Shopping Cart

Birnam Arts and Conference Centre

01350 727 674

icon MENU

Birnam Arts Data Protection

DATA PROTECTION POLICY

The Data Protection Act 1984 introduced a provision that holders of any computer database of personal information may have to register with the Information Commissioner. The Data Protection Act 1998 further extended these provisions to the duty of care in maintaining paper based records. [plus GDPR provisions]

[“Not-for-profit” organisations are exempt from the requirement to notify the Information Commissioner. A “not-for-profit” organisation is one that can make a profit for its own purposes, which are usually charitable or social, but the profit should not be used to enrich others. Any money that is raised should be used for the organisation’s own activities.]

The exemption applies to processing data which is only for the purposes of:

  • establishing or maintaining membership;
  • support for a not-for-profit body or association; or
  • providing or administering activities for either the members or those who have regular contact with it

These principles and how they apply to Birnam Arts are set out below, and shall constitute the policy of Birnam Arts on Data Protection matters.

 

Statement of Principle

It is the policy of Birnam Arts that Birnam Arts [and Birnam I] shall at all times observe and comply with the requirements of the Data Protection Act 1998 (“the Act”), in both the letter and spirit of the Act. This shall include the whole of Birnam Arts’ activities, as carried out by its officers, managers and staff, and shall include all volunteers and helpers who, for the performance of any delegated activities, are provided with information covered by the Act.

 

The purpose of Birnam Arts in defining this policy is:

  1. a) to comply with the law, by informing all officers, managers and staff dealing with personal data of their obligations regarding such data, and seeking to ensure all such officers, managers and staff comply with the requirements of the Act;
  2. b) to protect the personal data held by Birnam Arts, and to be transparent about data held;
  3. c) to protect officers, managers and staff; and
  4. d) to follow good practice.

 

Data covered by this policy shall include all data provided by members of the public upon joining any Birnam Arts group, together with any further data provided by such members of the public, for the purpose of accessing any services run by, or carried out for, Birnam Arts.

Principle 1:     “Personal information shall be processed fairly and lawfully”

In order to manage and administer Birnam Arts, personal information is required. This information will not be used unlawfully or in any such way as to cause adverse effects to the persons concerned. Birnam Arts will be transparent about how it intends to use personal information.

 

Principle 2:     “Personal information shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes”

Personal information will only be processed for the purpose of managing and administering Birnam Arts’ business by officers, managers and staff. Under no circumstances will any personal information be disclosed to third parties without that person’s express written consent.

Members of the public shall be advised of the purposes for which their personal information is processed.

Principle 3:     “Personal information shall be adequate, relevant and not excessive in relation to the purpose for which it is processed”

This means asking individuals only for the information Birnam Arts needs to be able to contact them, including mailing details of events, and ensuring that individuals are not contacted if they have not specified an interest in such events.

Principle 4:     “Personal information shall be accurate and, where necessary, kept up-to-date”

Wherever possible, the original signed contact form or other transactional or electronic record will be kept either on file or electronically. Birnam Arts will check personal information held concerning individuals [on a regular basis/at least once a year]. If information changes are advised to Birnam Arts at any time, such changes shall be made promptly to any electronic database or physical record system. [Copies of such notifications will be retained electronically].

Principle 5:     “Personal information processed for any purpose(s) shall not be kept for longer than is necessary for that purpose or purposes”

Personal information will be held for as long as required to comply with the Act and all other legislation. Subject to this, Birnam Arts will hold personal information concerning members of the public for as long as they express an interest in being contacted with relevant information concerning the activities of, and/or events promoted by Birnam Arts. On receiving notification that such member(s) of the public are no longer interested in receiving such contact, personal information shall be deleted from electronic files and paper copies shall be shredded by Birnam Arts promptly.

In case of transactional records, data shall be destroyed on completion of the transaction for which the data was obtained, unless required by the Act or other legislation.

If any individual has asked, in writing or electronically, that Birnam Arts make no further contact with that individual, then a record of that request must be retained on file or electronically and adhered to.

Principle 6: “Personal information shall be processed in accordance with the rights of data subjects under this Act”

The Act gives individuals a number of rights. These include the right for individuals to request details of the personal information that Birnam Arts holds about them. If individuals wish to view the personal information held about them, they should send a [written or electronic] request to Birnam Arts in accordance with the Data Protection Act [GDPR] for processing by Birnam Arts, and Birnam Arts shall arrange for such information to be supplied to such individuals in accordance with the [GDPR] Act.

Principle 7: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal information and against accidental loss or destruction of, or damage to, personal information”

Birnam Arts will follow procedures to make sure that personal information kept electronically and in paper form cannot be accessed by unauthorised people and that backup procedures are in place to ensure that personal information can be recovered in the event of a computer failure.

Principle 8: Concerning personal information sent outside the European Economic Area

Birnam Arts does not send personal information outside the European Economic Area

fb twitter p trip