Data Protection Policy – Fair Housing for Frome CIC
Fair Housing for Frome CIC holds data about individuals for a variety of business purposes in pursuance of our objectives.
This policy sets out how we seek to protect personal data and ensure that everyone involved
understands the rules governing our use of personal data.
Our Data Protection Officer, Andy Jones, has overall responsibility for the day-to-day implementation of this policy. Any enquiries should be sent to them using the following details: Email andrewhjones001@live.co.uk or in case of urgent need telephone 07767 414785,
Our procedures
Fair and lawful processing
We will process personal data fairly and lawfully in accordance with individuals’ rights.
Accuracy
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained, and that it is not held for longer than is necessary for the business purposes set out above. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform the Data Protection Officer.
The Data Protection Officer’s responsibilities
Keeping the board updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and policies on a regular basis.
Ensuring data protection statements are attached to all forms used to collect personal data, and to all
marketing materials.
Addressing any data protection queries from members of the public, supporters and other stakeholders.
Ensuring all systems, services, software and equipment meet acceptable security standards.
Arranging data protection training and advice for all officers and staff.
Checking and approving with third parties that handle the company’s data any contracts or agreement
regarding data processing.
The responsibilities of other officers, staff and volunteers (data processors)
Only to process personal data for the purposes set out in this policy.
To store electronic data in secure systems, and paper records in a secure place.
Where possible to avoid storing personal data on mobile devices which may be subject to loss or theft, such as laptops, phones and memory sticks, and where it is necessary in the short term then to use password protection, and ensure safe deletion of the data after use
To report any concerns or breaches to the Data Protection Officer immediately, and to take remedial
steps if necessary.
Subject access requests
A data subject may, subject to certain exceptions, request access to information held about them. Please contact the Data Protection Officer if you would like to correct or request information that we hold about you. There are also restrictions on the information to which you are entitled under applicable law.
Data portability
Upon request, a data subject should have the right to receive a copy of their data in a structured format. These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. This must be done for free. Please contact the Data Protection Officer with any such requests.
Right to be forgotten
A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies. Please contact the Data Protection Officer with any such requests.