|Approved||8th November 2018 by FECA Finance and General Purposes Committee (F&GP)|
1. General provisions
- FECA is committed to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR).
- This policy applies to all personal data processed by FECA.
- The FECA Chair (or their delegate) take responsibility for FECA’s ongoing compliance with this policy. Any delegation of responsibilities will be recorded in the F&GP committee minutes.
- This policy will be reviewed and approved by the Finance and General purposes committee at least every 2 years.
- Based on guidance from the Information Commissioner’s Office (ICO), FECA is exempt from registration with the ICO and FECA does not need to appoint a Data Protection Officer.
2. Lawful, fair and transparent processing & Accuracy
- To ensure its processing of data is lawful, fair and transparent, FECA maintains a Register of Systems.
- The Register of Systems is reviewed at least every 2 years.
- Individuals have the right to access their personal data and any such requests made to FECA will be dealt with in a timely manner.
- FECA will take reasonable steps to ensure personal data is accurate.
3. Lawful purposes
- All data processed by FECA will be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
- FECA will note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent will be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in FECA’s systems.
4. Public Notice
- The Privacy Notice shown in Appendix 1 will be made available on the FECA website.
- A copy of the latest approved policy will be included in the minutes of the F&GP meeting at which it was approved, and made available on the FECA website.
5. Data minimisation
- FECA will ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- When a member organization leaves FECA, permission will be sought to maintain the name of the organization and an individual to remain as a contact for that organization; other individuals associated with that organization will be removed from FECA’s systems. If consent is not provided the organization and all associated individual details will be removed from FECA’s systems, excepting financial records that are required by law.
- When an individual member leaves FECA, their details will be removed from FECA’s systems.
- Member accounts and contacts will be reviewed every two years.
- Accounts that have been inactive (i.e. in a non-member status) for more than two years will be removed, excepting financial records that are required by law, unless consent has been sought as a result of the review and provided by the remaining contact for the account to remain on the systems.
6. Security & Breach
- FECA will ensure that personal data is stored securely.
- Access to personal data will be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- In the event of a breach of security leading to the unauthorised disclosure of, or access to, personal data, FECA will promptly assess the risk to people’s rights and freedoms and report this at the next F&GP meeting; and also if appropriate report this breach to the ICO.
Appendix 1 – Privacy Notice
Fen Edge Community Association (FECA) is a registered charity that records and processes member organization and individual information under the conditions of the Data Protection Act 2018 and according to the following principles:
- We only ever ask for what we really need to know
- We collect and use the personal data that you share with us fairly, transparently and honestly
- We have the necessary security measures in place to protect the personal data that you share
- We will never share or sell your data with other organisations or businesses
- You have rights under the Data Protection Act 2018, as explained here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. You can contact us to see what data we have, and ask for it to be corrected (in all cases) or deleted (where the data is held based on your consent).
FECA has adopted the data protection policy available here: http://fenedge.co.uk/data-protection-policy. If you have any questions regarding this policy, please contact us at firstname.lastname@example.org.
Appendix 2 – Register of Systems
Organization Members and Organization Member Contacts
|Information held||Per Organization:
· Name, address, phone, web-site
· Email, facebook page, Twitter account
· Type of member
· Number of individuals associated
· Fee paid, and how paid. Payment date.
· Record of which Fen Edge News editions they have contributed to
· Record of grants made to the organizationPer individual contact supplied by the organization:
· Name, job title in the organization, email, phone (if provided)
|Information used for||· Billing for membership fees
· Managing membership status
· Informing organization of FECA meetings and events
· Requesting contributions to the Fen Edge Newsletter
|Basis under which information is held||FECA has a legitimate interest in recording its member organizations and the individuals provided by them to act as contacts.|
|Retention rule||Individuals will be removed on their personal request, or on request of the member organization. See also clause 5b.|
|Information held||Name, telephone number and email address|
|Information used for||Communicating and maintaining contact with individuals who volunteer in support of FECA|
|Basis under which information is held||Legitimate interest in being able to contact volunteers|
|Retention rule||Removed at individual’s request|
Fen Edge Newsletter (FEN) Management
|Information held||· Emails sent to and from the FEN editor
· Articles (including text, graphics and photographs) provided by member organizations and others for publication in the FEN
|Information used for||Managing and constructing FEN editions|
|Basis under which information is held||FEC has a legitimate interest in holding this data to provide the FEN to the local community.|
|Retention rule||The information will be held for up to 2 years|
Fen Edge Newsletter (FEN) Content
|Information held||· Published FEN content is distributed in hardcopy and available on the FECA website.
· This may include personal names and telephone numbers.
· This may include photographs of individuals.
|Information used for||Bringing news of FECA to individuals in its catchment area|
|Basis under which information is held||Information is provided to FEN with the consent of the contributor.
Identifiable photographs of individuals where privacy may be expected, as well as identifiable photographs of all minors will only be accepted if consent of the individual or individual’s guardian (respectively) is provided.
Once provided, FEN has a legitimate interest in retaining the information in perpetuity to record its history.
|Retention rule||In perpetuity.|
FECA Facebook page
|Information held||Facebook members that are signed-up|
|Information used for||Informing interested parties in FECA activities|
|Basis under which information is held||Consent. Interested parties have to discover the page and sign up. Their membership of the page is evidence of their consent.|
|Retention rule||Parties that are no longer interested can leave the Facebook page, thereby removing their membership from the group.|
FECA Website Cookies
|Information held||Cookies are used to track the statistics of user page visits so that these can be analysed using Google Analytics. Personally identifiable information is not made available to FECA.|
|Information used for||Managing the content and reach of the FECA website|
|Basis under which information is held||FEC has a legitimate interest in holding this data to provide the best information to the local community.|
|Retention rule||As determined by Google Analytics|