ST Mary's College

ST. Mary’s College

Data Protection Policy

 

ST. Mary’s College aims to adhere to the requirements of the Data Protection Act 1998, relating to the collection, storage, processing and disposal of all information held concerning the business and its workers. Our commitment requires that personal data must be:

1.     Obtained and processed fairly and lawfully;

2.     Obtained only for a specified and lawful purpose and must not be processed in a manner which is incompatible with that purpose;

3.     Adequate, relevant and not excessive for that purpose;

4.     Accurate and kept up to date;

5.     Kept for no longer than is necessary for the purpose for which it is processed;

6.     Processed in line with the rights of the individual;

7.     Be subject to appropriate technical and organisational measures to protect it against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data; and

8.     Only transmitted within the European Union or other countries that meet the security criteria.

Therefore, whether stored manually or electronically, personal data will be secure as far as is practicable.ST. Mary’s College aims to ensure that manual files holding personal data are securely held with locks and only those who should have access retain the key.  In the case of computerised records, the organisation will ensure that passwords are established to limit unauthorised access and all laptops that are taken off site will contain necessary information only.  

Furthermore, data will not be held for longer than is necessary.  Arrangements for the secure disposal of both paper and electronic records have been established.

ST. Mary’s College will only disclose information when an individual has provided their express consent, where we are legally obliged to do so or when there is a business requirement to disclose data that is within the remit of the Data Protection Act. 

Each employee will be informed of the purpose for collecting data and its intended use before collection and processing commences and we recognise our responsibility to correct errors and make changes to the information kept.

Personal data may include information such as medical reports, information containing religious beliefs, individual’s racial or ethnic origin, political opinions, trade union membership, physical or mental health, sexual orientation and criminal records.

Criminal Record Bureau (CRB) records must be kept in accordance to the CRB procedures. Please see www.crb.gov.uk for more detailed information.  

A regularly reviewed list of all those with access and responsibility for the processing of personal information or other sensitive data is available on request.

This policy and the related procedures run in conjunction with our Equal Opportunities Policy and anyone who feels that they have been unfairly treated should follow the Grievance Procedure.

 

Signed for and on behalf of ST. Mary’s College

 

Name: .................................................................                                                              

 

Position: .............................................................                                                         

 

Signed: ..............................................................                                                           

 

Date: .................................................................