Our Data Protection Policy
POLICY SUMMARY Click here for full version
The Shalom Network will adhere to the Principles of Data Protection, as detailed in the Data Protection Act (DPA) 1998, and the General Data Protection Regulation (GDPR). Specifically personal data will be:
Processed lawfully, fairly and in a transparent manner in relation to individuals.
Collected for specified, explicit and legitimate purposes and not processed any further in a way that is incompatible with those purposes. Notable exceptions exist relating to, scientific or historical research, statistical purposes or where the public interest is served.
No more than adequate, relevant, and limited to what is necessary in relation to the purposes for which it is collected and processed.
Accurate and, up to date; with every reasonable step taken to ensure that it remains relevant to the purposes for which it is processed. Where found to be incorrect, erased or rectified without delay.
Kept in a form which permits identification of data subjects, for no longer than is necessary and for the purposes for which the personal data was collected and is processed.
Possibly stored for longer periods for archiving, scientific, historical research, statistical purposes or where the public interest is served. This subject to implementation of the appropriate technical and organisational measures required by the DPA and GDPR to ensure the rights and freedoms of individuals are preserved.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and/or organisational measures.
The Shalom Network will also
Ensure that personal data is not transferred to a country or territory outside United Kingdom, or to another organisation unless that country or territory or other organisation ensures an adequate level of protection for the rights and freedoms of Individuals in relation to the processing of personal information.
Obtain permission of the data subject before any personal data is transferred, evidencing that any transfer is lawful and consistent with the purposes for which the data was originally collected and processed.
Ensure that the rights of people about whom information is held, can be fully exercised under DPA, GDPR and any other relevant legislation.
Not hold, or process on behalf of a third party, any individual’s personal information, or sell or otherwise provide personal information/data to other organisations for their marketing or other purposes.