|1.||The Guild and its constituent branches follow the guidance provided by the Central Council’s Tower Stewardship Committee in its Guidance Note No. 8 (dated July 2014) entitled Data Protection and Bell Ringing.|
It is noted that:
- The Data Protection Act 1998 (DPA) governs the collection, recording, storage, use and disclosure of personal data, whether such data is held electronically or in manual form.
- The rules apply particularly to computer or automated records (including email) but also apply to manual records kept in such a way that specific information about a particular individual can easily be retrieved.
- Personal Data is any information held about a living individual who can be identified from the information itself or other information also held.
- A Data Controller can be either individuals, organisations or other incorporated or unincorporated bodies of persons who determine what personal data is held, why it is held and how it is processed.
The ‘Eight Principles’: when processing personal data, the Data Controller must ensure that the data is:
- Processed fairly and lawfully;
- Obtained for a specified and lawful purpose;
- Adequate, relevant and not excessive for purpose;
- Accurate and up-to-date;
- Kept only for as long as required;
- Processed in accordance with the data subjects rights;
- Be kept secure proportionately to the level of harm that could result if unauthorised access occurs;
- Not transmitted outside the European Economic Area (EEA) without consent from the data subject.
The Guild and its constituent branches note that:
- Data protection law applies in full to all Ringing Associations.
- As smaller ‘not-for-profit’ organisations, Ringing Associations do not have to register provided they do not hold personal data about anyone other than members or potential beneficiaries. However, they are still subject to the rules of the DPA.
- Each Ringing Association is a Data Controller and, therefore, overall responsibility for compliance with data protection will lie with the Officers of each Association.
- Ringing Associations must apply the eight basic Data Protection Principles when processing Personal Data.
|5.||In all its operations the Guild and its constituent branches apply the eight basic Data Protection Principles when processing Personal Data.|
|6.||When obtaining personal data the Guild and its constituent branches ensures that it has explicit consent from the individual concerned for the use of that data in accordance with the eight basic Data Protection Principles.|
Agreed by the Guild Executive: 24 October 2015