Copyright System Restore © 2000-2022
Name of organisation: System Restore (UK)
System Restore UK needs to keep certain information on its employees and service users to carry out its day to day operations, to meet its objectives and to comply with legal obligations.
The organisation is committed to ensuring any personal data will be dealt with in line with the Data Protection Act 1998. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document also highlights key data protection procedures within the organisation.
This policy covers employed staff and service users.
In line with the Data Protection Act 1998 principles, System Restore UK will ensure that personal data will:
The definition of ‘Processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computer.
The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. The organisation will seek to abide by this code in relation to all the personal data it processes, i.e.
System Restore processes the following personal information:
Personal information may be kept in the following forms: Religious beliefs, physical or mental health.
Groups of people within the organisation who will process personal information are: employed staff.
The needs we have for processing personal data are recorded on the public register maintained by the Information Commissioner. We notify and renew our notification on an annual basis as the law requires.
If there are any interim changes, these will be notified to the Information Commissioner within 28 days.
The name of the Data Controller within our organisation as specified in our notification to the Information Commissioner is Matthew Crane
Under the Data Protection Guardianship Code, overall responsibility for personal data in a not for profit organisation rests with the governing body. In the case of (insert name of organisation), this is the (insert title of governing body).
(Adapt as appropriate- dependent on whether the organisation completes notification to the Information Officer) The governing body delegates tasks to the Data Controller. The Data Controller is responsible for:
All employed staff who process personal information must ensure they not only understand but also act in line with this policy and the data protection principles.
Breach of this policy will result in disciplinary action for employed staff.
To meet our responsibilities employed staff will:
We will ensure that:
Training and awareness raising about the Data Protection Act and how it is followed in this organisation will take the following forms:
Gathering and Checking Information
Before personal information is collected, we will consider: its relevance and whether is it necessary to collect this information.
We will take the following measures to ensure that personal information kept is accurate by checking annual with the information owner
Personal sensitive information will not be used apart from the exact purpose for which permission was given.
The organisation will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken: Creation of new passwords every three months. Encryption of sensitive data.
Any unauthorised disclosure of personal data to a third party by an employee may result in disciplinary action..
Anyone whose personal information we process has the right to know:
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.
The following information will be required before access is granted: Reason for request and intention of disclosure of information.
We may also require proof of identity before access is granted. The following forms of ID will be required: Passport or Driving License and 1 household bill.
Queries about handling personal information will be dealt with swiftly and politely.
We will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the 40 days required by the Act from receiving the written request (and relevant fee).
This policy will be reviewed at intervals of 1 year to ensure it remains up to date and compliant with the law.