TYDD ST
MARY PARISH COUNCIL
Hedgeview, 231 Broadgate, Sutton St Edmund,
Spalding, Lincs, PE120LT
E mail tyddstmarypc@gmail.com
Data Protection Policy (GDPR)
The Data
Protection Policy
Tydd St Mary Parish Council recognises its
responsibility to comply with the General Data Protection Regulations (GDPR)
2018 which regulates the use of personal data. This does not have to be
sensitive data; it can be as little as a name and address.
General Data
Protection Regulations (GDPR)
The GDPR sets out high standards for the
handling of personal information and protecting individuals’ rights for
privacy. It also regulates how personal information can be collected, handled
and used. The GDPR applies to anyone holding personal information about people,
electronically or on paper. Tydd St Mary
Parish Council has also notified the Information Commissioner that it holds
personal data about individuals.
When
dealing with personal data, Tydd St Mary Parish Council staff and members must
ensure that:
·
Data is processed
fairly, lawfully and in a transparent manner
This means that personal information should
only be collected from individuals if staff have been open and honest about why
they want the personal information.
·
Data is processed for
specified purposes only
This means that data is
collected for specific, explicit and legitimate purposes only.
·
Data is relevant to
what it is needed for
Data will be monitored so that too much or too
little is not kept; only data that is needed should be held.
·
Data is accurate and
kept up to date and is not kept longer than it is needed
Personal data should be accurate, if it is not
it should be corrected. Data no longer
needed will be shredded or securely disposed of.
·
Data is processed in
accordance with the rights of individuals
Individuals must be informed, upon request, of
all the personal information held about them.
·
Data is kept securely
There should be protection against unauthorised
or unlawful processing and against accidental loss, destruction or damage.
Storing and accessing
data
Tydd St Mary Parish Council recognises its
responsibility to be open with people when taking personal details from them.
This means that staff must be honest about why they want a particular piece of
personal information.
Tydd St Mary Parish Council may hold personal
information about individuals such as their names, addresses, email addresses
and telephone numbers. These will be securely kept at the Tydd St Mary Parish
Council Office and are not available for public access. All data stored on the Tydd
St Mary Parish Council Office computers are password protected. Once data is
not needed any more, is out of date or has served its use and falls outside the
minimum retention time of Councils document retention policy, it will be
shredded or securely deleted from the computer.
Tydd St Mary Parish Council is aware that
people have the right to access any personal information that is held about
them. Subject Access Requests (SARs) must be submitted in writing (this can be
done in hard copy or email). If a person
requests to see any data that is being held about them, the SAR response must
detail:
·
How
and to what purpose personal data is processed
·
The
period Tydd St Mary Parish Council tend to process it for
·
Anyone
who has access to the personal data
The response
must be sent within
30 days and should be free of charge.
If a SAR includes
personal data of other individuals, Tydd St Mary Parish Council must not
disclose the personal information of the other individual. That individual’s personal information may
either be redacted, or the individual may be contacted to give permission for
their information to be shared with the Subject.
Individuals have the
right to have their data rectified if it is incorrect, the right to request erasure
of the data, the right to request restriction of processing of the data and the
right to object to data processing, although rules do apply to those requests.
Please see “Subject
Access Request Procedure” for more details.
Confidentiality
Tydd St Mary Parish Council members and staff
must be aware that when complaints or queries are made, they must remain
confidential unless the subject gives permission otherwise. When handling
personal data, this must also remain confidential.
Version
number |
Date
Approved |
Amendments
made |
Next
Review Date |
V1 |
2018 |
|
|
V2 |
1/12/22 |
|
December
2024 |
|
|
|
|
|
|
|
|