Our lead person for data protection is the Clerk to The Parish Council, Tammy Heavens, acting as our Data Protection Officer whose role is to ensure that the Parish Council meets the requirements of the General Data Protection Regulations. Our DPO will liaise with the relevant statutory bodies when necessary, and respond to any Subject Access Requests. However, in brief, our Data Protection Policies are:-
Subject Access Requests
- Personal Data shall be processed fairly and lawfully
- Personal Data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal Data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed.
- Personal Data shall be accurate and, where necessary, kept up to date.
- Personal Data processed for any purpose shall not be kept for longer than is necessary and for that purpose or those purposes.
- Personal Data shall be processed in accordance with the rights of Data Subjects under the Data Protection Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data.
- Personal Data shall not be transferred to a country or territory outside the European Union unless that country or territory ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of Personal Data.
- Individuals can ask to see the information and records relating to any information that we keep about themselves.
- We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
- If our information is found to be incorrect or out of date, we will update it promptly.
- If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner's Office (ICO).
We comply with the requirements of the General Data Protection Regulations (GDPR), regarding obtaining, storing and using Personal Data.