DATA PROTECTION POLICY

Similar documents
This information, or "personal data" as it is often referred to, must be processed according to the principles contained within the Regulation.

DATA PROTECTION POLICY. Little Baddow Parochial Church Council

Document Title. Date coming into force: Review Date: Edition No:

Southern Golden Retriever Rescue Data Protection Policy

Appropriate Policy Document

PROPFIN LTD. Data Protection Policy

Data Protection Policy. Newbury Academy Trust

Data Protection: Fair processing of student personal information Contents

GUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

DATA HANDLING AGREEMENT

All Sorts UK Limited Data Protection Policy 17 th May 2018

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

Fitzwilliam College Data Protection Policy

London Borough of Redbridge

PRIVACY POLICY OF BPO INSOLVENCY LIMITED (COMPANY REGISTRATION NO ) REGISTERED OFFICE 37 WALTER ROAD SWANSEA SA1 5NW

Privacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.

EU Data Processing Addendum

Man and Machine - Data Protection Policy

TEREX CORPORATION DATA PROTECTION POLICY

DATA PROCESSING TERMS DEFINITIONS

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

Mobius Life Limited Data Privacy Notice

Data Protection Cayman Islands

MONASH UNIVERSITY PRIVACY COMPLIANCE MANUAL

Multi Agency Assessment Panels Data Protection Protocol

DATA PROCESSING TERMS AND CONDITIONS

DATA PROTECTION ADDENDUM

* Unless otherwise indicated, this policy will still apply beyond the review date.

Data Processing Appendix

1.1. This policy lays out how Glebe Primary School will comply with its responsibilities under the Data Protection Act 1998.

POSITIVE SOLUTIONS FAIR PROCESSING NOTICE

Legal Compliance Education and Awareness. Privacy Act (Commonwealth)

What is a Fair Processing Notice (FPN)? To ensure that we process your personal data fairly and lawfully we are required to inform you:

KCSP Data Protection Policy

DATA PROTECTION NOTICE

DATA PROCESSING AGREEMENT

EQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY

ASTRAZENECA GLOBAL POLICY DATA PRIVACY

Amgen Binding Corporate Rules (BCRs) Public Document

Fair Processing Notice

Aegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy

ERGO Versicherung AG UK Branch Data Privacy Notice

BINDING CORPORATE RULES

Data Processing Addendum

Welcome To Your Data Protection Journey. Paula Tighe Information Governance Executive

Moxtra, Inc. DATA PROCESSING ADDENDUM

Data Protection Policy

DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY

Privacy Notice Student Loans Company Ltd

Data Protection Policy

European Union General Data Protection Regulation

BDML Connect Ltd Privacy Policy_v1.0_March updated Markerstudy Group 2018 Page 1 of 11

ROSETTA STONE LTD. PROCESSING ADDENDUM

The Controller and Processor Data Protection Binding Corporate Rules of BMC Software

SUMMARY OF BINDING CORPORATE RULES

DATA PROCESSING ANNEX

Data held by BASC clubs and syndicates - a brief guide

Big Web Warehouse Ltd GDPR Data Processor Policy Warehouse and Fulfilment April 2018

The following guidelines have been developed to assist all staff with the adherence to the Privacy & Data Protection Act (Vic) 2014 (the PDP Act ).

Privacy Policy. HDI Global SE - UK

Privacy & Data Protection Procedure-Box Hill Institute Group

PERSONAL DATA PROCESSOR AGREEMENT

Data Protection Act Policy

WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?

Privacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.

The Protection of Personal Information (POPI) Act

The New EU General Data Protection Regulation (GDPR)

Data Protection Privacy Notice for people not directly involved in the accident

AMIST Super. Privacy Policy

PROTECTION OF PERSONAL INFORMATION POLICY (PoPI)

University of Wollongong

BASWARE PERSONAL DATA PROCESSING APPENDIX

NA Data Privacy Policy

DATA SERVICES CONTRACTS

ON24 DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM

YMCA SOUTH AUSTRALIA Privacy Policy

TERMS AND CONDITIONS FOR THE SUPPLY OF GOODS AND/OR SERVICES TO THE UNIVERSITY OF READING

Privacy Policy. Naval Group

ERGO Versicherung AG UK Branch Data Privacy Notice

EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES

Privacy Policy. Amendment History. Trustee Name

What types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?

Privacy. Policy. Purpose. Coverage. Policy. Code and version control:

THE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL

Voyages Privacy Policy

EU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CLOUDFLARE CUSTOMERS

DATA PROCESSING AGREEMENT

1.5 This policy meets the guidance provided by the ICO on data security breach management.

Privacy Statement for Intermediaries

The Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice

INTERNATIONAL SOS. Data Protection Policy. Version 1.8

SCCCI Personal Data Protection Policy

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)

What does GDPR and the new Data Protection Act mean to Brokers/Intermediaries?

Privacy Notice under the General Data Protection Regulation (GDPR)

ARE YOU READY FOR THE NEW DATA PROTECTION LAWS?

DATA HANDLING AGREEMENT

Transcription:

DATA PROTECTION POLICY Author: Mrs A Taylor Approval needed Board of Directors by: Adopted (date): 6 December 2016 Date of next review: December 2017

Data Protection Policy Introduction The de Ferrers Trust is committed to a policy of protecting the rights and privacy of individuals (including students, staff and others) in accordance with the Data Protection Act. The Trust needs to process personal information about its staff, students, and other individuals it has dealings with for administrative purposes (e.g. to recruit and pay staff, to administer programmes of study, to record progress, and to comply with legal obligations to funding bodies and government). To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully. Any breach of the Data Protection Act 1998 or the Trust Data Protection Policy is considered to be an offence, and in that event relevant disciplinary procedures will apply. As a matter of good practice, other agencies and individuals working with the Trust, and who have access to personal information, will be expected to read and comply with this policy. Background to the Data Protection Act 1998 The Data Protection Act 1998 enhances and broadens the scope of the Data Protection Act 1984. Its purpose is to protect the rights and privacy of living individuals and to ensure that personal data is not processed without their knowledge, and, wherever possible, is processed with their consent. Definitions (Data Protection Act 1998) Personal Data Data relating to a living individual who can be identified from that information or from that data and other information in possession of the Data Controller. Includes name, address, telephone number and ID number. Also includes expressions of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of that individual. Sensitive Data Personal data consisting of information as to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual life or criminal convictions. Sensitive data is subject to much stricter conditions or processing. Data Controller Data Subject A person (or organisation) who determines the purposes for which and the manner in which any personal data is to be processed. Any living individual who is the subject of personal data held by an organisation Page 2 of 5

Processing Obtaining, recording or holding the data or carrying out any operations on the data, including organisation, adaptation or alteration of the data; retrieval, consultation or use of the data; disclosure of the data by transmission, dissemination or otherwise making available; alignment, combination, blocking erasure or destruction of the information or data. Third Party Any individual/organisation other than the data subject or the data controller Relevant Filing A relevant filing system exists where records relating to individuals System (such as personnel records) are held in a sufficiently systematic, structured way as to allow ready access to specific information about those individuals. Personal data as defined and covered by the Act can be held in any format: electronic (including websites and emails), paper-based, photographic, etc. from which the individual s information can be readily extracted. Responsibilities under the Data Protection Act The Trust is a Data Controller under the Act. The Trust will maintain a Data Protection register entry with the Information Commissioner s Office (ICO), and will ensure that all personal data obtained, held, used or disclosed conforms to the details recorded within that registration. The Trust s Finance Director will ensure that the Data Protection Registration is reviewed and renewed annually. In addition, the Trust will ensure that: A member of the Leadership Team at each Academy within the Trust has overall responsibility for the implementation of Data Protection at that Academy; The Leadership Team at each Academy within the Trust and all those in managerial and supervisory roles at that Academy are responsible for developing and encouraging good information handling practice at the Academy and within the Trust as a whole; All Trust staff are aware of their responsibilities under the Data Protection Act; Compliance with data protection legislation is the responsibility of all employees of the Trust who process personal information. Employees of the Trust are responsible for ensuring that any personal data supplied, is accurate and up to date; All Trust staff are trained and supported to deal effectively with the requirements of the Act, including the need to deal with subject access requests; The requirements of the Act are considered in decision making processes, such as the development of policy and procedures and the design and the implementation of information systems; and The operations of the organisation are developed to meet the highest standards of openness and accountability. Page 3 of 5

Data Protection Principles All processing of personal data must be done in accordance with the eight data protection principles. 1. Personal data shall be processed fairly and lawfully. 2. Personal data shall be obtained for one or more specific and lawful purposes and not processed in a manner incompatible with those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose(s) for which it is held. 4. Personal data shall be accurate and, where necessary, kept up-to-date. 5. Personal data shall be kept only for as long as necessary. 6. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Security of Data All staff are responsible for ensuring that any personal data (on others) which they hold is kept securely and that it is not disclosed to any unauthorised third party. All personal data should be accessible only to those who need to use it. A judgement should be formed based upon the sensitivity and value of the information in question, but personal data should be kept: In a lockable room with controlled access, or In a locked drawer or filing cabinet, or If computerised, password protected and/or encrypted or Kept on storage media which is secure, encrypted where relevant. Care should be taken to ensure that computer screens are visible only to authorised staff and that computer passwords are kept confidential. Computers should not be Page 4 of 5

left unattended without password protected screen-savers and manual records should not be left where they can be accessed by unauthorised personnel. Care must be taken to ensure that appropriate security measures are in place for the deletion or disposal of personal data. Manual records should be shredded or disposed of as confidential waste. Hard drives of redundant computers should undergo secure electronic deletion before disposal. This policy also applies to those who process personal data off-site. Off-site processing presents a potentially greater risk of loss, theft or damage to personal data. Staff should take particular care when processing personal data at home or in other locations outside the Trust. Disclosure of Data The Trust must ensure that personal data is not disclosed to unauthorised third parties which includes family members, friends, Government Bodies, and in certain circumstances, the Police. All staff and students should exercise caution when asked to disclose personal data held on another individual to a third party. For instance, it would usually be deemed appropriate to disclose a colleague s work contact details in response to an enquiry regarding a particular function for which they are responsible. However, it would not usually be appropriate to disclose a colleague s work details to someone who wished to contact them regarding a nonwork related matter. The Act permits certain disclosures without consent so long as the request is supported by appropriate paperwork. Privacy Notice Each Academy within the Trust has its own Privacy Notice for students which defines how we process personal information on students, and which other organisations we will share personal data with. These Privacy Notices are published on the relevant Academy s website, and it is reviewed annually. Retention of Data Personal data will be retained in accordance with the Trust s Record Management Policy. Page 5 of 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback