Community Association Data Protection Policy
- 1. Introduction
Bilston Community Association is committed to protecting the privacy and
security of personal data. This policy outlines how we collect, store,
process, and share personal information in compliance with the UK General
Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope This policy applies to all staff, volunteers, trustees,
and service users who handle personal data in connection with the community
centre’s activities.
3. Principles of Data Protection
We
adhere to the following principles when processing personal data:
Lawfulness, fairness, and transparency – Data is processed legally and
transparently.
Purpose limitation – Data is collected for specific,
legitimate purposes.
Data minimisation – Only necessary data is
collected.
Accuracy – Data is kept up-to-date and accurate.
Storage limitation – Data is retained only as long as necessary.
Integrity and confidentiality – Data is protected against unauthorised
access.
4. Data We Collect
We may collect the following
personal data:
Names, addresses, and contact details
Emergency
contact information
Health information (if relevant to services
provided)
Membership records
Financial details for payment
processing
Photographs and video recordings (with consent)
5. How We Use Personal Data
We process personal data for:
Managing memberships and services
Communicating with users and
stakeholders
Safeguarding and health & safety purposes
Fundraising and reporting to funding bodies
Complying with legal
obligations
6. Lawful Bases for Processing
We process data
under the following legal bases:
Consent (e.g., for marketing)
Contractual necessity (e.g., event registration)
Legal
obligations (e.g., safeguarding)
Legitimate interests (e.g.,
operational management)
7. Data Sharing and Third Parties
Personal data will only be shared when necessary and in compliance with UK
GDPR. This may include:
Authorities (e.g., safeguarding agencies)
Funders (for reporting purposes)
IT service providers (for secure
data storage)
Event organisers (with permission)
We do not
sell or trade personal data.
8. Data Security and Storage
We
take appropriate security measures, including:
Password-protected
systems
Locked filing cabinets for paper records
Restricted
access to personal data
9. Retention and Disposal of Data
We retain
personal data only as long as necessary. When no longer required, data is
securely deleted or shredded.
10. Data Subject Rights
Individuals have the right to:
Access their personal data
Request correction of inaccurate data
Request deletion of their data
(subject to legal requirements)
Object to data processing in certain
circumstances
Withdraw consent where applicable
CCTV
Recordings are only viewed in the event of an Accident or Security
requirement. They are normall on a regular basis.y deleted automatcally
Requests
should be submitted in writing to the Secretary.
11.
Data Breaches
In the event of a data breach, we will:
Assess
the breach and its impact
Notify affected individuals if required
Report significant breaches to the Information Commissioner’s Office
(ICO) within 72 hours
12. Policy Review and Contact Information
This policy is reviewed annually or when legal changes occur.