Dalgety Bay and Hillend Community Council

General Data Protection Regulation (GDPR) Policy

Scope

This policy defines how the Dalgety Bay and Hillend Community Council (DB&HCC) will comply with the General Data Protection Regulation (GDPR) that came into force on 25th May 2018.

Overview

GPDR requires that DB&HCC are only allowed to use and share personal information if DB&HCC has proper reason to do so.

DB&HCC will only do this if one of the more following criteria is met:

·       To fulfil a legal contract

·       DB&HCC have a legal obligation to do so

·       When it is in DB&HCC’s legitimate interest

·       When it is in the vital interest of the person to share the information

·       When the person consents to it

Data Controller

The Data Controller for DB&HCC shall be the DB&HCC Secretary

Collection of Personal Information

DB&HCC may collect the following personal information

Type of Personal Information

Example Descriptions

Contact

Address, Phone Number, e-mail address

Transactional

Details of payments made to/received from the person

Contractual

Details regarding any contract that has been made with the person

Communications

Information provided by the person in letters, emails and conversations between the person and DB&HCC

Consents

Any permissions provide by the person to DB&HCC to use their personal information

 

DB&HCC may collect data from the following sources:

·       Correspondence in e-mail and letters

·       Conversations either in person or on the phone between elected members of DB&HCC and the person

·       Information provided by the person at DB&HCC meetings

Data Sharing

DB&HCC shall not share data without the consent of the person.

DB&HCC shall not send data outside the European Economic Area (EEA).

Electronic Media

DB&HCC shall not share any personal data on the DB&HCC website, https://www.dalgetybayandhillend.org/ , or any Social Media outlet controlled by DB&HCC without the consent of the person.

Data Retention

DB&HCC will normally only retain personal data for a maximum of 3 years. After 3 years, if DB&HCC wish to retain the personal data, DB&HCC will seek the persons consent to retain the personal information for a further 3 years.

Data Security

DB&HCC shall store data on a password protected secure network. Only the security controller and data processors authorised by the data controller shall have access to the network.

Where hard copy personal data is held, DB&HCC shall keep the data in a lockable storage facility. Access to this storage facility will be limited to the data controller and any data processors authorised by the data controller.

Requests for a copy of Personal Information

A person may request a copy of the personal information that DB&HCC hold about them by contacting the secretary of DB&HCC at the following e-mail address:

dbhccsecretary@gmail.com 

DB&HCC shall respond to any requests for information within 4 calendar weeks.

Withdrawal of Consent

A person may withdraw their consent from DB&HCC to hold their personal data at any time. Requests to remove personal data from the DB&HCC records shall be sent to the following e-mail address:

dbhccsecretary@gmail.com

Complaints

Complaints regarding DB&HCC’s holding of personal data should be made to the following e-mail address:

dbhccsecretary@gmail.com

Complaints may also be reported to the Information Commissioner’s Office (IOC). Details on how to report a concern can be found on their website.