General Data Protection Regulation (GDPR) guidance

We need to collect and use certain types of information about people in order to effectively carry out our day to day operations, many of which are statutory requirements.

Personal information must be dealt with properly no matter how it is collected, recorded and used - whether on paper, by electronic systems or via other means.

We fully endorse and adhere to the principles of General Data Protection Regulations and the Data Protection Act 2018.

Specifically the principles of General Data Protection Regulations:

• lawfulness, fairness and transparency
• purpose limitation
• data minimisation
• accuracy
• storage limitation
• integrity and confidentiality (security), and
• accountability

We will therefore:

• fully observe the legal conditions regarding the collection and use of your information
• meet legal obligations to specify the purposes for which information is used and are detailed in the relevant privacy notices and statements
• collect and process information only to the extent that it is needed to comply with the legal basis for processing and/or any other legal requirements
• ensure the quality and accuracy of information used
• ensure that the length of time information is held is not unreasonable, and
• ensure that the rights of people about whom information is held are able to be fully exercised under GDPR and the Data Protection Act 2018. These include the right to be informed that processing is being undertaken, the right of access to your own personal information, the right to prevent processing in certain circumstances; the right to withdraw your consent; and the right to correctly rectify information which is regarded as incorrect information)
• take appropriate technical and organisational measures to safeguard personal information and protect your privacy, and
• ensure that personal information is not transferred abroad without suitable safeguards