The University of the Third Age – Knutsford and District Branch
Data Protection Policy (August 2012)
1. We recognise our obligations under the Data Protection Act 1998
2. We accept the eight Data Protection Principles as below
i. Personal data shall be processed fairly and lawfully.
ii. Personal data shall be obtained for one or more specified and lawful purposes and shall not be further processed in any matter incompatible with that purpose or those purposes.
iii. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
iv. Personal data shall be accurate and where necessary kept up to date.
v. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
vi. Personal data shall be processed in accordance with the rights of data subjects under this Act.
vii. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or damage to personal data.
viii. Personal data shall not be transferred to a county or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
3. Statement – The following statement will appear on the Knutsford U3A Web Site and also on membership application forms :-
“Membership records are held on a computer and comply with the Data Protection Act 1998. These records are used only for purposes directly connected to U3A activities and are not revealed to third parties.”
4. Holders of Data – The full data base will only be held by the Membership Secretary (who will also be the Data Controller) and the Chairman of Knutsford U3A.
5. Other Data Holders - Where necessary and with the approval of the Committee, extracts may be made available to other nominated persons in connection with specified tasks related to Knutsford U3A. The security provisions as in Para 6 below save Para 6 (c) will also apply to the holding of such data. However the holding of an external back-up is encouraged. All data including any back-ups will be deleted / destroyed / returned once the data is out of date and / or the task has been completed.
a. The data base will be password protected by the holder. Expired versions must be deleted from the computer including the “recycle bin”.
b. No hard copies will be made, except in exceptional circumstances as agreed by the committee. Any such hard copies must be completely destroyed when an update has been made or the task has been completed.
c. A password protected back up (on a CD or similar) of the current data-base will be securely held by a nominated person other than the Membership Secretary and Chairman. Expired versions must be returned to the Membership Secretary for disposal.
d. The nominated person as in 6 (c) above will also hold password protected back-up discs made at the end of each membership year. See also Para 8 regarding the time they are to be held for.
e. On leaving office all holders must delete / destroy / return all membership data they hold including any hard copies.
7. Accuracy – The Membership Secretary is responsible for ensuring that the database is fully up to date every three months. A copy of the revised version should be passed to the Chairman and a replacement back up disc made.
8. Retention of data – All data including extracts shall not be held for a longer period than that needed for the efficient administration of Knutsford U3A or for other statutory reasons. The same principle should apply to any back-ups.