henley amateur operatic and dramatic society
HAODS General Data Protection Regulation Policy
Statement – GDPR stands for General Data Protection Regulation and replaces the previous Data Protection.
It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent.
GDPR covers personal data relating to individuals. HAODS are committed to protecting the rights and freedoms of individuals with respect to the processing of members, contractors, subscribers and volunteers personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
HAODS is a registered Charity and as so, is required to collect and manage certain data. We need to know members, contractors and subscribers names, addresses, telephone numbers and email addresses.
We also need to know children’s’ full names, addresses, date of birth and Education school. We are requested to provide this data to the Local Authority via a secure electronic file transfer system. This is in respect of our Health and Safety and Safeguarding Policies.
HAODS is also required to hold data on members, contractors and volunteers; names, addresses, email addresses, telephone numbers and date of birth for Disclosure and Barring Service checks (DBS). DBS Numbers and date of issue are also held on a central staffing record.
2) The right of access
At any point an individual can make a request relating to their data and HAODS will need to provide a response (within 1 month). HAODS can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However HAODS has a legal duty to keep members, contractors, subscribers and volunteers details for a reasonable time following a request for removal.
4) The right to restrict processing
Members, contractors, subscribers and volunteers can object to HAODS processing their data. This means that records can be stored but must not be used in any way, for example examination applications, reports or for communications.
5) The right to data portability
HAODS requires data to be transferred from one IT system to another; such as from HAODS to the Local Authority, for performance BOPA licences. The Local Authority use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Members, contractors, subscribers and volunteers can object to their data being used for certain activities like marketing or research.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. HAODS does not use personal data for such purposes.
Storage and use of personal information
HAODS stores personal data held visually in photographs or video clips, website images or as sound recordings, No names are stored with images in photo albums, displays, on the website or on HAODS’s social media sites.
GDPR means that HAODS must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them.
This Policy was adapted at a meeting at HAODS in April 2018.
Policy review date: April 2019