{"id":447,"date":"2018-11-26T22:37:12","date_gmt":"2018-11-26T22:37:12","guid":{"rendered":"http:\/\/46.32.240.35\/achille-ratti-climbing-club.co.uk\/?page_id=447"},"modified":"2018-11-30T18:09:49","modified_gmt":"2018-11-30T18:09:49","slug":"data-protection-policy","status":"publish","type":"page","link":"https:\/\/achille-ratti-climbing-club.co.uk\/?page_id=447","title":{"rendered":"Data Protection Policy"},"content":{"rendered":"<p>&nbsp;<\/p>\n<style type=\"text\/css\">ol.lst-kix_list_1-3{list-style-type:none}ol.lst-kix_list_1-4{list-style-type:none}.lst-kix_list_2-6>li:before{content:\"Not Defined \"}.lst-kix_list_2-7>li:before{content:\"Not Defined \"}.lst-kix_list_2-7>li{counter-increment:lst-ctn-kix_list_2-7}ol.lst-kix_list_1-5{list-style-type:none}ol.lst-kix_list_1-6{list-style-type:none}ol.lst-kix_list_1-0{list-style-type:none}.lst-kix_list_2-4>li:before{content:\"\\0025cf  \"}.lst-kix_list_2-5>li:before{content:\"\\0025cf  \"}.lst-kix_list_2-8>li:before{content:\"Not Defined \"}ol.lst-kix_list_1-1{list-style-type:none}ol.lst-kix_list_1-2{list-style-type:none}ol.lst-kix_list_3-0{list-style-type:none}.lst-kix_list_1-1>li{counter-increment:lst-ctn-kix_list_1-1}ol.lst-kix_list_2-6.start{counter-reset:lst-ctn-kix_list_2-6 0}.lst-kix_list_3-0>li:before{content:\"\" counter(lst-ctn-kix_list_3-0,decimal) \". \"}.lst-kix_list_3-1>li:before{content:\" \"}.lst-kix_list_3-2>li:before{content:\" \"}ul.lst-kix_list_3-7{list-style-type:none}ul.lst-kix_list_3-8{list-style-type:none}ol.lst-kix_list_1-8.start{counter-reset:lst-ctn-kix_list_1-8 0}ol.lst-kix_list_3-0.start{counter-reset:lst-ctn-kix_list_3-0 0}ul.lst-kix_list_3-1{list-style-type:none}.lst-kix_list_3-5>li:before{content:\" \"}ul.lst-kix_list_3-2{list-style-type:none}.lst-kix_list_3-4>li:before{content:\" \"}ol.lst-kix_list_1-5.start{counter-reset:lst-ctn-kix_list_1-5 0}ol.lst-kix_list_1-7{list-style-type:none}.lst-kix_list_3-3>li:before{content:\" \"}ul.lst-kix_list_3-5{list-style-type:none}.lst-kix_list_1-7>li{counter-increment:lst-ctn-kix_list_1-7}ol.lst-kix_list_1-8{list-style-type:none}ul.lst-kix_list_3-6{list-style-type:none}ul.lst-kix_list_3-3{list-style-type:none}ul.lst-kix_list_3-4{list-style-type:none}.lst-kix_list_3-8>li:before{content:\" \"}.lst-kix_list_2-6>li{counter-increment:lst-ctn-kix_list_2-6}.lst-kix_list_3-6>li:before{content:\" \"}.lst-kix_list_3-7>li:before{content:\" \"}ol.lst-kix_list_1-7.start{counter-reset:lst-ctn-kix_list_1-7 0}.lst-kix_list_1-2>li{counter-increment:lst-ctn-kix_list_1-2}.lst-kix_list_1-5>li{counter-increment:lst-ctn-kix_list_1-5}.lst-kix_list_1-8>li{counter-increment:lst-ctn-kix_list_1-8}ol.lst-kix_list_1-4.start{counter-reset:lst-ctn-kix_list_1-4 0}ol.lst-kix_list_1-1.start{counter-reset:lst-ctn-kix_list_1-1 0}.lst-kix_list_1-4>li{counter-increment:lst-ctn-kix_list_1-4}ol.lst-kix_list_1-6.start{counter-reset:lst-ctn-kix_list_1-6 0}ol.lst-kix_list_1-3.start{counter-reset:lst-ctn-kix_list_1-3 0}ol.lst-kix_list_2-8.start{counter-reset:lst-ctn-kix_list_2-8 0}ol.lst-kix_list_1-2.start{counter-reset:lst-ctn-kix_list_1-2 0}ul.lst-kix_list_2-2{list-style-type:none}.lst-kix_list_1-0>li:before{content:\"\" counter(lst-ctn-kix_list_1-0,decimal) \". \"}ul.lst-kix_list_2-3{list-style-type:none}ul.lst-kix_list_2-0{list-style-type:none}ul.lst-kix_list_2-1{list-style-type:none}ol.lst-kix_list_2-6{list-style-type:none}.lst-kix_list_1-1>li:before{content:\"\" counter(lst-ctn-kix_list_1-0,decimal) \".\" counter(lst-ctn-kix_list_1-1,decimal) \" \"}.lst-kix_list_1-2>li:before{content:\"\" counter(lst-ctn-kix_list_1-0,decimal) \".\" counter(lst-ctn-kix_list_1-1,decimal) \".\" counter(lst-ctn-kix_list_1-2,decimal) \" \"}ol.lst-kix_list_2-7{list-style-type:none}ul.lst-kix_list_2-4{list-style-type:none}ol.lst-kix_list_2-8{list-style-type:none}ul.lst-kix_list_2-5{list-style-type:none}.lst-kix_list_1-3>li:before{content:\"\" counter(lst-ctn-kix_list_1-0,decimal) \".\" counter(lst-ctn-kix_list_1-1,decimal) \".\" counter(lst-ctn-kix_list_1-2,decimal) \".\" counter(lst-ctn-kix_list_1-3,decimal) \" \"}.lst-kix_list_1-4>li:before{content:\"\" counter(lst-ctn-kix_list_1-0,decimal) \".\" counter(lst-ctn-kix_list_1-1,decimal) \".\" counter(lst-ctn-kix_list_1-2,decimal) \".\" counter(lst-ctn-kix_list_1-3,decimal) \".\" counter(lst-ctn-kix_list_1-4,decimal) \" \"}ol.lst-kix_list_1-0.start{counter-reset:lst-ctn-kix_list_1-0 0}.lst-kix_list_1-0>li{counter-increment:lst-ctn-kix_list_1-0}.lst-kix_list_3-0>li{counter-increment:lst-ctn-kix_list_3-0}.lst-kix_list_1-6>li{counter-increment:lst-ctn-kix_list_1-6}.lst-kix_list_1-7>li:before{content:\"Not Defined \"}ol.lst-kix_list_2-7.start{counter-reset:lst-ctn-kix_list_2-7 0}.lst-kix_list_1-3>li{counter-increment:lst-ctn-kix_list_1-3}.lst-kix_list_1-5>li:before{content:\"(\" counter(lst-ctn-kix_list_1-5,lower-latin) \") \"}.lst-kix_list_1-6>li:before{content:\"Not Defined \"}.lst-kix_list_2-0>li:before{content:\"\\0025cf  \"}.lst-kix_list_2-1>li:before{content:\"\\0025cf  \"}.lst-kix_list_2-8>li{counter-increment:lst-ctn-kix_list_2-8}.lst-kix_list_1-8>li:before{content:\"Not Defined \"}.lst-kix_list_2-2>li:before{content:\"\\0025cf  \"}.lst-kix_list_2-3>li:before{content:\"\\0025cf  \"}ol{margin:0;padding:0}table td,table th{padding:0}.c17{-webkit-text-decoration-skip:none;color:#000000;font-weight:400;text-decoration:underline;vertical-align:baseline;text-decoration-skip-ink:none;font-size:11pt;font-family:\"Arial\";font-style:normal}.c0{margin-left:18pt;padding-top:6pt;padding-left:18pt;padding-bottom:3pt;line-height:1.0;orphans:2;widows:2;text-align:justify}.c11{color:#000000;font-weight:700;text-decoration:none;vertical-align:baseline;font-size:6pt;font-family:\"Arial\";font-style:normal}.c22{color:#000000;font-weight:400;text-decoration:none;vertical-align:super;font-size:11pt;font-family:\"Arial\";font-style:normal}.c2{color:#000000;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:\"Arial\";font-style:normal}.c10{color:#000000;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:\"Arial\";font-style:italic}.c8{color:#000000;font-weight:700;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:\"Arial\";font-style:normal}.c19{color:#000000;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:6pt;font-family:\"Arial\";font-style:normal}.c16{color:#000000;font-weight:700;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:\"Arial\";font-style:italic}.c14{padding-top:0pt;padding-bottom:0pt;line-height:1.0;orphans:2;widows:2;text-align:justify}.c13{padding-top:6pt;padding-bottom:3pt;line-height:1.0;orphans:2;widows:2;text-align:center}.c3{padding-top:6pt;padding-bottom:3pt;line-height:1.0;orphans:2;widows:2;text-align:justify}.c21{padding-top:0pt;padding-bottom:0pt;line-height:1.0;orphans:2;widows:2;text-align:center}.c20{background-color:#ffffff;max-width:451.3pt;padding:72pt 72pt 72pt 72pt}.c4{margin-left:54pt;padding-left:36pt}.c1{padding:0;margin:0}.c5{margin-left:108pt;padding-left:49.7pt}.c12{page-break-after:avoid}.c6{height:11pt}.c7{margin-left:90pt}.c9{text-indent:-54pt}.c18{margin-left:157.7pt}.c15{margin-left:36pt}.title{padding-top:24pt;color:#000000;font-weight:700;font-size:36pt;padding-bottom:6pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}.subtitle{padding-top:18pt;color:#666666;font-size:24pt;padding-bottom:4pt;font-family:\"Georgia\";line-height:1.0;page-break-after:avoid;font-style:italic;orphans:2;widows:2;text-align:justify}li{color:#000000;font-size:11pt;font-family:\"Arial\"}p{margin:0;color:#000000;font-size:11pt;font-family:\"Arial\"}h1{padding-top:24pt;color:#000000;font-weight:700;font-size:24pt;padding-bottom:6pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}h2{padding-top:18pt;color:#000000;font-weight:700;font-size:18pt;padding-bottom:4pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}h3{padding-top:14pt;color:#000000;font-weight:700;font-size:14pt;padding-bottom:4pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}h4{padding-top:12pt;color:#000000;font-weight:700;font-size:12pt;padding-bottom:2pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}h5{padding-top:11pt;color:#000000;font-weight:700;font-size:11pt;padding-bottom:2pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}h6{padding-top:10pt;color:#000000;font-weight:700;font-size:10pt;padding-bottom:2pt;font-family:\"Arial\";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:justify}<\/style>\n<p>&nbsp;<\/p>\n<p class=\"c13\"><span class=\"c8\">Achille Ratti Climbing Club &#8211; ARCC<\/span><\/p>\n<p class=\"c13\"><span class=\"c8\">Data Protection Policy <\/span><\/p>\n<p class=\"c3\"><span class=\"c8\">Our Policy<\/span><\/p>\n<p class=\"c3\"><span class=\"c2\">ARCC is committed to complying with data protection law and to respecting the privacy rights of individuals. \u00a0The policy applies to all of our staff, workers, directors, volunteers and consultants (\u201c<\/span><span class=\"c8\">Workers<\/span><span class=\"c2\">\u201d).<\/span><\/p>\n<p class=\"c3\"><span class=\"c2\">This Data Protection Policy (\u201c<\/span><span class=\"c8\">Policy<\/span><span class=\"c2\">\u201d) sets out our approach to data protection law and the principles that we will apply to our processing of personal data. \u00a0The aim of this Policy is to ensure that we process personal data in accordance with the law and with the utmost care and respect.<\/span><\/p>\n<p class=\"c3\"><span class=\"c10\">References in this Policy to \u201cus\u201d, \u201cwe\u201d and \u201cour\u201d are to ARCC. References to \u201cyou\u201d, \u201cyourself\u201d and \u201cyour\u201d are to each Worker to whom this Policy applies. <\/span><\/p>\n<p class=\"c3\"><span class=\"c2\">We recognise that you have an important role to play in achieving these aims. \u00a0It is your responsibility, therefore, to familiarise yourself with this Policy and to apply and implement its requirements when processing any personal data. <\/span><span class=\"c16\">Please pay special attention to sections 14, 15 and 16 as these set out the practical day to day actions that you must adhere to when working or volunteering for the club. \u00a0<\/span><\/p>\n<p class=\"c3\"><span class=\"c2\">Data protection law is a complex area. \u00a0This Policy has been designed to ensure that you are aware of the legal requirements imposed on you and on us and to give you practical guidance on how to comply with them. \u00a0This Policy also sets out the consequences of failing to comply with these legal requirements. \u00a0However, this Policy is not an exhaustive statement of data protection law nor of our or your responsibilities in relation to data protection. \u00a0<\/span><\/p>\n<p class=\"c3\"><span class=\"c2\">If at any time you have any queries on this Policy, your responsibilities or any aspect of data protection law, seek advice. \u00a0Contact the ARCC Management committee.<\/span><\/p>\n<ol class=\"c1 lst-kix_list_1-0 start\" start=\"1\">\n<li class=\"c0 c12\"><span class=\"c8\">Who is responsible for data protection?<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">All our management committee members, wardens, events organisers and assistants are all responsible for data protection, and each person has their role to play to make sure that we are compliant with data protection laws. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">We are not required to appoint a Data Protection Officer (DPO), However we have still appointed the management committee to be responsible for overseeing our compliance with data protection laws.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"2\">\n<li class=\"c0 c12\"><span class=\"c8\">Why do we have a data protection policy? \u00a0<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">We recognise that processing of individuals\u2019 personal data in a careful and respectful manner cultivates trusting relationships with those individuals and trust in our brand. \u00a0We believe that such relationships will enable our organisation to work more effectively with and to provide a better service to those individuals. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">This Policy works in conjunction with other policies implemented by us from time to time, and any other policies we implement from time to time.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"3\">\n<li class=\"c0 c12\"><span class=\"c8\">Status of this Policy and the implications of breach.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Any breaches of this Policy will be viewed very seriously. \u00a0All members must read this Policy carefully and make sure they are familiar with it. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">If you do not comply with Data Protection Laws and\/or this Policy, then you are encouraged to report this fact immediately to the chairman or management committee. \u00a0This self-reporting will be taken into account in assessing how to deal with any breach, including any non-compliance which may pre-date this Policy coming into force.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Also if you are aware of or believe that any other representative of ours is not complying with Data Protection Laws and\/or this Policy you should report it in confidence to the management committee.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"4\">\n<li class=\"c0 c12\"><span class=\"c8\">Other consequences<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">There are a number of serious consequences for both yourself and us if we do not comply with Data Protection Laws. \u00a0These include:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">For you:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-3 start\" start=\"1\">\n<li class=\"c3 c5\"><span class=\"c8\">Criminal sanctions: <\/span><span class=\"c2\">Serious breaches could potentially result in criminal liability. <\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Investigations and interviews<\/span><span class=\"c2\">: Your actions could be investigated and you could be interviewed in relation to any non-compliance. \u00a0<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2\" start=\"2\">\n<li class=\"c3 c4\"><span class=\"c2\">For the organisation:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-3 start\" start=\"1\">\n<li class=\"c3 c5\"><span class=\"c8\">Criminal sanctions: <\/span><span class=\"c2\">Non-compliance could involve a criminal offence. \u00a0<\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Civil Fines:<\/span><span class=\"c2\">\u00a0These can be up to Euro 20 million or 4% of group worldwide turnover whichever is higher. \u00a0<\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Assessments, investigations and enforcement action<\/span><span class=\"c2\">: We could be assessed or investigated by, and obliged to provide information to, the Information Commissioner on its processes and procedures and\/or subject to the Information Commissioner\u2019s powers of entry, inspection and seizure causing disruption and embarrassment. \u00a0<\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Court orders: <\/span><span class=\"c2\">These may require us to implement measures or take steps in relation to, or cease or refrain from, processing personal data. \u00a0<\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Claims for compensation: <\/span><span class=\"c2\">Individuals may make claims for damage they have suffered as a result of our non-compliance. \u00a0<\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Bad publicity:<\/span><span class=\"c2\">\u00a0Assessments, investigations and enforcement action by, and complaints to, the Information Commissioner quickly become public knowledge and might damage our brand. \u00a0Court proceedings are public knowledge. <\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Loss of business: <\/span><span class=\"c2\">Prospective members, participants, players, customers, suppliers and contractors might not want to deal with us if we are viewed as careless with personal data and disregarding our legal obligations. \u00a0<\/span><\/li>\n<li class=\"c3 c5\"><span class=\"c8\">Use of management time and resources: <\/span><span class=\"c2\">Dealing with assessments, investigations, enforcement action, complaints, claims, etc takes time and effort and can involve considerable cost. \u00a0<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"5\">\n<li class=\"c0 c12\"><span class=\"c8\">Data protection laws<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">The Data Protection Act 1998 (\u201c<\/span><span class=\"c8\">DPA<\/span><span class=\"c2\">\u201d) applies to any personal data that we process, and from 25<\/span><span class=\"c22\">th<\/span><span class=\"c2\">\u00a0May 2018 this will be replaced by the General Data Protection Regulation (<\/span><span class=\"c8\">GDPR<\/span><span class=\"c2\">) and the Data Protection Act 2018 (\u201c<\/span><span class=\"c8\">DPA 2018<\/span><span class=\"c2\">\u201d) (together \u201c<\/span><span class=\"c8\">Data Protection Laws<\/span><span class=\"c2\">\u201d) and then after Brexit the UK will adopt laws equivalent to these Data Protection Laws. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">This Policy is written as though GDPR and the DPA 2018 are both in force, i.e. it states the position as from 25th May 2018.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">The Data Protection Laws all require that the personal data is processed in accordance with the Data Protection Principles (on which see below) and gives individuals rights to access, correct and control how we use their personal data (on which see below). <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"6\">\n<li class=\"c0 c12\"><span class=\"c8\">Key words in relation to data protection \u00a0<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c8\">Personal data<\/span><span class=\"c2\">\u00a0is data that <\/span><span class=\"c17\">relates to<\/span><span class=\"c2\">\u00a0a living individual <\/span><span class=\"c17\">who can be identified<\/span><span class=\"c2\">\u00a0from that data (or from that data and other information in or likely to come into our possession). \u00a0That living individual might be an employee, customer, prospective customer, supplier, contractor or contact, and that personal data might be written, oral or visual (e.g. CCTV). \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c8\">Identifiable<\/span><span class=\"c2\">\u00a0means that the individual can be distinguished from a group of individuals (although the name of that individual need not be ascertainable). \u00a0The data might identify an individual on its own (e.g. if a name or video footage) or might do if taken together with other information available to or obtainable us (e.g. a job title and company name). \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c8\">Data subject<\/span><span class=\"c2\">\u00a0is the living individual to whom the relevant personal data relates.<\/span><\/li>\n<li class=\"c0\"><span class=\"c8\">Processing<\/span><span class=\"c2\">\u00a0is widely defined under data protection law and generally any action taken by us in respect of personal data will fall under the definition, including for example collection, modification, transfer, viewing, deleting, holding, backing up, archiving, retention, disclosure or destruction of personal data, including CCTV images.<\/span><\/li>\n<li class=\"c0\"><span class=\"c8\">Data controller<\/span><span class=\"c2\">\u00a0is the person who decides how personal data is used, for example we will always be a data controller in respect of personal data relating to our employees.<\/span><\/li>\n<li class=\"c0\"><span class=\"c8\">Data processor<\/span><span class=\"c2\">\u00a0is a person who processes personal data on behalf of a data controller and only processes that personal data in accordance with instructions from the data controller, for example an outsourced payroll provider will be a data processor<\/span><span class=\"c2\">.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"7\">\n<li class=\"c0\"><span class=\"c8\">Personal data<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Data will relate to an individual and therefore be their personal data if it: <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">identifies the individual. \u00a0For instance, names, addresses, telephone numbers and email addresses;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">its content is about the individual personally. \u00a0For instance, medical records, credit history, a recording of their actions, or contact details;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">relates to property of the individual, for example their home, their car or other possessions;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">it could be processed to learn, record or decide something about the individual (or this is a consequence of processing). \u00a0For instance, if you are able to link the data to the individual to tell you something about them, this will relate to the individual (e.g. salary details for a post where there is only one named individual in that post, or a telephone bill for the occupier of a property where there is only one occupant); <\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">is biographical in a significant sense, that is it does more than record the individual&#8217;s connection with or involvement in a matter or event which has no personal connotations for them. \u00a0For instance, if an individual\u2019s name appears on a list of attendees of an organisation meeting this may not relate to the individual and may be more likely to relate to the company they represent;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">has the individual as its focus, that is the information relates to the individual personally rather than to some other person or a transaction or event he was involved in. \u00a0For instance, if a work meeting is to discuss the individual\u2019s performance this is likely to relate to the individual;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">affects the individual&#8217;s privacy, whether in their personal, family, organisation or professional capacity, for instance, email address or location and work email addresses can also be personal data;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">is an expression of opinion about the individual; or<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">is an indication of our (or any other person\u2019s) intentions towards the individual (e.g. how a complaint by that individual will be dealt with).\u00a0<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"2\">\n<li class=\"c0\"><span class=\"c2\">Information about companies or other legal persons who are not living individuals is not personal data. \u00a0However, information about directors, shareholders, officers and employees, and about sole traders or partners, is often personal data, so business related information can often be personal data.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Examples of information likely to constitute personal data:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">Unique names;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Names together with email addresses or other contact details;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Job title and employer (if there is only one person in the position);<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Video &#8211; and photographic images;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Information about individuals obtained as a result of Safeguarding checks;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Medical and disability information;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">CCTV images;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Member profile information (e.g. marketing preferences); and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Financial information and accounts (e.g. information about expenses and benefits entitlements, income and expenditure).<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"8\">\n<li class=\"c0\"><span class=\"c8\">Lawful basis for processing<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">For personal data to be processed lawfully, we must be processing it on one of the legal grounds set out in the Data Protection Laws. <\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">For the processing of ordinary personal data in our organisation these may include, among other things:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">the data subject has given their consent to the processing (perhaps on their membership application form or when they registered on the club\u2019s website)<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary for the performance of a contract with the data subject (for example, for processing membership subscriptions);<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary for compliance with a legal obligation to which the data controller is subject (such as reporting employee PAYE deductions to the tax authorities); or<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary for the legitimate interest reasons of the data controller or a third party (for example, keeping in touch with members, players, participants about competition dates, upcoming fixtures or access to club facilities).<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"9\">\n<li class=\"c0\"><span class=\"c8\">Special category data &#8211; Not collected by ARCC.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Special category data under the Data Protection Laws is personal data relating to an individual\u2019s race, political opinions, health, religious or other beliefs, trade union records, sex life, biometric data and genetic data. \u00a0<\/span><\/li>\n<li id=\"h.gjdgxs\" class=\"c0\"><span class=\"c2\">Under Data Protection Laws this type of information is known as special category data and criminal records history becomes its own special category which is treated for some parts the same as special category data. \u00a0Previously these types of personal data were referred to as sensitive personal data and some people may continue to use this term.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">To lawfully process special categories of personal data we must also ensure that either the individual has given their explicit consent to the processing or that another of the following conditions has been met:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary for the performance of our obligations under employment law;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary to protect the vital interests of the data subject. The ICO has previously indicated that this condition is unlikely to be met other than in a life or death or other extreme situation;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing relates to information manifestly made public by the data subject;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary for the purpose of establishing, exercising or defending legal claims; or<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the processing is necessary for the purpose of preventative or occupational medicine or for the assessment of the working capacity of the employee.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"4\">\n<li class=\"c0\"><span class=\"c2\">To lawfully process personal data relating to criminal records and history there are even more limited reasons, and we must either:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">ensure that either the individual has given their explicit consent to the processing; or <\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">ensure that our processing of those criminal records history is necessary under a legal requirement imposed upon us.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"5\">\n<li class=\"c0\"><span class=\"c2\">We would not normally expect to process special category personal data or criminal records history.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"6\">\n<li class=\"c0\"><span class=\"c8\">When do we process personal data?<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Virtually anything we do with personal data is processing including collection, modification, transfer, viewing, deleting, holding, backing up, archiving, retention, disclosure or destruction. \u00a0So even just storage of personal data is a form of processing. We might process personal data using computers or manually by keeping paper records. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Examples of processing personal data might include:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">Using personal data to correspond with members;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Holding personal data in our databases or documents; and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Recording personal data in personnel or member files.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"10\">\n<li class=\"c0 c12\"><span class=\"c8\">Outline <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">The \u00a0main themes of the Data Protection Laws are:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">good practices for handling personal data; <\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">rights for individuals in respect of personal data that data controllers hold on them; and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">being able to demonstrate compliance with these laws.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"2\">\n<li class=\"c0\"><span class=\"c2\">In summary, data protection law requires each data controller to:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">only process personal data for certain purposes;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">process personal data in accordance with the 6 principles of \u2018good information handling\u2019 (including keeping personal data secure and processing it fairly and in a transparent manner);<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">provide certain information to those individuals about whom we process personal data which is usually provided in a privacy notice, for example you will have received one of these from us as one of our Workers; <\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">respect the rights of those individuals about whom we process personal data (including providing them with access to the personal data we hold on them); and <\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">keep adequate records of how data is processed and, where necessary, notify the ICO and possibly data subjects where there has been a data breach.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"3\">\n<li class=\"c0\"><span class=\"c2\">Every Worker has an important role to play in achieving these aims. \u00a0It is your responsibility, therefore, to familiarise yourself with this Policy.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Data protection law in the UK is enforced by the Information Commissioner\u2019s Office (\u201c<\/span><span class=\"c8\">ICO<\/span><span class=\"c2\">\u201d). The ICO has extensive powers. <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"11\">\n<li class=\"c0 c12\"><span class=\"c8\">Data protection principles<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">The Data Protection Laws set out 6 principles for maintaining and protecting personal data, which form the basis of the legislation. All personal data must be:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">processed lawfully, fairly and in a transparent manner and only if certain specified conditions are met;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">collected for specific, explicit and legitimate purposes, and not processed in any way incompatible with those purposes (\u201cpurpose limitation\u201d);<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">adequate and relevant, and limited to what is necessary to the purposes for which it is processed (\u201cdata minimisation\u201d);<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">accurate and where necessary kept up to date;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">kept for no longer than is necessary for the purpose (\u201cstorage limitation\u201d);<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">processed in a manner that ensures appropriate security of the personal data using appropriate technical and organisational measures (\u201cintegrity and security\u201d).<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"12\">\n<li class=\"c0 c12\"><span class=\"c8\">Data subject rights<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Under Data Protection Laws individuals have certain rights (<\/span><span class=\"c8\">Rights<\/span><span class=\"c2\">) in relation to their own personal data. \u00a0In summary these are:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">The rights to access their personal data, usually referred to as a subject access request<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to have their personal data rectified;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to have their personal data erased, usually referred to as the right to be forgotten;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to restrict processing of their personal data;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to object to receiving direct marketing materials;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to portability of their personal data;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to object to processing of their personal data; and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">The right to not be subject to a decision made solely by automated data processing.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"2\">\n<li class=\"c0\"><span class=\"c2\">The exercise of these Rights may be made in writing, including email, and also verbally and should be responded to in writing by us (if we are the relevant data controller) without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. \u00a0We must inform the individual of any such extension within one month of receipt of the request, together with the reasons for the delay. <\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Where the data subject makes the request by electronic form means, any information is to be provided by electronic means where possible, unless otherwise requested by the individual.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">If we receive the request from a third party (e.g. a legal advisor), we must take steps to verify that the request was, in fact, instigated by the individual and that the third party is properly authorised to make the request. This will usually mean contacting the relevant individual directly to verify that the third party is properly authorised to make the request.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">There are very specific exemptions or partial exemptions for some of these Rights and not all of them are absolute rights. \u00a0However the right to not receive marketing material is an absolute right, so this should be complied with immediately. <\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Where an individual considers that we have not complied with their request e.g. exceeded the time period, they can seek a court order and compensation. \u00a0If the court agrees with the individual, it will issue a Court Order, to make us comply. \u00a0The Court can also award compensation. \u00a0They can also complain to the regulator for privacy legislation, which in our case will usually be the ICO.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">In addition to the rights discussed in this document, any person may ask the ICO to assess whether it is likely that any processing of personal data has or is being carried out in compliance with the privacy legislation. The ICO must investigate and may serve an \u201cInformation Notice\u201d on us (if we are the relevant data controller). \u00a0The result of the investigation may lead to an \u201cEnforcement Notice\u201d being issued by the ICO. \u00a0Any such assessments, information notices or enforcement notices should be sent directly to our management committee from the ICO. \u00a0 <\/span><\/li>\n<li id=\"h.30j0zll\" class=\"c0\"><span class=\"c2\">In the event of a management committee member receiving such a notice, they must immediately pass the communication to our chairman for discussion and action.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"13\">\n<li class=\"c0\"><span class=\"c8\">Notification and response procedure<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">If a member has a request or believes they have a request for the exercise of a Right, \u00a0they should: <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">pass the details to the Chairman who should take and record all relevant details and explain the procedure. \u00a0If possible try to get the request confirmed in writing \u00a0and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">inform the management committee of the request.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"2\">\n<li class=\"c0\"><span class=\"c2\">If a letter or fax exercising a Right is received by any member they should: <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">pass the letter to the Chairman;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the chairman must log the receipt of the letter with the management committee and send a copy of it to them; this can be added to the member record in question and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the management committee will then respond to the data subject on our behalf. <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"3\">\n<li class=\"c0\"><span class=\"c2\">If an email exercising a Rights is received by any member they should: <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">pass the email to the <\/span>C<span class=\"c2\">hairman;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the Chairman must log the receipt of the email with our management committee and send a copy of it to them; and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">the management committee will then respond to the data subject on our behalf. <\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"4\">\n<li class=\"c0\"><span class=\"c2\">The management committee will co-ordinate our response. \u00a0The action taken will depend upon the nature of the request. \u00a0The management committee will write to the individual and explain the legal situation and whether we will comply with the request. \u00a0A standard letter\/email from the management committee should suffice in most cases.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">The management committee will inform the relevant persons of any action that must be taken to legally comply. \u00a0The chairman will co-ordinate any additional activity required by the IT officer to meet the request.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">The member who receives the request will be responsible for ensuring that the information is brought to the attention of the chairman and management committee and they in turn will ensure relevant response is made within the time period required.<\/span><\/li>\n<li id=\"h.1fob9te\" class=\"c0\"><span class=\"c2\">The management committee\u2019s reply will be validated by the Chairman producing the response. For more complex cases, the letter\/email to be sent will be checked by legal advisors.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"14\">\n<li class=\"c0 c12\"><span class=\"c8\">Your main obligations<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">What this all means for you can be summarised as follows:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">Treat all personal data with respect;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Treat all personal data how you would want your own personal data to be treated;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Immediately notify your chairman or management committee if any individual says or does anything which gives the appearance of them wanting to invoke any rights in relation to personal data relating to them;<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Take care with all personal data and items containing personal data you handle or come across so that it stays secure and is only available to or accessed by authorised individuals; and<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Immediately notify the chairman or management committee if you become aware of or suspect the loss of any personal data or any item containing personal data. \u00a0For more details on this see our separate Data Breach Policy which applies to all our Workers regardless of their position or role in our organisation.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2\" start=\"6\">\n<li id=\"h.3znysh7\" class=\"c3 c4\"><span class=\"c2\">No one person will carry this additional task, it is the responsibility of the entire management committee to ensure club compliance with current legislation, reference to the chairman throughout is on the basis that he or she is the spokesperson for the club.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"15\">\n<li class=\"c0\"><span class=\"c8\">Your activities<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Data protection laws have different implications in different areas of our organisation and for different types of activity, and sometimes these effects can be unexpected. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">Areas and activities particularly affected by data protection law include human resources, payroll, security (e.g. CCTV), customer care, sales, marketing and promotions, health and safety and finance. \u00a0<\/span><\/li>\n<li id=\"h.2et92p0\" class=\"c0\"><span class=\"c2\">You must consider what personal data you might handle, consider carefully what data protection law might mean for you and your activities, and ensure that you comply at all times with this policy. \u00a0<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"16\">\n<li class=\"c0 c12\"><span class=\"c8\">Practical matters<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Whilst you should always apply a common sense approach to how you use and safeguard personal data, and treat personal data with care and respect, set out below are some examples of dos and don\u2019ts:<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-2 start\" start=\"1\">\n<li class=\"c3 c4\"><span class=\"c2\">Do not take personal data out of the organisation\u2019s premises (unless absolutely necessary).<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Only disclose your unique logins and passwords for any of our IT systems to authorised personnel (e.g. IT) and not to anyone else.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Never leave any items containing personal data unattended in a public place, e.g. on a train, in a caf\u00e9, etc and this would include paper files, mobile phone, laptops, tablets, memory sticks etc.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Never leave any items containing personal data in insecure locations, e.g. in car on your drive overnight and this would include paper files, mobile phone, laptops, tablets, memory sticks etc.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">If you are staying at a hotel then utilise the room safe or the hotel staff to store items containing personal data when you do not need to have them with you.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do encrypt laptops, mobile devices and removable storage devices containing personal data.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do lock laptops, files, mobile devices and removable storage devices containing personal data away and out of sight when not in use. <\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do password protect documents and databases containing personal data.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Never use removable storage media to store personal data unless the personal data on the media is encrypted.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">When picking up printing from any shared printer always check to make sure you only have the printed matter that you expect, and no third party\u2019s printing appears in the printing.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Use confidential waste disposal for any papers containing personal data, do not place these into the ordinary waste, place them in a bin or skip etc, and either use a confidential waste service or have them shredded before placing them in the ordinary waste disposal.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do dispose of any materials containing personal data securely, whether the materials are paper based or electronic.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">When in public place, e.g. a train or caf\u00e9, be careful as to who might be able to see the information on the screen of any device you are using when you have personal information on display. \u00a0If necessary move location or change to a different task.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do ensure that your screen faces away from prying eyes if you are processing personal data, even if you are working in the office. \u00a0Personal data should only be accessed and seen by those who need to see it.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do challenge unexpected visitors or employees accessing personal data.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do not leave personal data lying around, store it securely. \u00a0<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">When speaking on the phone in a public place, take care not to use the full names of individuals or other identifying information, as you do not know who may overhear the conversation. \u00a0Instead use initials or just first names to preserve confidentiality.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">If taking down details or instructions from a customer in a public place when third parties may overhear, try to limit the information which may identify that person to others who may overhear in a similar way to if you were speaking on the telephone.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Never act on instructions from someone unless you are absolutely sure of their identity and if you are unsure then take steps to determine their identity. \u00a0This is particularly so where the instructions relate to information which may be sensitive or damaging if it got into the hands of a third party or where the instructions involve money, valuable goods or items or cannot easily be reversed.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do not transfer personal data to any third party without prior written consent of your chairman.<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">Do notify your chairman or management committee immediately of any suspected security breaches or loss of personal data. \u00a0<\/span><\/li>\n<li class=\"c3 c4\"><span class=\"c2\">If any personal data is lost, or any devices or materials containing any personal data are lost, report it immediately to our chairman or management committee. For more details on this see our separate Data Breach Policy which applies to all our Workers regardless of their position or role in our organisation.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1\" start=\"2\">\n<li class=\"c0\"><span class=\"c2\">However you should always take a common sense approach, and if you see any areas of risk that you think are not addressed then please bring it to the attention of our chairman or management committee.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"17\">\n<li class=\"c0\"><span class=\"c8\">Foreign transfers of personal data<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">Personal data must not be transferred outside the European Economic Area (<\/span><span class=\"c8\">EEA<\/span><span class=\"c2\">) unless the destination country ensures an adequate level of protection for the rights of the data subject in relation to the processing of personal data or we put in place adequate protections. This is mainly relevant to data held and accessed in Cloud-based services as well as some data processing the club may outsource like payroll processing or performance data analysis<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">These protections may come from special contracts we need to put in place with the recipient of the personal data, from them agreeing to be bound by specific data protection rules or due to the fact that the recipients own country\u2019s laws provide sufficient protection.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">These restrictions also apply to transfers of personal data outside of the EEA even if the personal data is not being transferred outside of our group of companies.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">You must not under any circumstances transfer any personal data outside of the EEA without your chairman or management committee\u2019s prior written consent. \u00a0<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">We will also need to inform data subjects of any transfer of their personal data outside of the UK and may need to amend their privacy notice to take account of the transfer of data outside of the EEA.<\/span><\/li>\n<li class=\"c0\"><span class=\"c2\">If you are involved in any new processing of personal data which may involve transfer of personal data outside of the EEA, then please seek approval of your chairman or management committee prior to implementing any processing of personal data which may have this effect.<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-0\" start=\"18\">\n<li class=\"c0 c12\"><span class=\"c8\">Queries<\/span><\/li>\n<\/ol>\n<ol class=\"c1 lst-kix_list_1-1 start\" start=\"1\">\n<li class=\"c0\"><span class=\"c2\">If you have any queries about this Policy please contact either your chairman or the management committee in the first instance.<\/span><\/li>\n<\/ol>\n<div>\n<p class=\"c14\"><span class=\"c11\">27139925.1<\/span><\/p>\n<p class=\"c6 c21\">\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; &nbsp; Achille Ratti Climbing Club &#8211; ARCC Data Protection Policy Our Policy ARCC is committed to complying with data protection law and to respecting the privacy rights of individuals. \u00a0The policy applies to all of our staff, workers, directors, &hellip; <a href=\"https:\/\/achille-ratti-climbing-club.co.uk\/?page_id=447\">Continued<\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"kt_blocks_editor_width":"","ngg_post_thumbnail":0,"_EventAllDay":false,"_EventTimezone":"","_EventStartDate":"","_EventEndDate":"","_EventStartDateUTC":"","_EventEndDateUTC":"","_EventShowMap":false,"_EventShowMapLink":false,"_EventURL":"","_EventCost":"","_EventCostDescription":"","_EventCurrencySymbol":"","_EventCurrencyCode":"","_EventCurrencyPosition":"","_EventDateTimeSeparator":"","_EventTimeRangeSeparator":"","_EventOrganizerID":[],"_EventVenueID":[],"_OrganizerEmail":"","_OrganizerPhone":"","_OrganizerWebsite":"","_VenueAddress":"","_VenueCity":"","_VenueCountry":"","_VenueProvince":"","_VenueState":"","_VenueZip":"","_VenuePhone":"","_VenueURL":"","_VenueStateProvince":"","_VenueLat":"","_VenueLng":"","_VenueShowMap":false,"_VenueShowMapLink":false,"footnotes":""},"class_list":["post-447","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=\/wp\/v2\/pages\/447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=447"}],"version-history":[{"count":4,"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=\/wp\/v2\/pages\/447\/revisions"}],"predecessor-version":[{"id":546,"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=\/wp\/v2\/pages\/447\/revisions\/546"}],"wp:attachment":[{"href":"https:\/\/achille-ratti-climbing-club.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}