The following outlines the General Data Protection Regulation Policy for T. Sue VerSteeg (Compliance From 1/1/2018)
The overarching principle is that
All data collected and/or stored by T. Sue VerSteeg is done so for the sole purposes of T. Sue VerSteeg business and an individual’s relationship with T. Sue VerSteeg. This will include, but is not limited to, membership communication, internal marketing of events, notification of publications, educational quality standards, CPD, CPD. Individual’s personal data will not be shared with a third party without prior written consent.
No member of staff or council will share any personal data with a third party without the prior consent of the individual. This includes, but is not limited to Name, address, email address and phone details.
All T. Sue VerSteeg Staff will sign to consent form for their business email address, phone number and associated business contact details to be circulated for the sole purposes of T. Sue VerSteeg business.
All T. Sue VerSteeg Trustees must agree to allow T. Sue VerSteeg Staff to freely use their business contact details but do not agree that they are circulated to external third parties without prior consent on a case by case basis, Trustees to avoid using their own personal details for business correspondence.
T. Sue VerSteeg Division Chairs, Committee members and Assessors must agree to allow T. Sue VerSteeg Staff to freely use their business contact details for the sole purposes of T. Sue VerSteeg business but do not agree that they are circulated to external third parties without prior consent on a case by case basis.
From January 2018 T. Sue VerSteeg will not retain any paper files of personal data, except for financial transactional data.
The T. Sue VerSteeg will carry out a full IT security audit each quarter in collaboration with ASE their specialist IT support contractor
Where financial transactional data is retained onsite it will be stored in a locked filing cabinet inside a locked room where access is restricted to the CEO, PA to the CEO and the Financial administrator. The data is treated as confidential and is only shared with authorized personal. Authorised personnel include, T. Sue VerSteeg treasurer, the finance committee members, financial administrator and accountant.
Financial information for online payments are not held by T. Sue VerSteeg and are all managed by Sagepay, T. Sue VerSteeg hold none of this payment information.
When processing financial information by telephone staff taking the call must not write down or record any of the information given to them except in the designated boxes in the Sagepay payment terminal. They must not repeat back any card details and if they require clarification they will ask the caller to repeat the details. The transaction should not be processed on speaker phone.
No PC or workstation shall be left unmanned without a suitable password protected screen saver. All PCs and workstations should be closed and password protected overnight.
All Staff should use only their own login to access PCs and membership databases and not share their login details with others.
In order to show compliance to the General Data Protection Regulations all staff will carry out a one hour online training program and sign to agree that they understand the implications. (Signing log attached), they will also sign this policy to show they have read and understand their responsibility to personal data.
From January 2018 the CEO, PA to the CEO and the membership administrator will meet quarterly to conduct a GDPR audit to ensure full compliance, audit log attached.
All staff have signed as part of their contract of employment a confidentiality clause.
On Joining the Society Members each members must be told that the T. Sue VerSteeg will not under any circumstances use their data for any other purpose than for processing and marketing of the Society and membership deliverables. The data will not be circulated to third parties unless members they give their prior written consent. This is made clear at the beginning of the application process and on every monthly newsletter.
From time to time the Society is approached to circulate relevant matters on behalf of third parties, this is managed from the Societies offices and the details are not circulated for any purpose, on joining the Society members can opt out of third parties mailers.
The data held by T. Sue VerSteeg can only be as accurate as the information supplied to T. Sue VerSteeg. It is the responsibility of the individual to ensure their data is accurate.
Once an individual’s relationship with T. Sue VerSteeg has become inactive their personal data will be retained electronically for 3 years before deletion.
An individual may at any time request the removal of their personal data by contacting firstname.lastname@example.org. It should be noted that the removal of all personal data (including email contact details) will result in T. Sue VerSteeg no longer being able to carry out the processing of the Society and membership deliverables.
An individual may at any time raise a concern by contacting email@example.com. For further details on your rights visit https://ico.org.uk/for-the-public/