websites
Data Protection Policy PDF Print E-mail

Data protection policy

 

ICT holds three types of information which are covered by this policy
- organisational information – publicly available information about organisations and some confidential information
- personal information – information about individuals such as names, addresses, job titles
sensitive personal information – in general this kind of information is only held about employees and some clients. There are, however, instances where sensitive information is held about other people.

Information about organisations is not covered by the Data Protection Act.
However there is sometimes ambiguity about whether certain information is personal or organisational. For instance the contact details for a community organisation may be someone’s home address. Also ICT should strive for best practice as regards organisational information. For these reasons organisational information is covered by this policy.

The organisations and people about which ICT holds information are referred to in this policy as data subjects

  • ICT will not hold information about individuals without their knowledge and consent.
  • ICT will only hold information for specific purposes. It will inform data subjects what those purposes are. It will also inform them if those purposes change. The only exception to this is that ICT will make it clear to members that it is a condition of their membership that ICT will decide what should happen to information supplied about the organisation (but not about individuals within the organisation, other than postholder names).
  • Information will not be retained once it is no longer required for its stated purpose.
  • ICT will seek to maintain accurate information by enabling data subjects to update the information held by telephone, post, email or personal visit.
  • Data subjects will be entitled to have access to information held about them by ICT.
  • Information about data subjects will not be disclosed to other organisations or to individuals who are not members of ICT staff or Trustee Board except in circumstances where this is a legal requirement, where there is explicit or implied consent or where the information is publicly available elsewhere.
  • ICT has procedures for ensuring the security of all personal data. Paper records are held in a locked cabinet, and computerised information is password protected. Paper records containing confidential personnel data are disposed of in a secure way.
  • ICT has a set of procedures covering all areas of its work which it follows to ensure that it achieves the aims set out above.
  • At the beginning of any new project or type of activity the member of staff managing it will consult the Chairman about any data protection implications.
  • There may be situations where ICT works in partnership with other organisations on projects which require data sharing. ICT will clarify which organisation is to be the Data Controller and will ensure that the Data Controller deals correctly with any data which ICT has collected.
  • All new staff and trustees will be given training on the data protection policy and procedures.
  • ICT will carry out an annual review of its data protection policy and procedures.
Last Updated on Tuesday, 15 May 2018 14:39