Data Protection Policy

SHAMBELLIE HOUSE TRUST

DATA PROTECTION POLICY

This Policy is prepared in response to the requirements of the Data Protection Act 2018 with regard to the Trust being a Charitable Organisation.

Personal Data of members of the Trust is kept for the purpose of communication only between members and the Officers of the Trust, member to member, only.  The Trust may also keep details of non-members solely for the purpose of keeping them informed of the progress of the project.

Data will not be made available to third parties under any circumstances.

Details of the type of data collected and the location of its storage, must be kept and reviewed annually by the Board.

The Officers of the Trust must be regularly informed of any changes to the requirements of data Protection law

Documentation is to be kept as to what personal data is held, whence it came and with whom it is shared.  This can be updated when members’ subscriptions are renewed or membership is deleted.

Privacy Notices must be issued to joining members and brought to the notice of members at renewals. This notice must include the lawful basisfor processing the data, the identity of the enquirer and how the Trust intends to use the information, how long it is intended to retain it and that members have a right to complain to the Information Commissioners Office (ICO) ico.org.uk if they have concerns at the way the Trust handles their data.

All members, past and present, will have the following rights regarding their personal data held in the Trust files;

  • The right to be informed
  • The right to rectification
  • The right of access
  • The right to erasure
  • The right to restrict processing
  • The right to object
  • The right not to be subject to automated decision-making.

If requested, an individual’s information will be permanently deleted for the Trust’s Data Base(s) or a copy can be provided electronically via an e-mail to the data address or by normal mail

The Lawful Basis for processing personal data is established by the acceptance of membership or by confirmation of a request to be entered onto a mailing list.  Consent to have personal data included on the database, is also granted by acceptance of membership.

The Personal Data that the Trust wishes to record comprises Name, Contact Address, Contact Telephone Number and E-Mail Address.  However the type and amount of personal data is at the decision of the individual.

Persons under the age of 16 will be regarded as childrenfor the purpose of this Policy.  The Trust will verify the individual’s age and obtain parental or guardian consent

On the detection of any breach of the data base the Trust must timeously inform the individual(s) whose data has been breached so that person may take appropriate action.  The Trust must then inform ICO if the breach would be considered a risk to the individual’s rights and freedoms. 

Protection of the Data is to be the responsibility of the Trust’s Secretary.