Data Protection Policy - TSBA

Policy statement
TSBA is committed to a policy of protecting the rights and privacy of individuals, members, voluntary staff and others in accordance with the GDPR 2018. The policy applies to all data controllers and data processors associated with the TSBA.
Any breach of GDPR 2018 is considered to be an offence and in that event, disciplinary procedures apply. The Council of the Society is responsible for establishing and maintaining controls to discourage breaches of data protection requirements.

As a matter of good practice, other organisations and individuals working with the TSBA, and who have access to personal information, will be expected to have read and comply with this policy.

Legal Requirements
Data are protected by the GDPR 2018, which came into effect on 25th May 2018. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data are not processed without their knowledge.

The Act requires us to consider the fact that we hold personal data and to acknowledge the right of 'subject access' – TSBA members must have the right to copies of their own data.

TSBA Requirement of Data
The Teeswater Sheep Breeders’ Association needs to collect personal information to effectively carry out its everyday business functions and activities and to provide the services outlined within its Articles of Association.
Such data is collected from officers, volunteers and members, and includes (but is not limited to), name, address, telephone numbers, email address, CPH and UK Flock numbers.

Purpose of data held by the TSBA
Data may be held by us for the following purposes (but is not limited to);
1. Administration of the Association in accordance with the Articles of Association
2. Registration of livestock and ordering of tags from supplier.
3. Realising the Objectives of the association.
4. Accounts & Records
5. Advertising, Marketing & Public Relations
6. Journalism and Media
7. Census collection
8. Flock Book publication (in print and online)

Data Protection Principles
In terms of the GDPR 2018, we (the TSBA) are the 'data controller', and as such determine the purpose for which, and the manner in which, any personal data are, or are to be, processed. We must ensure that we have:

1.

Fairly and lawfully processed personal data
The TSBA will always put our logo on all paperwork, stating their intentions on processing the data and state if, and to whom, we intend to give the personal data. Also provide an indication of the duration the data will be kept.

2.

Processed for limited purpose
We will not use data for a purpose other than those agreed by data subjects (volunteers, members, staff and others) or outlined in the Association Privacy Policy. If the data held by us are requested by external organisations for any reason, this will only be passed if data subjects agree unless a legal requirement of the Association. Also external organisations must state the purpose of processing, agree not to copy the data for further use and sign a contract agreeing to abide by the GDPR 2018 and the TSBA Data Protection Policy.

3.

Adequate, relevant and not excessive
The Association will monitor the data held for our purposes, ensuring we hold neither too much nor too little data in respect of the individuals about whom the data are held. If data given or obtained are excessive for such purpose, they will be immediately deleted or destroyed. The Association will review the data held by the Association on an annual basis to ensure it is accuracy.

4.

Accurate and up-to-date
It is the responsibility of individuals and organisations to ensure the data held by us are accurate and up-to-date. Individuals should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of the Association to act upon notification of changes to data, amending them where relevant.

5.

Not kept longer than necessary
We discourage the retention of data for longer than it is required. All personal data will be deleted or destroyed by us after one year of non membership has elapsed unless sooner requested by the member. Flock numbers and prefixes will remain in the database to prevent repetition by future flocks but will be retained without identifying data (i.e. names, address etc).

6.Processed in accordance with the individual's rights
All individuals that the Association hold data on have the right to:
  • Be informed upon the request of all the information held about them within one calendar month.
  • Prevent the processing of their data for the purpose of direct marketing.
  • The removal and correction of any inaccurate data about them.
7.

Secure
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data.

All Association computers have a log in system and our Contact Database is password protected, which allow only authorised staff to access personal data. Passwords on all computers are changed frequently. All personal and financial data is kept in a locked filing cabinet and can only be accessed by appropriate Data processors. When staff members are using the laptop computers out of the office care should always be taken to ensure that personal data on screen is not visible to strangers.

8.

Not transferred to countries outside the European Economic Area, unless the country has adequate protection for the individual.
Data must not be transferred to countries outside the European Economic Area without the explicit consent of the individual. The Association takes particular care to be aware of this when publishing information on the Internet, which can be accessed from anywhere in the globe. This is because transfer includes placing data on a web site that can be accessed from outside the European Economic Area.