Date: February 2018
The Data Protection Act controls how personal information is used by organisations. Organisations have to follow the strict rules set out in the data protection principles and must ensure that information is:
- Used fairly and lawfully
- Used for limited and specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Kept for no longer than is absolutely necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside of the UK without adequate protection
ORC and personal information
Personal Information collected by the ORC is limited to information supplied by members (eg name, address , contact details), similar information from suppliers, stakeholders and correspondents ; and information related to employees.
Meeting legal requirements
The ORC conforms with the requirements of the legislation by
- Using the information only for the purpose for which it is collected. Collect and process information only to the extent necessary to fulfil operational and legal requirements.
- Making clear what the information is required for.
- Holding information securely: where computerised, password protected; and where manual records in locked cabinet or drawer
- Not disclosing information to those outside the ORC responsible for administering the data unless specifically requested by the data subject
- Destroying the data in a way that data cannot be reconstructed and processed by third parties
- Only providing references with the subject data’s request
Monitoring and reviewing the holding of data
Ensuring individuals are aware of their right of access to their personal data held by the organisation.
Overall Responsibility for the Policy
The Chairman is responsible for the operation of the Data Protection Policy relating to the Overton Recreation Centre. Each club and society has responsibility for the management of its own affairs.