Data Protection

SWCAA DATA PROTECTION POLICY

Updated ist April 2018

1. SWCAA holds three types of information which are covered by this policy - organisational information – publicly available information about organisations and some confidential information - personal information – information about individuals such as names, addresses, e-mail addresses and job titles – sensitive personal information – in general this kind of information is only held about employees. Information about organisations is not covered by the Data Protection Act. However, there is sometimes ambiguity about whether certain information is personal or organisational. For instance, the contact details for a developing CVS may be someone’s home address. Also, SWCAA should strive for best practice with regards to organisational information. For these reasons, organisational information is covered by this policy. The organisations and people about which SWCAA holds information are referred to in this policy as data subjects

2. By joining SWCAA you are agreeing to us using the information you provide to keep in contact with you and keep, send you relevant information/newsletters etc and to keep you updated on our services. SWCAA will not hold information about individuals without their knowledge and consent. Your personal details entered during the signup process are protected under the Data Protection Act and the General Data Protection Regulations (GDPR) which come into force in May of this year (2018).

3. SWCAA will only hold information for specific purposes. It will inform data subjects what those purposes are. It will also inform them if those purposes change. The only exception to this is that SWCAA will make it clear to members that it is a condition of their membership that SWCAA will decide what should happen to information supplied about the organisation (but not about individuals within the organisation, other than post holder names).

4. If you no longer wish to be a member of SWCAA please let us know as soon as possible so we can remove you from our database. Information will not be retained once it is no longer required for its stated purpose.

5. SWCAA will seek to maintain accurate information by creating ways in which data subjects can update the information held.

6. Data subjects will be given the option not to receive marketing mailings from SWCAA or other organisations (but see 3 above).

7. Data subjects will be entitled to have access to information held about them by SWCAA.

8. Information about data subjects will never be disclosed to other organisations or to individuals who are not members of SWCAA staff except in circumstances where this is a legal requirement, where there is explicit or implied consent or where the information is publicly available elsewhere. The information you provide to us is strictly for our use only.

9. SWCAA has procedures for ensuring the security of all personal data. Paper records containing confidential personnel data are disposed of in a secure way.

10. SWCAA has a set of procedures covering all areas of its work which it follows to ensure that it achieves the aims set out above.

11. The Chief Executive Officer has been designated as the Data Protection Compliance Officer for SWCAA.

12. At the beginning of any new project or type of activity the member of staff managing it will consult the Chief Executive Officer about any data protection implications.

13. There may be situations where SWCAA works in partnership with other organisations on projects which require data sharing. SWCAA will clarify which organisation is to be the Data Controller and will ensure that the Data Controller deals correctly with any data which SWCAA has collected.

14. When joining SWCAA if you fill out one of our site register forms and sign it you are agreeing to the data you provide being listed on our website. If these details change for any reason it is up to you to contact us to update these details.

15. All new staff will be given training on the data protection policy and procedures.

16. SWCAA will carry out an annual review of its data protection policy and procedures.