Data Protection Policy
Rosemarkie Amenities Association (RAA)
The General Data Protection Regulations cover information about individuals which is held on computer or in a manual filing system, or which is recorded with the intention that it will be part of such systems. The Act applies to people or organisations that use or hold such personal data.
The GDPR are based on the right of the individual (the Data Subject) to know what information is being held about them, and how the information will be used and stored. The GDPR set out principles to ensure that personal data is:
processed fairly and lawfully
obtained only for specified purposes
relevant to the purposes for which it is processed
accurate and kept up to date
not kept for longer than is necessary
processed according to the rights of the Data Subject under the regulations
protected against unauthorised processing, accidental loss or damage
not transferred to areas outside of the European Union (including via websites)
RAA holds personal information on volunteers, member, staff, service users.
RAA seeks to comply with both the letter and the spirit of the regulations.
2. Scope of the policy
All personal records will be kept securely by RAA in accordance with its procedures
RAA staff and volunteers, other than the Company Secretary in the course of their duty, do not have access to information on other staff or volunteers
When staff and volunteers leave, all documents will be kept in accordance with RAA procedures compliant with their legal obligations.
Staff and volunteers have the right to see the information held on them by RAA. Requests should be in writing to the company secretary and RAA will provide a copy of the information within two weeks of receiving the request. No charge is made.
Information about individuals will not be disclosed to any third party outside of RAA without the permission of the individual.
Where photographs of staff and/or volunteers are used to publicise or promote the organisation, permission will be sought from individuals and the photograph used for a specified length of time.
Company Secretary contact firstname.lastname@example.org
update 22/05/18 review date 22/05/19Data Protection Policy ..