Community Base needs to keep certain information about individuals in order to carry out its aims and objectives.
Community Base will comply with the data protection principles set out in the Data Protection Act 1998. In particular we will ensure that all personal data kept by Community Base is obtained and processed fairly and lawfully; obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose; adequate, relevant and not excessive for that purpose; accurate and kept up to date; not kept for longer than is necessary for that purpose; processed in accordance with the data subject's rights; kept safe from unauthorised access, accidental loss or destruction; not transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
All staff are responsible for checking that all information they provide Community Base in connection with their employment is accurate and up to date.
All staff are responsible for compliance with this policy and ensuring that personal information kept by Community Base is not disclosed orally or in writing or accidentally or otherwise to any unauthorised third party. Any deliberate breach of this policy by a staff member may lead to disciplinary action being taken against them.
Staff and other individuals that Community Base keeps information about have the right to access any personal data kept about them either on computer or in paper files. In order to gain access to such information the individual should make a request in writing to the Community Base director.
Community Base as an organisation is the data controller under the Act, and is therefore ultimately responsible for implementation. However the designated data controller, the Community Base director, will deal with day to day matters.
This policy will be reviewed by the board of trustees at least every calendar year.
