Burwash: Save our Fields from Concrete (known as 'the group') shall always have a Data Protection Officer, who shall be responsible for implementing the requirements of this Code of Practice and Policy and the duties imposed by the Information Commissioner. The officers of the group may act on behalf of the Data Protection Officer when he or she is unavailable.
Burwash: Save our Fields from Concrete must always act lawfully and fairly
The group's Data Protection Officer and the officers of the group must ensure that they keep up to date with the data protection laws and rules.
Achieving the principle of fairness
To achieve the principle of fairness, the Data Protection Officer and officers of the group shall:
Always ensure there are legitimate grounds for collecting and using personal data,
Never use the group's data in any way that could have an adverse effect on the individuals whose data is retained,
Always be transparnt about the use of data and give individuals full details of our data policy,
Always use appropriate privacy notices when collecting personal data, and
Always handle individuals' personal data reasonably and responsibly.
Purposes for the collection of data and the division of data
Personal data shall be obtained only for lawful purposes and in the furtherance of the group's policies. The Data Protection Officer shall divide the data into two sections. The first section will be those individuals to whom the group wishes to send out information about planning applications and other developments. The second section will be the normal address book of the group, which may contain the details of, for instance: a) the Chairman of the Parish Council, b) planning officials at Rother District Council, and c) those individuals who have said they do not want to receive leaflets from the group.
The Data Protection Officer and officers of the group may keep a hard copy of the data temporarily. No hard copy may be given to anyone else. Short printed extracts of the data may be given to members when there is a compelling need for this, such as when a member is visiting supporters in a particular street. These extracts must be returned to the Data Protection Officer, who must either burn the data or shred it. If such extracts are given to members, the details of the member receiving the data and the member returning the data must be recorded in a log along with a note that the extract has been destroyed.
Retention and accuracy of the data
Personal data shall be accurate and be kept up to date. Data must not be kept for longer than is necessary. All information must be securely deleted when it is no longer required. Data shall be updated if it becomes out of date.
The safekeeping of the data
Electronic data may only be held by the Data Protection Officer. At all times, the Data Protection Officer and the appointed officials must keep the data safe. The Data Protection Officer may not transmit the data to anyone unless authorised by the group at a meeting or by a meeting of the officers. The group may not authorise the transmission of our data or parts of our data to anyone outside the group nor to anyone who does not have a legitimate reason to have it. There must be no file sharing.
The data retained by the Data Protection Officer must be kept safe when being worked on. The electronic device that contains the data must be kept in a safe place when it is not being worked on. The Data Protection Officer must back up the data regularly and the back-up must be kept in a secure place.
Rights of individuals whose personal data is retained by the group
An individual whose data is retained by the group has the right to:
Speak to the Data Protection Officer about their data entry,
Be told what data is retained by the Data Protection Officer, and
Have their data amended or deleted
Breaches of this Code
The Data Protection Officer must inform the officers of the group if there is any breach of this Code of Practice or the rules made by the Information Commissioner.
The Data Protection Officer must report to the group at the first meeting of the year about the group's data. The report must include: a) a Privacy Impact Statement, b) the safety of the data, and c) his or her compliance with data protection laws and this Code of Practice.
Questions regarding this policy
This Code of Practice and Privacy may be amended by a meeting of the group