Old Harveians’ Data Protection Policy
This data protection policy regulates how the Old Harveians’ processes and stores personal data of its members. It applies to all officers, and members of the Association. Its purpose is to ensure that the Old Harveians’ complies with the law and with high data protection standards.
In this policy “personal data” means any recorded information which identifies a living individual.
As a membership organisation the Old Harveians’ processes, retains and shares personal data of members for the purposes set out in the Data Protection Notice. Where the Old Harveians’ contracts with a member it may also process, retain and share personal data of that member for all lawful purposes related to that contractual relationship.
The Old Harveians’ shall not collect or store personal data of members for any other purposes.
2. Appointment of a Data Protection Officer
The Old Harveians’ shall appoint a Data Protection Officer who will oversee compliance with data protection law and will act as a point of contact for members and the Information Commissioner’s Office (the “ICO”). The Data Protection Officer shall have a direct line of communication with the Executive and shall have, or shall undergo training to ensure that he has, knowledge of data protection law and practices.
3. Members’ data rights
A member may request that the Data Protection Officer:
a. provides him with a copy of all personal data that the Old Harveians’ holds about him. The Data Protection Officer shall promptly provide a copy of all information required to be disclosed by law.
b. rectifies any incorrect personal data held by the Old Harveians’ about him. The Data Protection Officer shall promptly consider such a request and respond to it in accordance with the law.
c. stop the Old Harveians’ from some or all of its processing of his personal data. The Data Protection Officer shall promptly consider such an objection and respond to it in accordance with the law.
4. Deletion of personal data
A member may resign from the Old Harveians’ at any time. After it has processed such resignation(s) the Old Harveians’ shall delete personal data that it holds about that member as set out in the Data Protection Notice.
5. Sharing data with third parties
As a membership organisation the Old Harveians’ does not share any data.
It will not share personal data of members for any other reason unless it has the consent of the relevant member.
6. Data Protection Notice
The Old Harveians’ shall publish a Data Protection Notice so that it is available to members. The Notice shall comply with the requirements of data protection law and among other things shall inform members how their personal data will be used by the Old Harveians’ and how they may contact the Old Harveians’ Data Protection Officer.
7. Data security
The Old Harveians’ shall periodically review the security of its records and processing activities and shall take appropriate steps to ensure the confidentiality, integrity and availability of personal data that it holds.
8. Registration with ICO
The Old Harveians’ shall maintain its annual registration with the ICO.
9. Reporting breaches to the Data Protection Officer
Actual or potential breaches of this policy, or of data protection law by the Old Harveians’, shall be reported immediately to the Data Protection Officer. Breaches shall be reported if required by the Data Protection Officer to the ICO or to the member(s) whose data is affected. Normally the Data Protection Officer shall not report breaches without prior consultation with the Old Harveians’ Executive.
Date policy adopted: 1st May 2018