTECTING YOUR PERSONAL DATA

Privacy Policy Effective May 25 th 2018

Badminton England - Data protection Guidance for clubs and counties.

PERSONAL DATA POLICY Westpack A/S

Wesley House data protection statement and privacy notice (short-course delegates)

We may change the privacy notice from time to time by amending this page. What type of information will we collect from you?

We collect the information listed below as a consequence of our business activities.

DATA PROTECTION POLICY

POLICY DOCUMENT DATA PROTECTION 2018

Our privacy statement Who are we? Your acceptance of this statement Changes to this privacy statement What is personal data?

Data Protection Policy

Wonde may collect personal information directly from You when You:

Data Protection Policy

Website Privacy Policy

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

PRIVACY POLICY. We will use the information that we collect about you in accordance with:

INNOVENT LEASING LIMITED. Privacy Notice

ENABLE Scotland Privacy Policy

Data protection. Data protection. Kacper Szkalej 1. Structure. Data protection. Media Law, KTH. Definition? Data protection = data processing rules

PRIVACY POLICY QUICK GUIDE TO CONTENTS

Enviro Technology Services Ltd Data Protection Policy

register to use the Service, place an order, or provide contact information to an Independent Business Owner;

PRIVACY NOTICE. This policy may be updated from time to time so please check back occasionally to make sure you re happy with any changes.

GDPR - Are you ready?

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

Privacy Policy. Effective as of October 5, 2017

EIT Health UK-Ireland Privacy Policy

Transcription:

Data Protection Policy - Summary This policy sets out how manages and protects the personal data that we collect in the course of our activities. It sets out how we apply the principles of data protection, the legal basis for data processing, and the rights of individuals over their data. Scope The policy applies to the activities of and to the projects that has set up including, Hackney Food Partnership and Hackney Green Drinks and applies to our Steering Group, members, and volunteers acting on our behalf. Principles Policy We will apply the principles of data protection:- Personal data shall be processed fairly and lawfully and transparently Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes. Personal data shall be adequate, relevant and not excessive in relation to the purposes. Personal data shall be accurate and, where necessary, kept up to date. Personal data shall be kept for no longer than is necessary. Personal data shall be processed in accordance with the rights of data subjects. Personal data shall be protected against unauthorised or unlawful processing, loss, destruction, or damage. Personal data shall be transferred outside the European Economic Area only where there is adequate protection. 1. We will only process data using one or more legal bases. We will always use consent as the basis for any email marketing. The basis on which we process data will be recorded in an appendix to this policy. See Appendix 1. 2. When new data is collected we will document the legal basis and amend this policy and our privacy notice as appropriate. 3. We will explain our policy in a privacy notice which will be posted online and linked to from our newsletters, referenced on our forms and on our website. The privacy notice will be updated from time to time as necessary. The current version is here: http://sustainablehackney.org.uk/page/privacy-notice. 4. We will only use the data for the purposes that are specified. We will keep data for our different projects and member types separate and not use data collected for one purpose for another purpose unless we first obtain consent. We will not pass, sell or release data to any third party without consent unless legally required to do so. 5. We will only collect data that is relevant to the purpose for which it was collected and we will review at least annually whether the data is still relevant to that purpose. We will aim to collect the minimum amount of data that is necessary. Data Protection Policy Page 1

6. We will make it easy to opt out of email newsletters using an unsubscribe link in each email. 7. Members of the organisation can update their data when renewing their membership or on request to the membership secretary. Network members can update their own profile information to ensure it is accurate themselves using their log-in. Newsletter list subscribers can amend their data by using a link in each newsletter. 8. We will not ask or require individuals to provide personal data on social media which we do not control. Individuals may of their own volition post personal information to our social media addresses or our website. Social media accounts that we have are set out in Appendix 2. 9. We will keep Network member data and newsletter list data as long as the subscription remains in force. We will keep member data for up to two years after a member s subscription lapses. 10. We will respond to all requests relating to access, rectification, erasure, restriction of processing or objection in line with data subjects rights. Data subjects can make such requests by email to info@sustainablehackney.org.uk or in writing to the address of the organisation. See Appendix 2 for details of rights and how we respond to them. 11. We will use our best endeavours to ensure data is protected from loss and not transferred outside the EEA without adequate protection. a. We have checked and are satisfied with the data privacy and security policies of our non EEA data processing partners, Ning (network members) and Mailchimp (newsletters). b. We have set up an EU Privacy Shield agreement with Mailchimp. c. We will limit access to personal data to those who need it for their role. d. We will ensure that personal electronic data is password protected. e. We will avoid inadvertent disclosure of personal emails by using BCC where appropriate. f. We will make regular backups of member data, network data and mailing list data, which will be kept secure. 12. We will report any substantial data breach to the Information Commissioner and, where appropriate, to the data subject. Responsibilities Review Status The Website Officer is the lead on data protection, and on the implementation of this policy, and reports to the Steering Group. Steering Group members have a responsibility to ensure the policy is adhered to when they handle personal data as part of their role. Where personal data is handled by members or volunteers working on behalf of they will be required to comply with this policy. This policy will be reviewed and updated at least annually. Approved 25/07/2018, next review July 2019. Data Protection Policy Page 2

Appendix 1 - Legal basis of processing Data Legal bases Used for Membership application Contract: Members pay a voluntary subscription to join the organisation. Communicating with members about their membership, eg subscriptions, renewals, Network membership newsletter list newsletter list Hackney Food Partnership list Hackney Green Drinks newsletter list Contract: network members sign up to join a social network and provide data for their network profile. positively opted in when becoming a network member, or meetings of the group. Managing their membership of the network. Hackney Food Partnership Hackney Green Drinks Data Protection Policy Page 3

Appendix 2 - Social Media Accounts Project Account Facebook Facebook Twitter Twitter Instagram Data Protection Policy Page 4

Appendix 3 - Data Subject s Rights Where a data subject makes a request we will initially respond by confirming their identity to avoid the potential to disclose data inadvertently to someone else. We can do this for example by ensuring they have control of the relevant email account, or know information that only the data subject could be expected to know. We will use our best endeavours to respond initially within 7 days, and to complete a request within 30 days of confirming the identity of the requester. We will let data subjects know that they have the right to complain to the Information Commissioner if they are not satisfied with our response. If we can t comply, eg in the case of requests that are excessive, imprecise or unfounded, we will communicate this to the data subject and let them know they have the right to complain to the Information Commissioner. Right Access Rectification Erasure Restriction of processing Objection How we respond Provide links to or screenshots or copies of data we hold on the subject. We will correct the data or provide instructions how the data subject can correct the data themselves. We will erase the data or provide instructions how the data subject can erase the data themselves. Where a data subject asks us not to process their data in a particular way we will comply with their request. Where a data subject objects to the way we have processed their data we will agree with them an appropriate response eg erasure or restriction of processing. Data Protection Policy Page 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback