DATA PROTECTION POLICY
Eastbourne Talking Newspaper Association (ETNA) is a registered Charity No. 273322 which keeps personal data on individuals who wish to receive recorded material produced by ETNA and on the volunteers and employees who work within the charity. This policy describes how the data is handled and stored.
- Data Protection Principles
ETNA adheres to the principles of data protection set out in the General Data Protection Regulations (GDPR) of 25thMay, 2018 which requires that personal data be:
- Processed lawfully, fairly and in a transparent manner
- Collected only for specific and legitimate purposes
- Adequate, relevant and limited to what ETNA deems necessary
- Accurate and up to date
- Processed in a manner that ensures its security and is protected against unauthorised or unlawful use or accidental loss, destruction or damage
- Made available to individuals who must be allowed to exercise their rights in relation to their personal data
- Accountability and Governance
ETNA is responsible for, and will be able to demonstrate compliance with, the principles listed in paragraph 2. ETNA will ensure, and will provide evidence, that it remains compliant with data protection requirements. ETNA will also ensure that, where necessary, new volunteers and employees will receive induction into how and why data protection is implemented.
- Adequate, Relevant and Limited Data Processing
Volunteers, employees and listeners will only be asked to provide information that is relevant. ETNA will maintain a database that will include, but not necessarily be restricted to, the following information:-
- Full Name
- Postal Address
- Email Address
- Telephone/Mobile Number
- Birth Date (not obligatory)
- Confirmation of visual impairment (if applicable)
Where additional information is required, this will be obtained with the specific consent of the individual who will be informed as to why this information is required and the purpose for which it will be used.
In addition, ETNA will maintain a list of all individuals who leave ETNA by way of cancellation or death for a period of five years for reference purposes. Employees’ data will be retained for six years from the date of their resignation or dismissal.
- Storage and Secure Processing
ETNA has a responsibility to ensure that data is both securely held and processed. This will include:-
- Holding hard copy in a lockable filing cabinet
- Holding data electronically on the Office computer which will be password protected
- Using strong passwords
- Not sharing passwords
- Restricting access only to those volunteers and employees who need the data to carry out their duties
- Paying for firewall protection on all PC’s and laptops used within ETNA
- Data Subjects Rights
ETNA will ensure that an individual’s data is managed in such a way as to not infringe their rights, which are:-
- The right to be informed
- The right of access
- The right to rectification
- The right to restrict processing
- The right to data portability
- The right to object or complain
- The right to withdraw consent
- The right of erasure
Note: complete withdrawal of consent or complete erasure will terminate the individual’s relationship with ETNA and, if applicable, stop any future mailings of recorded material.
- Disclosure to Third Parties
ETNA will not release personal data to a third party, unless:-
- It is authorised to do so
- It is legally required to do so
- It is requested to do so by statutory authorities due to accident or emergency
Any known or suspected breach of personal data will be notified to the individual concerned. ETNA will then seek to rectify the cause of the breach as soon as possible to prevent any further breaches.
As part of the joining process, volunteers, employees and listeners will be asked for their agreement to this policy and thereafter will be treated as having consented to their personal data being processed as described in this document.
- Policy Approval and Review
This policy is agreed by the Trustees of ETNA on 03/09/2018 and will be reviewed on 03/09/2019.