Privacy Policy
1. General Statement of Duties
The Newcastle Business Forums (NBF) is required to process relevant personal and sensitive personal data regarding applicants, beneficiaries, donors, leaders, and other volunteers as part of its operation and shall take all reasonable steps to do so in accordance with this Policy. To achieve this, the NBF endeavours to comply with the Data Protection Principles (‘the Principles”) contained in the Data Protection Act 1998.
The NBF is registered with the Data Protection Commissioner.2. The Principles
The NBF shall as far as is reasonably practicable ensure all data are:-
1) Processed fairly and lawfully
2) Obtained for specified purposes and only processed in accordance with those purposes
3) Adequate, relevant and not excessive
4) Accurate and up-to-date
5) Not kept for longer than necessary
6) Processed in accordance with the data subject’s rights
7) Kept secure
The Newcastle Business Forums (NBF) is required to process relevant personal and sensitive personal data regarding applicants, beneficiaries, donors, leaders, and other volunteers as part of its operation and shall take all reasonable steps to do so in accordance with this Policy. To achieve this, the NBF endeavours to comply with the Data Protection Principles (‘the Principles”) contained in the Data Protection Act 1998.
The NBF is registered with the Data Protection Commissioner.2. The Principles
The NBF shall as far as is reasonably practicable ensure all data are:-
1) Processed fairly and lawfully
2) Obtained for specified purposes and only processed in accordance with those purposes
3) Adequate, relevant and not excessive
4) Accurate and up-to-date
5) Not kept for longer than necessary
6) Processed in accordance with the data subject’s rights
7) Kept secure
3. Personal Data
Personal data cover both facts and opinions about an individual. It includes information necessary for applicants, beneficiaries, donors, leaders, and other volunteers such as name and address; it may also include information about the person’s health and appraisals.
4. Processing of Personal Data
An individual’s consent may be required for the processing of personal data unless other processing is necessary for the performance of any contract. Any information which falls under the definition of personal data will remain confidential and will only be disclosed to third parties with the consent of the individual.
5. Sensitive Personal Data
The NBF may, from time to time, be required to process sensitive personal data regarding applicants, beneficiaries and leaders. Where sensitive personal data are processed by NBF, the explicit consent of the individual will generally be sought in writing. Sensitive personal data could include:
ñ medical information
ñ religious or other beliefs
ñ education and training details
ñ family lifestyle and social circumstances
ñ financial details
ñ physical or mental health or condition
ñ the commission or alleged commission of an offence
6. Rights of Access to Information
Individuals have a right of access to information held by the NBF. Any individual wishing to access his/her personal data should make a request in writing to the Chair of The Management Board. The NBF will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within 40 days for access to records and within 21 days to provide a reply to an “access to information” request. The information will be imparted to the individual as soon as is reasonably possible after it has come to the NBF’s attention.
7. Exemptions
Certain data are exempted from the provisions of the Data Protection Act. These include the following: The prevention or detection of crime. Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon the NBF. Employment and other references given by the NBF.
8. Accuracy
The NBF will endeavour to ensure that all personal data held in relation to applicants, beneficiaries, leaders, donors and other volunteers are accurate. Individuals must notify the Chairman of any changes to information held about them. An individual has the right to request that inaccurate information about them be erased.
9. Data Protection Controller
The NBF has appointed the Chair of The Management Board as Data Protection Controller. Day-to-day responsibility is undertaken by the manager of the C-Hub and by the communications team. They will endeavour to ensure that all personal data are processed in compliance with the principles of the Data Protection Act as stated on the previous page.
10. Enforcement
If anyone believes that the NBF has not complied with this Policy or acted in accordance with the Data Protection Act, the individual should inform the Chairman and should also notify the Data Protection Controller appointed by the NBF.
11. Information Security Policy
Personal or sensitive personal data can only be disclosed to authorised persons on a need to know basis and with the consent of the individuals concerned. No personal or sensitive personal data can be disclosed without authorisation from the Data Protection Officer. Any nomination papers, additional information, interview notes etc. will be stored by named Management Board members in their homes and will only be accessible to
authorised personnel. All information kept on authorised computers will be password-protected. Backup copies of information stored on computers will be made regularly and will be kept off-site in a secure place.
Official papers must be kept in a secure place and only accessible to authorised personnel. All such papers used in for example interviewing candidates for posts will be collected in after the interviews and shredded.
Information provided to NBF Area Chairman in order that they can carry out their duties will be destroyed as soon as they are no longer needed. Personal and sensitive personal data will only be kept as long as is necessary. All personnel involved in any way with the handling of personal and sensitive personal data will be made aware of NBF’s data protection policy, security systems and procedures. All breaches of security will be investigated should they occur
12. Data Protection Act 1998 – Protection of Personal Data
The Newcastle Business Forums is registered under the 1998 Act.
Data Protection concerns safeguarding data about individuals to maintain their privacy and good information management practice. Data Protection covers “manual” records including paper, microfilm, and other media as well as those processed by information technology of any kind.
13. Data Protection Principles
All Management Board, and those acting on their behalf should be aware of the 7 Data Protection principles:
1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained for one or more specified and lawful purposes.
3. Personal data shall be adequate, relevant and not excessive relative to those purposes.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data shall not be kept for longer than is necessary for those purposes.
6. Personal data shall be processed in accordance with the rights of Data Subjects under the Act.
7. Personal data shall be protected from unauthorised or unlawful processing, and against accidental loss or destruction.
14. Subjects in relation to the processing of personal data.
Personal data is any information about a living identifiable individual. Any NBF member may make a formal request to the Chairman for a full copy of their own data. Any person who believes that the NBF holds personal data concerning them can apply for a search and disclosure. A charge may be levied and proof of identity will be required. Detailed requirements of the Act can be discussed with the NBF Data Protection Officer,
whose name is available from the Chairman.
15 Summary:
Treat personal data with care and keep it up to date
Do not pass on personal data to unauthorised persons.
Compiled by Mike Carter
February 2012