Data Protection Policy
Name: Stoke Hill Community Association.
Address: St Katherine’s Priory,
St Katherine’s Road,
Email Address: firstname.lastname@example.org
Website: St Katherines Priory
Stoke Hill Community Association
Registered Charity No: 283907
Stoke Hill Community Association (hereafter SHCA) manages St Katherine’s Priory, St Katherine’s Road, Exeter, EX4 7JY as a multi-use, multi generational community centre that is widely used by the people of Stoke Hill and surrounding areas.
Our constitution identifies our object as:
To promote the benefit of the inhabitants of Stoke Hill and the neighbourhood without distinction.
To advance education and provide facilities in the interests of social welfare for recreation and leisure-time occupation with the object of improving the conditions of life for said inhabitants.
To this end we organise SHCA events and also hire out our facilities to a range of organisations, and in doing this we necessarily collect and hold information.
We recognise our responsibility in complying with current General Data Protection Regulation (GDPR) and any associated legislation.
Data Protection Statement
- SHCA is committed to the current General Data Protection Regulations.
- SHCA will ensure that all personal data that it holds will be: • processed lawfully, fairly and in a transparent manner; • collected for specified, explicit and legitimate purposes and not
further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary;
- accurate and kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- SHCA has therefore adopted the procedures set out in this Data Protection Policy in accordance with statutory guidance.
- SHCA is committed to:
- Building a data protection culture where staff, volunteers, members and facility users know how they are expected to treat personal information;
- Implementing a procedure for dealing with concerns regarding data protection.
- SHCA is not responsible for the protection of personal information gathered by non-SHCA users of SHCA facilities.
Systems, Purposes and Processing
SHCA will obtain, hold and process personal data in accordance with current GDPR for the following lawful purposes:
- Trustees, Council members and Executive Committee members. (name, contact details, emergency contact details).
(name, contact details, date of birth).
(name, contact details, emergency contact details).
(name, contact details).
- Individuals are not obliged to provide any personal details, though failure to do so may affect ability to access all services.
- We will manage information solely for the purpose(s) that it has been collected, providing individuals with information about SHCA activities and maintaining health and safety.
- Information will be held securely and only accessed by the appropriate Executive Committee member. The Chair and Secretary will have access alongside Membership, Bookings and specific activities Lead Persons.
- We may disclose information if required by law or to enforce our legal rights.
- Information will be reviewed annually in line with membership renewal and AGM cycles, at a change in individual circumstances or at the request of the particular individual. Personal information will be deleted when no longer required for a specified, explicit and legitimate purpose.
- Individuals will have reasonable access to the personal information that they have provided. This can be accessed through contacting the SHCA Secretary, in writing/email.
- At any time should an individual want to have their personal information removed this can be done through contacting the SHCA Secretary, in writing/email.
- If an individual feels that their right to privacy has been infringed this can be addressed through contacting the SHCA Secretary, in writing/email. Individuals also have a right to lodge a complaint with the data protection authority, the ICO.
All staff and volunteers have a responsibility to follow the guidance laid out in this policy and related policies, and to pass on any related concerns using the required procedures.
We expect all staff and volunteers to promote good practice by being an excellent role model, contribute to discussions about data protection and to positively involve people in developing safe practices.
Additional specific responsibilities
Trustees have responsibility to ensure compliance with current Data Protection legislation and associated government guidance.
The Designated Data Protection Lead is the SHCA Secretary. This person will lead the SHCA response to any allegation of a breach of GDPR.
Communicating the Data Protection Policy
SHCA will make staff, volunteers, members and facility users aware of the Data Protection Policy through the SHCA website, on-site in the Policies and Procedures file and through letting agreements.
This policy will be reviewed annually, and more often if required if there are changes in circumstances or legal requirements.
This policy will be reviewed by the Data Protection Lead and presented to the full Executive Committee and Trustees meeting for agreement.
This policy was last reviewed on: 14th April 2021
Signed: Tim Payne (Interim Chair)