Privacy Policy

The North Norfolk Coastal Group (NNCG) Data Protection Policy

About Data Protection:

Data protection is about protecting people’s privacy. This is the purpose of data protection in any organisation, and is at the heart of data protection law, including the UK General Data Protection Regulation (GDPR) and the Data Protection Act of 2018.

At NNCG we adhere to the principles of GDPR and the Data Protection Act of 2018:

We understand what personal data is.

We only collect, store or use personal data if the group needs to do so for a clear,

specific purpose.

We only collect, store and use the minimum amount of data we need for our purposes. Irrelevant or out-of-date information is removed from our records and destroyed.

We make sure the personal data we hold is accurate and kept up to date.

If anyone wants to remove their data from our records they can do so by contacting the NNCG management team using the contact details on the website.

We will always let members know what data we have about them if they ask, why we are holding that data and we will remove it if requested.

We store data securely.

All data collected on behalf of the NNCG belongs to the NNCG and not to any of the management team personally.

 

Definitions

  1. Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.
  2. Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

Responsibility

  1. Overall and final responsibility for data protection lies with the management team, who are responsible for overseeing activities and ensuring this policy is upheld.

Overall policy statement 

  1. NNCG needs to keep personal data about its team, members and any associated organisations who provide services, guidance or support in order to carry out group activities.
  2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the UK General Data Protection Regulation (GDPR) and other relevant legislation.

  3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.

  4. We will only collect, store and use data for:

Purposes for which the individual has given explicit consent, or

Purposes that are in our our group’s legitimate interests, or

Contracts with the individual whose data it is, or

To comply with legal obligations, or

To protect someone’s life, or

To perform public tasks.

  1. We will provide individuals with details of the data we have about them when requested by the relevant individual.
  2. We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.
  3. We will endeavour to keep personal data up-to-date and accurate.
  4. We will store personal data securely.
  5. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.
  6. We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.
  7. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.
  8. To uphold this policy, we will maintain a set of data protection procedures for our management team and members to follow.

Review

This policy will be reviewed every two years: Date 10 August 2022

Data protection procedures

Introduction

  1. NNCG has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
  2. These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.

General procedures

  1. Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored online in a third party website (e.g. Google Drive) we will ensure the third party complies with the UK GDPR. When it is stored on paper it will be filed carefully in a locked filing cabinet.
  2. When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.
  3. We will keep records of consent given for us to collect, use and store data. These records will be stored securely.

3 Mailing list/contacts

  1. We will maintain a list of contacts. This will include the names and contact details of people who wish to receive information from the NNCG and associated organisations via a number of methods of communication. This includes but is not limited to emails, newsletters, WhatsApp groups and a website based members’ area.
  2. When people sign up to the list of contacts we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will only send them messages which are necessary to the activities of the group and which they have expressly consented to receive.
  3. We will not use the mailing list in any way that the individuals on it have not explicitly consented to.

For any further questions or to request your personal data is removed please contact sarah@nncg.org.uk