Freckleton Band has a new GDPR policy which defines how we collect, manage and protect the personal data of its members and third parties. This document sets out the guidelines that need to be followed by all members when working with such data.
Personal Data is defined as in the General Data Protection Regulations, that is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For the purposes of this policy, this includes but is not limited to:
Freckleton Band shall gain consent from all individuals, or their legal guardians, before collecting and processing Personal Data. Such consent shall be recorded by the Chairman or appointed deputy.
Freckleton Band and its committee may use Personal Data for the following purposes:
All Personal Data must be stored appropriately by the committee in either:
Personal Data must never be stored on an unprotected computer without a password.
Should a member of the committee store Personal Data and subsequently leave the committee, they must ensure a copy of such data is provided to the Chairman and then destroy their copy.
Any person may request deletion of their Personal Data. The Chairman shall ensure that all requests are enacted within 14 days of receiving the request.
All Personal Data shall be reviewed at least every six months and any data no longer required shall be destroyed.
Personal Data of any members under 18 shall never be provided to any external body or third party.
Ratified at committee meeting June 2018.