DATA PROTECTION STATEMENT
The General Data Protection Regulations (GDPR) are directly applicable to all organisations holding or processing personal data – including North West Highlands Geopark (NWHG). NWHG is a data controller in terms of the regulations and as such must comply with GDPR in how it processes and manages members’ personal data
NWHG will necessarily hold personal data relating to you that can identify you. That obviously includes names and addresses but can include other data. GDPR regulates how such data must be held to ensure data security and protect against unauthorised use of your personal data. NWHG will process and share your data only in accordance with GDPR and where there is a legal basis and a clear purpose for us to do so.
NWHG will only access your personal data;
- For our own legitimate interest
- To comply with a legal obligation
- With your consent
As a member of NWHG you have the following rights;
- Right to be informed about our processing of your data
- Right to correct data held
- Right to object to processing personal data
- Right to restrict processing of personal data
- Right to erase personal data
- right to access personal; data
- Right not to transfer personal data
NWHG is a data controller registered with the Information Commissioner’s Office and in processing data we will adhere to the following principles;
Data Lawfully Held – We will hold personal data lawfully, fairly and transparently. We will obtain member’s consent to store and use their personal data unless otherwise provided for. We will delete data which is excessive, inaccurate or out of date or where you ask us to
Legitimate Interest – We will also hold data and process data where it is necessary to serve the purposes or the legitimate interest of the member
Necessary Purpose –We will hold data only to communicate the Activities of NWHG and to invite you to related Events and only for so long as is necessary. We will delete data that is no longer required or where requested by you.
Members Right to Access Data – NWHG will provide electronic copies of personal data to individual data subjects on request. NWHG will also advise the data subject the data we are processing, where their data is stored and for what purpose.
Right to be forgotten – You are entitled at any time to request that NWHG delete your personal data.
Data portability – You have the right to transmit your data from one data controller to another. To that end NWHG will provide your personal data in a ‘commonly used and machine-readable format.’
Privacy by design – Privacy by design is now a legal requirement in GDPR. This means that security must be built into our processes from day one.
Period for holding data – legal docs/personal data/non-investment data
Third Party Access – we will not pass your data on to third parties unless they have a legitimate interest, and we are satisfied that the third party are NWHG compliant.
Purpose– NWHG will hold personal data only for communicating the activities of NWHG and for no other purpose. Unless you consent or request otherwise other data will be held for a maximum of 3 years.
Security – All personal data held be NWHG will be held securely on Password protected PC’s.
Record of Data Processing – We maintain a record of data processing so that you can be clear as to how your data is being used by NWHG. This record was last updated on 25 May 2018 and shall be regularly monitored and reviewed at least every 2 years.
Breach of Data Regulation – We are obliged to notify the ICO of any breach of data regulation within 72 hours