Data Protection Policy
How Stoke On Trent City Centre Partnership uses Personal Data
Introduction
Stoke On Trent City Centre Partnership collects, holds and processes personal data relating to its members, which is essential for it to manage its operations fairly and effectively. These activities are carried out in accordance with the General Data Protection Regulation 2016 and Stoke On Trent City Centre Partnership’s Data Protection & Retention Policy.
The data held by Stoke On Trent City Centre Partnership, is mainly taken from the details that members provide during the joining / registration process, and may be added to during the course of their membership, as necessary and appropriate.
During the joining / registration process and any contractual changes during membership, members give their consent for Stoke On Trent City Centre Partnership to process and retain their personal and company data, with a legitimate interest for doing so.
Stoke On Trent City Centre Partnership provides this Privacy and Fair Processing Notice to inform members of how their personal and company data will be processed by Management and the purposes for which the data has been collected.
What is personal data?
As a general guide, anything that counted as personal data under the Data Protection Act also qualifies as personal data under the GDPR. Under the Regulation, personal data is data which relates to a living/natural individual who can be identified from that data or from other information which is in the possession of, or is likely to come into the possession of, the data controller. In this case, the data controller is Stoke On Trent City Centre Partnership. It includes any expression of opinion about the individual as well as statements of fact.
IP addresses now qualify as personal data. Other data, like economic, cultural or mental health information, are also considered personally identifiable information. ‘Pseudonymised’ personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
What is meant by data ‘processing’?
The processing of data includes obtaining, recording, storing, organising, maintaining, updating, retrieving, using, disclosing, transferring, and deleting.
Is consent to data processing always necessary for employment purposes?
According to Article 9, S.2(b) of the GDPR:
Consent is not required where “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment …. for appropriate safeguards for the fundamental rights and the interests of the data subject;” provided the connection is conferred or imposed by Law.
Types of personal data processed
Types of personal data that Stoke On Trent City Centre Partnership may process, although not an exhaustive list, are:
- Personal details (name, address, photographs or other digital images, date of birth, contact details)
- E-mail addresses
- Registration form and any references
- Financial information such as bank details, etc
- Qualifications and professional registration details and certificates
- Eligibility to work documents, licences and clearances
- Dispute or litigation case information
- CCTV footage
- Emergency contact information
The General Data Protection Regulation 2016
The Regulation requires Stoke On Trent City Centre Partnership to process personal data in line with its 7 principles:
- Fairly, lawfully and transparently – the Data Subject has given consent
- Purpose limitation – consider what the data is held for
- Data minimisation – nothing held that isn’t necessary
- Accuracy – information must be correct and up to date
- Storage limitation – for no longer than is reasonably necessary
- Integrity & confidentiality – data to only be accessed by authorised people
- Accountability – the Data Controller (company) has the burden of proof to evidence that they are compliant, not the individual (this is a major change from the DPA).
How your personal data will be used by Stoke On Trent City Centre Partnership
To manage its operations effectively, provide services to members and meet certain legal requirements, Stoke On Trent City Centre Partnership will process and maintain the personal data and company data of its members. This personal data may include all or any of the above listed data types.
Personal data may be shared by Stoke On Trent City Centre Partnership to provide members with services and network support.
Stoke On Trent City Centre Partnership may also use personal data and/or company data to produce non-identifiable statistical data for analysis to fulfil monitoring commitments for purposes such as Equality & Diversity, demographical reports, etc.
Sharing your personal data (disclosures to third parties)
Stoke On Trent City Centre Partnership may disclose appropriate personal and company data to third parties where there is a legitimate need or obligation, during or after a member’s membership. Such disclosure is subject to procedures to ensure the identity and legitimacy of such agencies. These third parties may include the following:
- Stoke On Trent City Council
- Accrediting bodies e.g. HSE etc.
- HMRC
- Other relevant partner organisations, such as accredited training providers, partner Law Firms, etc.
- Third parties performing or providing resources for administrative functions on Stoke On Trent City Centre Partnership’s behalf
- The Government and other local authorities during information gathering exercises when Stoke On Trent City Centre Partnership is legally obliged to provide data
- Police, crime or taxation agencies regarding the detection or prevention of a crime
This is not an exhaustive list and such third parties may have access to employee data only for the purpose of performing their function.
Any disclosures to third parties not listed here will be made only where there is a legitimate reason to do so and in accordance with the law and with prior affirmative consent from the member.
Stoke On Trent City Centre Partnership may also use third party companies as data processors to carry out certain administrative functions on the company’s behalf. If so, a written contract will be put in place to ensure that any personal data disclosed will be held in accordance with the GDPR.
Member rights
Members have certain rights and responsibilities regarding their personal and company data, including:
- To know what personal data Stoke On Trent City Centre Partnership holds about them and what it is used for
- To securely access and review their own personal data
- To request that their personal data is accurately updated/rectified if they believe that it is out of date or incorrect (supporting evidence must be provided, where appropriate)
- To request to have their data erased and to ‘be forgotten’ (this is not an automatic right, but if granted, Stoke On Trent City Centre Partnership will ensure total deletion of data, i.e. from its own systems and those of partner organisations/third parties)
- To know how Stoke On Trent City Centre Partnership is complying with its obligations under the Regulation
- To make a complaint if they believe that the GDPR and/or Stoke On Trent City Centre Partnership’ Data Protection/Retention policy has not been followed.
Members have a responsibility to ensure that the personal and company information they provide to Stoke On Trent City Centre Partnership is accurate and up to date.
Members wishing to receive a copy of their own data can do so by making a Subject Access Request to the Management Team.
Further information
For any queries regarding the General Data Protection Regulation and how this affects your membership, please contact the Management Team.
The Information Commissioner's Office: www.ico.org.uk.