artists - studios - events - the steeple arts

Data Protection Policy

1 Purpose of policy

1.1 The purpose of this policy is to outline an individual’s rights under the Data Protection Act 1998. 

2 Detailed Policy Statement

2.1 We are committed to protecting the rights and privacy of individuals in accordance with the Data Protection Act 1998. We need to process certain information about our staff, customers and other individuals that we have dealings with for administrative purposes.  To comply with the Act, information collected about individuals must be used fairly, stored safely and securely and not disclosed to any third party unlawfully.

2.2 Any breach of the Data Protection Act 1998 or our Data Protection Policy is considered to be an offence, and in that event, our disciplinary procedures will apply. As a matter of good practice, other organisations and individuals working with us, and who have access to personal information, will be expected to read and comply with this policy.

2.4 On 1 January 2005, the Freedom of Information Act (Scotland) 2002 became law.  The Act places a responsibility on all Scottish Public Authorities to disclose information to citizens through their Publication Scheme, and by responding to Access Requests for information.  We will not violate the Data Protection Act 1998 in any Freedom of Information disclosures.

2.4  When do we collect personally identifiable information?

a.      Sources of personally identifiable information include:

• Membership or recruitment application forms
• The appointment of Board or Committee members or Specialist Advisors
• Requests to be included on mailing lists
• Participation in classes, events and activities
• The supply of goods or services to FAC
  

2.5 What are your rights under the Data Protection Act?

a. The Data Protection Act 1998 gives any data subject a number of rights. These rights include:

• Obtaining information on whether we have data relating to you;
• Obtaining information with respect to the purpose, scope, and the manner of our data processing;
• Obtaining information about the date of processing of your personal data, and access to such data presented in an easy to understand form;
• Obtaining information about the source of your personal data;
• Obtaining information about the way in which we disclose your data, and in particular about the recipients of the data;
• The right to request:
  • that your personal data is updated or corrected
  • that we temporarily or permanently suspend our processing
  • amendment of your personal data in the event that it is not complete or outdated
  • erasure if your personal data is untrue or collected in violation of the Data Protection Act 1998, or in cases where it is no longer required for the purpose for which it has been collected;
• The right to request in writing, as stated in the Data Protection Act 1998, that the processing of your personal data be stopped.

Any access to information is classed as a Subject Access Request, and will be dealt with within the 40 days specified within the Act.

3 Glossary

 3.1 The Data Protection Act 1998 defines:

Data – information which:

• is being processed by means of equipment operating automatically in response to instructions
• is recorded with the intention that it should be processed by means of such equipment
• is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system
• forms part of an accessible record.

• Data Subject - any living individual who is the subject of personal data held by an organisation.
• Data Controller - any person (or organisation) who makes decisions with regard to particular personal data, including decisions about the purposes and ways in which personal data are processed.  For this policy the SteepleArts is the Data Controller.
• Third party - any individual or organisation other than the data subject, the data controller or its agents.
• Personal Data - data relating to a living individual who can be identified from that information or from that data and other information in possession of the data controller, which may include names, addresses, telephone numbers, ID numbers, and any expression of an opinion about the individual or the intentions of the data controller in respect of that individual.
• Sensitive Data - is different from ordinary personal data (such as name, address, telephone number, etc) and relates to such matters as racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual behaviour and criminal convictions. Sensitive data is subject to much stricter conditions of processing.
• Processing - any paper or manual filing system which is structured so that information about an individual is readily accessible.

4 See also

• Pr179 - Subject Access Procedure – Data Protection Act 1998
• Pr152 - Procedure for the processing of Freedom of Information applications
• Disciplinary Policy

You can download a pdf of the Data Protection Policy.