ICO DATA PROTECTION

The Earl's Court Society is registered with the Information Commissioners Office for Data Protection purposes. A copy of our current certificate is here to view along with a copy of our Data Protection statement below 

General Data Protection Regulations and Procedure

Policy Statement


EARL’S COURT SOCIETY

 

 

 

General Data Protection Regulations and Procedure

Policy Statement

Your privacy is important to us

 

1.     Earls Court Society ( ECs) uses and stores personal information about its members. It is of great importance that the information we store is handled lawfully and appropriately in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).

2.     ECS takes its data protection duties seriously and respects the trust placed in us to use any personal information appropriately and responsibly. 

About This Policy

 

1.     This policy sets out the basis on which we process any personal data we collect or process. This policy may be amended at any time, and members will be notified of any changes

2.     The Chair of ECS  is responsible for ensuring compliance with the Data Protection Requirements and with this policy. Any questions about this policy or any concerns that the policy has not been followed should be referred in the first instance to the Chair.

 

What is Personal Data?

1.     Personal data means data (either stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data

2.     Processing covers any/all activity that involves the use of a persons personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes the transferring of personal data to third parties.

Data Protection Principles

1.     Any person processing personal data must ensure that data is:

a.     Processed lawfully and done in a transparent manner

b.     Collected only for specified and legitimate purposes .

c.     Relevant and limited to only what is necessary for the intended purposes.

d.     Accurate, and kept up-to-date.

e.     Processed in line with an individual’s rights and in a way that ensures the necessary security of personal data, including protecting against unauthorised or unlawful processing , accidental loss, destruction or damage, using appropriate measures.

Fair and Lawful Processing

 

1.     The Data Protection Requirements are not intended to prevent processing of personal data, but to make sure it is done in a fair manner and without affecting the rights of an individual.

2.     ECS will only collect and process an individual's personal data for the purposes of maintaining a membership register for . The information stored in the membership register will be processed purely in order to communicate with the member about ECS  business or other relevant information that ECS has been passed which its members need to see .

Processing for Limited Purposes

 

1.     ECS will collect and process personal data for the specific purposes set out above . The data will be received directly from the data subject, for example, by completing forms or by mail, e-mail, telephone, or otherwise. All personal information stored in the membership register is used for ECS purposes only.

2.     Personal data will be stored on file for as long as the individual remains a member of ECS

3.     The personal data will be stored on file which will only be available to Committee members.

Accurate and timely Data

1.     ECS will take all reasonable measures to make sure that any personal data held by ECS  is accurate and is kept up to date.

2.     We will take all reasonable steps to destroy and amend inaccurate or out-of-date data, and to destroy any data which is no longer required.

3.     We will erase any personal data should a member decide not to renew his/her subscription to ECS

 

Processing in line with Data Subjects’ Rights

 

1.     We will process all personal data in line with data subjects’ rights, in particular their right to:

a.     Confirmation as to whether personal data concerning the individual is being processed

b.     Request access to any data held about them

c.     Request rectification, erasure or restriction on processing of their personal data

d.     Make a complaint to a supervising authority.

 

Data Security

1.     ECS will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

2.     ECS will put in place procedures to maintain security of all personal data from collection to destruction.

3.     ECS will maintain security of data by protecting the confidentiality, integrity and availability of the personal data, when:

a.     Confidentiality means that only elected committee members or any member acting on the committee’s behalf can access it

b.     Integrity means that personal data should be accurate and suitable for the purpose for which it is processed

c.     Availability means that authorised users should be able to access the data if they need it for authorised purposes.

 

Subject Access Requests

1.     All ECS members have the right to make a formal request to see any and all information we hold about them. Such requests should be directed to the Chair and the information will be provided as soon as is possible, at the latest within one month.












.