Data Protection Policy
Organisation Details
Organisation: No.28 Belper Community Interest Company – 15906 162
Data Protection Act 2018 – DPA
Responsible Person: Pippa Mansel
Register of Systems – a register of all systems or contexts in which personal data is processed by the Organisation.
Principles:
We are committed to processing data in accordance with our responsibilities under the DPA, namely that personal data shall be:
. processed lawfully, fairly, and in a transparent manner in relation to individuals;
. collected for specified, explicit, and legitimate purposes and not further processed;
. limited to what is necessary for the purposes for which they are processed;
. accurate and kept up to date with any inaccuracy erased or rectified without delay;
. kept for no longer than is necessary;
. processed in a manner that ensures its security, accidental loss or damage.
General Provisions:
This policy which will be reviewed annually applies to all data processed by the Organisation and the named Responsible Person shall take responsibility for its on-going compliance.
Individuals have a right to access their personal data and any such requests shall be dealt with in a timely manner.
Lawful Purposes:
All data that is processed by the Organisation must be done lawfully via consent, contract, legal obligation, vital interests, public task, or legitimate interests. Evidence of opt-in consent shall be kept with personal data. Individuals will have the option to revoke their consent and evidence of such revocation must be reflected in the Organisation’s systems.
Minimisation Of Data:
Personal and other data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed. It shall be kept for no longer than is necessary for those purposes and shall be reviewed annually.
Security:
The Organisation will ensure that personal data is stored securely using software that is kept up-to-date and is limited to personnel who need such access. Personal data will be deleted safely when applicable and should be irrecoverable. Appropriate back-up and disaster recovery solutions will be in place.
Breach:
In the event of a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal data, the Organisation will act promptly to assess the risks to people’s rights and freedoms and if appropriate report this breach to the ICO – No.28 Belper Community Interest Company ICO Reg. No. ____________