Data Protection Policy​

 

Longthorpe Bowls Club (LBC) needs to keep certain information on its members to carry out its day-to-day operations, to meet its objectives and to comply with legal obligations.

LBC is committed to ensuring any personal data will be dealt with in line with the General Data Protection Regulation (GDPR) which takes effect on 25 May 2018. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document also highlights key data protection procedures within LBC.

This policy covers committee members who need to use the data stored. In line with the Data Protection Act 1998 principles, LBC will ensure that personal data will:

• Be obtained fairly and lawfully and shall not be processed unless certain conditions are met
• Be obtained for a specific and lawful purpose
• Be adequate, relevant but not excessive
• Be accurate and kept up to date
• Not be held longer than necessary
• Be processed in accordance with the rights of data subjects
• Be subject to appropriate security measures

The definition of ‘Processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer.

The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. LBC will seek to abide by this code in relation to all the personal data it processes, i.e.

Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data.

Visibility: Data subjects should have access to the information about themselves that LBC holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data.

Consent: The collection and use of personal data must be fair and lawful and in accordance with the DPA’s eight data protection principles. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.

Access: Everyone should have the right to know the names of LBC’s committee members who have access to their personal data and who has used this data.

Stewardship: Those collecting personal data have a duty of care to protect this data throughout the data life span.

LBC processes the following personal information: name, address, contact details, record of subscription payments, .

Personal information is kept in a Register by the Membership Secretary, who will act as the Data Controller for LBC.

Under the Data Protection Guardianship Code, overall responsibility for personal data in a not for profit organisation rests with the governing body. In the case of LBC this is the Committee, who are its Trustees.

Anyone who processes personal information must ensure they not only understand but also act in line with this policy and the data protection principles.

To meet our responsibilities the Committee will:
• Ensure any personal data is collected in a fair and lawful way;
• Explain why it is needed at the start;
• Ensure that only the minimum amount of information needed is collected and used;
• Ensure the information used is up to date and accurate;
• Review the length of time information is held;
• Ensure it is kept safely;
• Ensure the rights people have in relation to their personal data can be exercised

LBC will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken: different levels of access to ensure that only those with the authority to do so may edit the information; others may have read-only access.

Anyone whose personal information we process has the right to know:
• What information we hold and process on them
• How to gain access to this information
• How to keep it up to date
• What we are doing to comply with the Act.

jpk/April 2018