Data Protection Policy

Please note:  We are currently reviewing our Data Protection Policy to comply with changes to Data Protection law due to come into force in May this year.   

Bristol Fashion Ladies’ Barbershop Club (herein known as BFLBC) needs to gather and use certain information about individuals.  This policy describes how personal data must be collected, handled and stored to comply with the law.

The data protection policy ensure that BFLBC:

1  Complies with data protection law and follows good practice.

2  Is open about how it stores and processes individual’s data

3  Protects itself from a data breach

 

Data Protection Law

The Data Protection Act 1998 describes how organisations must collect, handle and store personal information.  These rules apply regardless of whether data is stored electronically, on paper or on other material.  To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.  The Data Protection Act is underpinned by eight important principles.  These say that personal data must:

1 Be processed fairly and lawfully

2 Be obtained only for specific, lawful uses

3 Be adequate, relevant and not excessive

4 Be accurate and kept up to date

5 Not be held for any longer than necessary

6 Processed in accordance with the rights of data subjects

7 Be protected in appropriate ways

8 Not be transferred outside of the European Economic Areas unless that country or territory also ensures adequate level of protection.

 

BFLBC recognizes and understands the consequences of failure to comply with the requirements of the Data Protection Act 1998 may result in:

1 Criminal and civil action

2 Fines and damages

3 Personal accountability and liability

4 Loss of confidence in the integrity of BFLBC’s systems and procedures

5 Irreparable damage to BFLBC’s reputation

BFLBC may also consider taking action where members to not comply with the Data Protection Act 1998

 

Roles and Responsibilities

This policy applies to all members including anyone involved in the activities of BFLBC.

This policy applies to all personal and sensitive data processed on computers and stored in paper files.  This can include:

1  Names of individuals

2  Postal addresses

3  Email addresses

4  Telephone numbers

5  Any other information relating to individuals

 

Confidentiality

Normally access will be defined on a ‘need to know’ basis; no one should have access to information unless it is relevant to his or her work.  All information that is held will be relevant and accurate for the purpose for which it is required.  The information will not be kept for longer than is necessary and will be secure at all times.

Members who manage and maintain personal or sensitive information will ensure that it is kept secure and where necessary confidential.

BFLBC will regularly review its procedures for ensuring that its records remain accurate and consistent.

BFLBC will only share information in accordance with the provisions set out in the Data Protection Act 1998.

BFLBC will not pass email addresses to any third party apart from LABBS

Data subject rights

BFLBC acknowledge individuals rights under the Data Protection At 1998 to access any personal data held on our systems and in our files, on request, or to delete and/or correct this information if it is proven to be inaccurate, excessive or out of date.

 

Enquiries and Complaints

Complaints relating to breaches of the Data Protection Act 1998 and/or complaints that an individual’s information is not being processed in line with the eight principles of data protection will be managed and processed by the Club Management Committee.

All complaints should be sent to the Club Secretary.

BFLBC will ensure that all members are aware of this policy and a copy will be available on the Club website at all times.