This policy applies to all staff, volunteers, contractors, suppliers, and others working on behalf of Chinese Community Centre Birmingham.
The purpose of this document is to outline the standards by which employees, associates, contractors, contingent workers (all hereafter referred to as associates) of Chinese Community Centre Birmingham process personal data about individuals.
- ‘Process’ can include the collection, manipulation, storage, and disclosure of personal data.
- ‘Personal Data’ includes any information relating to a person that can be used to identify them, including an email address, IP address, location data, an ID number, health data, sex, and sexual orientation, among others.
These rules apply regardless of how the data is collected and stored – be it electronic, on paper, or through another medium.
Practice Principles
Chinese Community Centre Birmingham and those working on its behalf must abide by the following principles:
- Fair, Lawful, and Transparent Processing. We will clearly state our intentions in processing personal data and state whether we intend to share the personal data with another party. We will give the right to review the personal data. If applicable, we will also indicate how long we intend to keep that information.
- Purpose Limitation. We will ensure that personal data will only be processed for the purposes originally described and agreed upon with the data subjects (staff, clients, etc.). We use and store the personal data for as long as reasonably necessary. Personal data that is stored is protected against unauthorized access or modification (pseudonymized or secured through encryption and/or industry standard access controls).
- Accuracy. We will audit the personal data we store and process to reasonably ensure accuracy. If we find inaccurate information, we will rectify the issue by correcting or disposing of the inaccurate data and inform applicable parties.
- Security. We will implement reasonable measures no less adequate than industry standards to ensure that personal data is safeguarded against unauthorized or unlawful processing and accidental loss.
- Individual Rights Enablement. We will make sure that all individuals whose personal data has been processed or stored will have knowledge of such processing and storage, and their appropriate rights.
- International Transfer Protection. We will validate that before transferring personal data out of the country the recipient party ensures adequate protection.
Implementation
General Staff Guidelines:
- The only people able to access personal data covered by this policy should be those who have a need to perform their job duties and are authorized by their manager or senior management.
- Personal data must not be shared without proper authorization. When access to personal data is required, associates must make a request to their managers if it is outside of their normal job duties.
- Chinese Community Centre Birmingham must provide appropriate data privacy training to all associates.
- Associates must keep all personal data secure by following company policies and taking reasonable precautions including using strong passwords, refraining from disclosing information to unauthorized people.
- Personal Data must be reviewed and updated or removed as reasonably needed.
- Associates must be aware of this policy and be aware of a process to request help from the appropriate responsible party within the company (the Data Protection Officer or designated representative).
Data Use
- When working with personal data, associates must take reasonable steps to safeguard the information (either displayed on computer screens or on paper) and prevent unauthorized access.
- Personal data must not be shared without proper authorization.
- Personal data in electronic or digital form must be stored or transferred using approved encryption no less secure than current industry standards.
- Personal data in paper or printed form must be secured from unauthorized access or destruction.
- Personal data must not be transferred outside the country or to third parties without prior approval from the Data Protection Officer or Designated Representative (or other relevant company authority).
- Personal data must only be transferred to other parties that have adequate legal and operational safeguards no less secure than described in this policy and current industry standards.
- Associates must not make unauthorized copies of personal data.
Data Storage
- When personal data is stored on paper, it must be kept in a secure area or container to prevent unauthorized access.
- When personal data is stored electronically, it must be protected from unauthorized access, accidental deletion and alteration. Generally personal data:
|
Data Accuracy
- Associates must ensure personal data is updated regularly.
- Chinese Community Centre Birmingham must provide a way for data subjects to access and update their personal data.
- Personal data must be updated promptly when inaccuracies are identified.
Data Records And Disclosure
Chinese Community Centre Birmingham will maintain a record of each processing activity performed on its behalf concerning personal data. Each record of processing will contain:
- contact details of the controller and the relevant representatives and processors performing the activity.
- purposes of processing, and a description of the categories of personal data being processed.
- retention period for the personal data being processed.
- access requirements of associates and third parties that may have access to the personal data and their locations.
- security measures and safeguards if personal data will leave the country for international data transfers.
Certain circumstances (e.g. legitimate interests, law enforcement requests, or for safeguarding) may require Chinese Community Centre Birmingham to disclose personal data without the consent of the data subject. Any such disclosures must be authorized and carried out by the Data Protection Officer or Designated Representative.
Transparency
Individuals that have their personal data processed by using services (including websites) or interacting with Chinese Community Centre Birmingham have a right to:
- be informed how their personal data is being used and;
- exercise their rights as described by the General Data Protection Regulation.
Chinese Community Centre Birmingham must have a privacy policy that is reasonably clear and understandable, easily accessible, and in conformance with the General Data Protection Regulation. This policy must be approved by an appropriate management representative of Chinese Community Centre Birmingham.
Individuals whose personal data is collected, stored or processed by Chinese Community Centre Birmingham are entitled to:
- Ask what personal data the company collects about them and why.
- Ask how to gain access to the personal data.
- Understand how they can keep their personal data up to date or request the personal data to be erased.
- Be informed how the company adheres to applicable data protection requirements.
Roles And Responsibilities
Chinese Community Centre Birmingham associates have the responsibility for ensuring personal data is collected, stored, and processed in accordance with this policy and the General Data Protection Regulation.
The following people have key areas of responsibility:
1. Chinese Community Centre Birmingham management is accountable for ensuring compliance with this policy and the General Data Protection Regulation, including:
|
2. Ensuring business activities such as marketing and communications that include the collection, processing and storage of personal data are compliant with this policy and the General Data Protection Regulation.
|
3. The Chinese Community Centre Birmingham IT manager (or equivalent role) is responsible for:
|