Data Protection Policy: Feb 2008, updated Jun 2016
Data Protection Policy
The Bristol Zoological Society (BZS) is committed to meeting its obligations under the Data Protection Act of 1998. This policy informs employees of the existence of current legislation and gives a brief outline of key messages within the Act.
BZS will only use data in ways relevant to carrying out its legitimate purposes and functions as a charity in a way that is not prejudicial to the interests of individuals.
3. Application of the Act
The Act applies to all information processed, whether electronic or manual format, which can identify a living individual, and is stored in a structured filing system: i.e. one which allows recall of the information by name or any other identifying characteristic of the person.
4. The Principles
The principles of the Act are that personal data should be:
· Fairly and lawfully processed
· Processed for limited purposes
· Adequate, relevant and not excessive
· Accurate and up to date
· Not kept for longer than is necessary
· Processed in line with the rights of the data subject
· Not transferred to other countries without adequate protection
5. Data Storage and Processing
Data may be stored in many different ways, for example in databases, ordered manual files, MS Word, or MS Excel format. Data will be kept secure by regular office security procedures or through controls over the computer network.
Appropriate controls are in place to ensure all data processors have signed the Data Confidentiality Agreement and have been given access only to the data required to carry out their job.
6. Subject Access
In accordance with the Data Protection Act 1998 an individual is entitled to be informed whether personal data are being processed by or on behalf of the data controller. Personal data will only be supplied if the data controller has been supplied with such information in order to satisfy himself as to the identity of the person making the request. The request should be submitted in writing and is subject to a fee of £10.
7. Requests to cease processing data
If an individual requests that BZS cease processing their data, then BZS will do so at the earliest possible opportunity. Even if the individual requests that “all information be deleted” it is permissible to retain skeleton data for that person as a record of their request not to be contacted. Without doing this it is difficult for BZS to ensure that the person’s wishes continue to be carried out. Data Protection Policy: Feb 2008, updated Jun 2016
1.1 Data means information which:
a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,
b) is recorded with the intention that it should be processed by means of such equipment, or
c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system.
1.2 Data controller means:
a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
1.3 Data processor in relation to personal data means:
any person (other than an employee of the data controller) who processed the data on behalf of the data controller.
1.4 Data subject means:
an individual who is the subject of personal data.
1.5 Direct marketing means:
the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals.
1.6 Personal data means:
a) data which relate to a living individual who can be identified from those data, or
b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
c) includes any expression of opinion/intention about the individual.
1.7 Processing, in relation to personal data means:
obtaining, recording or holding the data or carrying out operation on the data, including organisation, adaptation or alteration of data, retrieval , consultation or use of the data, disclosure of the data by transmission, dissemination or otherwise making available, or alignment, combination, blocking, erasure or destruction of the data.
1.8 Relevant filing system means:
any set of information relating to individuals which is held in such a way that particular information relating to a particular individual is readily accessible.
1.9 Unless the data subject has made the information public, the following is sensitive personal data:
a) the racial or ethnic origin of the data subject,
b) political opinions,
c) religious beliefs,
d) whether a member of a trade union,
e) physical or mental health or condition,
f) sexual life.
Data Protection Policy: Feb 2008, updated Jun 2016
2. Fair and Lawful Processing
Consent to process data is only required if that data is sensitive personal data (see below). Otherwise, the data processing needs to be for the legitimate interests of BZG, for example for marketing, fundraising and so on.
If data is gathered from individuals, for example, when collecting contact information from new members:
· The data subject must not have been misled or deceived as to the reasons why data was requested
· Information must be provided to data subjects about
- The identity of the data controller
- The purpose(s) for which the data is being processed
- The consequences of such processing
- Whether particular disclosures are envisaged.
This is the information BZS routinely provides, for example, on all its marketing and information leaflets.
3. Individuals unconnected with BZS
For certain purposes, BZS will hold information on individuals who are not members of or guests to the Zoo and Wild Place Project, such as potential donors, or prospects. The Act requires that such individuals are provided with a fair processing statement “at the time that the data is collected, or as soon as practicable thereafter”. In practice, this will be by means of one of our standard documents at the first normal time of contact.
4. Sensitive Personal Data
Unless the data subject has made the information public, the following is sensitive:
· Racial or ethnic origin
· Political opinion or affiliation
· Religious or other beliefs of a similar nature
· Membership of trades unions
· Physical or mental health or condition
· Sexual Life
· The commission of any offence or criminal records
· This does not include financial, employment or family information
This policy will be revised as often as may be appropriate and issued to all BZS staff and volunteers.
Approved by SMT
Approved by the BZS Finance & Audit Committee: 4 July 2016