Christian Science Committee for “FOCUS”
DATA PRIVACY POLICY
The processing of personal data (including its use) is governed by the General Data Protection Regulation (the “GDPR”). This is an EU Regulation soon to be replaced in the UK by a new Data Protection Act (DPA).Personal data relates to a living individual who can be identified from it (the ‘data subject’.)
Consent and legitimate interests – The Christian Science Committee for “Focus”, hereinafter called the Focus Steering Committee, considers it has legitimate interests in holding the personal data of present and former participants, their parents/guardians, volunteers, suppliers, customers and employees, so consent is not required from these individuals. We share participants’ contact details internally for administrative use. No personal data is shared with any external body without the participant’s consent.
It is our policy that consent should be sought from participants whose personal data is held by the Focus Steering Committee in order to keep them informed about activities held by Focus, as well as other events in which they may be interested.
Use of personal data
Personal data is used:
• to administer participants’ records;
• to manage the Focus Steering Committee activities and volunteers;
• to maintain financial records (including the processing of gift aid);
• generally, to promote the interests of Focus.
If Focus wishes to use personal data for a purpose not covered by this Data Privacy Policy, a new notice will be issued explaining the use and setting out the purposes and processing conditions and seeking the data subject’s consent.
Data protection – The Focus Steering Committee complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
All personal data will be treated as strictly confidential and will only be shared with other members of the Focus Steering Committee for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent. It will not be sold.
Data retention – Participants’ and volunteers’ data held with consent will be retained while it is still current or until consent is withdrawn. Consent will be confirmed every 5 years. Notwithstanding the above, information related to Safeguarding will be retained for at least 50 years.
Data subjects’ rights
Data subjects have the right:
• to request a copy of any personal data which the Focus Steering Committee holds about them;
• to request the Focus Steering Committee to correct any personal data that is inaccurate or out of date;
• to request that personal data be erased if it is no longer necessary for the Focus Steering Committee to retain it;
• to request the data controller to provide them with their personal data and, if they wish, send it to another data controller;
• to withdraw consent to the processing at any time;
• if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
• to object to the processing of personal data;
• to lodge a complaint with the Information Commissioner’s Office (see the website at www.ico.org.uk).
Data Controller – The Data Controller for main Focus is the Care Committee; for Junior Focus it is the Secretary; and for Mini-Focus it is the Secretary
Policy reviews – This policy will be reviewed every 2 years and any change adopted as required.