Visit New Mills – data protection
We work with hundreds of people; volunteers, traders, businesses and our own committee – we take special care of your personal data – here is our policy
- Personal data is information about a person which is identifiable as being specifically about them. It can be stored electronically or on paper and may include images and audio recordings as well as written information.
- Data protection is about how we, as Visit New Mills, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting any personal data.
- Overall and final responsibility for data protection lies with the management committee, who are responsible for overseeing activities and ensuring this policy is upheld.
- All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the group.
Overall policy statement
- Visit New Mills needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities – typically this is contact information (names, phone, email), but may relate to specific skill sets that volunteers may have.
- Visit New Mills will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.
- Visit New Mills will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
- Visit New Mills will only collect, store and use data for:
- purposes for which the individual has given explicit consent, or
- purposes that are in our group’s legitimate interests, or
- contracts with the individual whose data it is, or
- to comply with legal obligations (e.g. financial records) or
- to protect someone’s life, or
- to perform public tasks.
- Visit New Mills will provide individuals with details of the data we have about them when requested by the relevant individual.
- Visit New Mills will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.
- Visit New Mills will endeavour to keep personal data up-to-date and accurate.
- Visit New Mills will store personal data securely.
- Visit New Mills will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
- Visit New Mills will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.
- Visit New Mills will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. Visit New Mills will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.
- To uphold this policy, Visit New Mills will maintain a set of data protection procedures for our committee and volunteers to follow.
This policy will be reviewed every two years