HCS GDPR Policy
We will ensure that:
- there is appropriate security to prevent personal data being accidentally or deliberately compromised;
- there is a named person in HCS who is responsible for ensuring information security;
- the data base will be backed up;
- all emails within HCS will be sent ‘blind’ (bcc), with a copy to the person who is sending the email, unless those emails pertain to a group discussion, eg within the HCS Committee, and with those members’ prior consent;
- emails which are no longer needed will be deleted;
- the password for the designated Committee member will be their own personal password for their computer etc and their mobile phone;
- hard copies of the database will be kept in a safe place in the designated Committee member’s home, but may be brought to choir practices for reference.
Disclosure of personal data
We will always be aware that:
- HCS has a legal duty not to disclose data exceptto HMRC in order to claim Gift Aid;
- HCS has a legal duty to disclose information to investigative authorities if requested to do so.
Keeping personal data
The Act does not set out any specific minimum or minimum periods for retaining personal data. However, we will:
- review the length of time we keep personal data;
- consider the purpose(s) for which we hold the information in deciding whether, and/or for how long to retain it;
- delete information whichis no longer needed for this purpose or purposes;
- update, archive or delete information if it becomes out of date.
Data protection rights and duties
Our duties under the Act apply throughout the period when personal data is processed. Therefore we will:
- ensure that we comply with the Act from the moment we obtain the data until the time when the data has been returned, deleted or destroyed;
- ensure that personal data, when we no longer need to keep it, will be disposed of and in a way which does not prejudice the interests of the individuals concerned.