Your Privacy
Overview
The trustees of Barkway Village Hall take their responsibility to care for personal data under the General Data Protection Regulation (GDPR) very seriously. We need to collect and use certain types of data in order to carry on our work of managing Barkway Village Hall (BVH): its bookings and finances, running and marketing events at the hall, staff employment and its fundraising activities.
The purpose of this policy is to set out BVH's commitment to and procedures for protecting personal data. Trustees regard the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal. We recognise the risks to individuals of identity theft and financial loss if personal data is lost or stolen. Therefore, the following guidance for handling data and data security will be adhered to by all BVH trustees, staff and volunteers in order to safeguard your personal data. BVH operational guidance for trustees, staff and volunteers.
This guidance is designed to prevent unauthorised use or disclosure of personal information or accidental loss of personal data. Trustees, staff and volunteers who have access to personal information will therefore be expected to read and comply with the following procedural guidelines:
Email
If an email needs to be kept as an official record, ensure it is saved into the appropriate folder or printed and stored securely. Emails that contain personal information no longer required for operational use should be deleted.
Phone calls
Personal information should not be given out over the telephone unless you have no doubts about the caller’s identity, and the information requested is innocuous. If you have any doubts, ask the caller to put their enquiry in writing.
Laptops and portable devices
- All laptops and portable devices that hold data containing personal information must be protected with a password.
- Ensure your laptop is locked (password protected) when left unattended, even for short periods of time.
- When travelling in a car, make sure the laptop is out of sight, preferably in the boot.
- If you have to leave your laptop in an unattended vehicle at any time, put it in the boot and ensure all doors are locked and any alarm set.
- Never leave laptops or portable devices in your vehicle overnight.
- Do not leave laptops or portable devices unattended in restaurants or bars, or any other venue.
- When travelling on public transport, keep portable devices with you at all times.
Data Security and storage
- Store as little personal data as possible on your computer or laptop; only keep those files that are essential. Personal data received on disk or memory stick should be saved to the relevant file on the server or laptop. The disk or memory stick should then be securely returned (if applicable), safely stored or wiped and securely disposed of.
- Always lock (password protect) your computer or laptop when left unattended.
Passwords
- Do not use passwords that are easy to guess. All your passwords should contain both upper and lower-case letters and preferably contain some numbers. Ideally passwords should be 6 characters or more in length.
- Common sense rules for passwords are: do not give out your password and do not write it down.
Data Storage
- Personal data should be stored securely and only accessible to authorised volunteers or staff.
- Information should be stored for only as long as it is needed or required by statute and should be disposed of appropriately. For financial records this will be up to 7 years. For employee records see below.
- Archival material such as minutes and legal documents may be stored indefinitely.
- Other correspondence and emails should be disposed of when no longer required or when trustees, staff or volunteers retire.
- All personal data held for the organisation must be non-recoverable from any computer which has been passed on/sold to a third party.
Information Regarding Employees or Former Employees
Information regarding an employee or a former employee should be kept indefinitely. If something occurs years later it might be necessary to refer back to a job application or other document to check what was disclosed earlier, in order that trustees comply with their obligations e.g. regarding employment law, taxation, pensions or insurance.
Your rights
You have the right to make a Subject Access Request (SAR) to find out whether BVH charity holds your personal data and where, what it used for and to have data corrected if it is wrong. Any SAR will be dealt with within 30 days. If you would like to find out more about how we use your personal data or want to see a copy of information held about you, contact secretary@barkwayvillagehall.com. Please be aware that photo identification is required before any information is provided.
Data Subject Access Requests
We will never hold personal data unnecessarily nor will we sell or pass personal information to third parties; however we may occasionally need to share data with other agencies which is not in furtherance of the management of BVH.
The circumstances where the law allows BVH to disclose data (including sensitive data) without your consent are:
- Carrying out a legal duty, or as authorised by the Secretary of State
- Protecting your vital interests or those of another person e.g. child protection
- You yourself have already made the information public
- Monitoring for equal opportunities purposes e.g. race, disability or religion
More information
If anyone wants to learn more about the new regulations then please visit Information Commissioner's Office for further information.