Data Protection Policy
Chadderton Together is committed to keeping your data safe, The new General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU Law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Protection of Data
1.1 The Controller will be responsible for the collection of data and the storing of the information in a secure location. As a security measure the Controller will be solely responsible for the processing of data and personal information.
1.2 The information will be collected as hard copies and kept in a file in a secure place and will also be held on a computer and will only be accessible to the controller. The information will only be collected for specified, explicit and legitimate purposes and individuals will be informed as to that purpose.
1.3 There will be appropriate measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
1.4 The information gathered will be by written consent. This will be checked and updated on an annual basis.
1.5 Individuals will be given access to their own personal data as and when necessary on receipt of written application to view the information and request relevant changes to the information.
1.6 The controller will document the information of volunteers and members of the Committee. It will be shared by the controller and with the members of the Committee, if and when necessary.
1.7 If a member of Chadderton Together thinks that there has been a data breach the controller should be informed directly, as soon as possible. The individual(s) whose data has been breached should also be informed. If the Controller suspects there has been a data breach they must inform the members and it will be mandatory to report a personal data breach under GDPR, if it is likely to result in a risk to people’s rights and freedoms. So if it’s unlikely that there’s a risk to people’s rights and freedoms from the breach, you don’t need to report.
1.8 Personal data will not be disclosed by telephone unless there is absolute proof that the person requesting the information is that person and is known to the controller. The information will only be released at the discretion of the controllers.
1.9 Data will not be shared with third parties, unless legally required to do so and or the individual has given prior consent to release the information. All information held is to remain confidential at all times even when held in archives.
What personal data will be held by Chadderton Together
2.1 Personal data means information about an individual from which that individual can be identified. Information may include an individual’s title, name and address, date of birth, email address, phone number, gender and details of next of kin or nominated person, in case of an emergency.
2.2 Images or video footage taken by Chadderton Together will be held securely on a password protected device. Images or video footage will be displayed for promotional material, press releases and on the website/social media. Names will not be associated with the image/s or video footage unless it's necessary to the article. The image/s or footage will remain the intellectual property of Chadderton Together.
2.3 Sometimes Chadderton Together have to submit evidence of our fundraising to apply for funding, by choosing to Opt in you are giving Chadderton Together consent to use any images with you present in them.
Purpose/processing Activity.
3.1 The information stored will be used for contacting Committee members and passing on information relevant to Chadderton Together.
3.2 Processing membership forms and payments.
3.3 Organising meetings and informing Committee members.
3.4 Sending out information such as newsletters.
3.5 Invitation to social events.
Information held on none committee members.
4.1 Any information gathered on petitions will be stored and passed on to relevant organisations with the signed consent of the individual.
4.2 It will be the responsibility of the controller to ensure that the information is managed effectively and is sufficiently protected.
4.3 Volunteers information will be held so they can be contacted when we hold an event.
4.4. Email address will also be held through the website to able Chadderton Together to send newsletters to its subscribers.
Method of disposal
5.1 Information on individuals will be stored for as long as the individual remains a committee member/volunteer or requests in writing, that the information is removed. The controller must respond to a written request from an individual to ask for the removal of personal information. This should be carried out securely and the disposal of the information should take place whenever possible, within 24 hours of the request being made.
5.2 Paper documents should be shredded. Digital storage devices should be physically destroyed. Computers where data is stored should have and operate a password only access or similar lock function. The device should have an appropriate anti-virus protection.
5.3 The information stored will be available to legal bodies on written application to view the material.
5.4 Members who do not give written consent will not be able to be contacted by the Society.
Protection of Data
1.1 The Controller will be responsible for the collection of data and the storing of the information in a secure location. As a security measure the Controller will be solely responsible for the processing of data and personal information.
1.2 The information will be collected as hard copies and kept in a file in a secure place and will also be held on a computer and will only be accessible to the controller. The information will only be collected for specified, explicit and legitimate purposes and individuals will be informed as to that purpose.
1.3 There will be appropriate measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
1.4 The information gathered will be by written consent. This will be checked and updated on an annual basis.
1.5 Individuals will be given access to their own personal data as and when necessary on receipt of written application to view the information and request relevant changes to the information.
1.6 The controller will document the information of volunteers and members of the Committee. It will be shared by the controller and with the members of the Committee, if and when necessary.
1.7 If a member of Chadderton Together thinks that there has been a data breach the controller should be informed directly, as soon as possible. The individual(s) whose data has been breached should also be informed. If the Controller suspects there has been a data breach they must inform the members and it will be mandatory to report a personal data breach under GDPR, if it is likely to result in a risk to people’s rights and freedoms. So if it’s unlikely that there’s a risk to people’s rights and freedoms from the breach, you don’t need to report.
1.8 Personal data will not be disclosed by telephone unless there is absolute proof that the person requesting the information is that person and is known to the controller. The information will only be released at the discretion of the controllers.
1.9 Data will not be shared with third parties, unless legally required to do so and or the individual has given prior consent to release the information. All information held is to remain confidential at all times even when held in archives.
What personal data will be held by Chadderton Together
2.1 Personal data means information about an individual from which that individual can be identified. Information may include an individual’s title, name and address, date of birth, email address, phone number, gender and details of next of kin or nominated person, in case of an emergency.
2.2 Images or video footage taken by Chadderton Together will be held securely on a password protected device. Images or video footage will be displayed for promotional material, press releases and on the website/social media. Names will not be associated with the image/s or video footage unless it's necessary to the article. The image/s or footage will remain the intellectual property of Chadderton Together.
2.3 Sometimes Chadderton Together have to submit evidence of our fundraising to apply for funding, by choosing to Opt in you are giving Chadderton Together consent to use any images with you present in them.
Purpose/processing Activity.
3.1 The information stored will be used for contacting Committee members and passing on information relevant to Chadderton Together.
3.2 Processing membership forms and payments.
3.3 Organising meetings and informing Committee members.
3.4 Sending out information such as newsletters.
3.5 Invitation to social events.
Information held on none committee members.
4.1 Any information gathered on petitions will be stored and passed on to relevant organisations with the signed consent of the individual.
4.2 It will be the responsibility of the controller to ensure that the information is managed effectively and is sufficiently protected.
4.3 Volunteers information will be held so they can be contacted when we hold an event.
4.4. Email address will also be held through the website to able Chadderton Together to send newsletters to its subscribers.
Method of disposal
5.1 Information on individuals will be stored for as long as the individual remains a committee member/volunteer or requests in writing, that the information is removed. The controller must respond to a written request from an individual to ask for the removal of personal information. This should be carried out securely and the disposal of the information should take place whenever possible, within 24 hours of the request being made.
5.2 Paper documents should be shredded. Digital storage devices should be physically destroyed. Computers where data is stored should have and operate a password only access or similar lock function. The device should have an appropriate anti-virus protection.
5.3 The information stored will be available to legal bodies on written application to view the material.
5.4 Members who do not give written consent will not be able to be contacted by the Society.
Updated: 11/03/2022