Data Protection Policy
This is the data protection policy adopted by the Destination Chesterfield Partnership here in after known as “Destination Chesterfield”.
Destination Chesterfield collects and uses certain types of information about people with whom it deals in order to operate.
These include current, past and prospective employees, suppliers, clients/customers, and others with whom it communicates. In addition, it may occasionally be required by law or project funding requirements to collect and use certain types of information of this kind to comply with the requirements of Government departments for business data.
This personal information must be dealt with properly however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998 (DPA) and the provisions of the General Data Protection Regulations (GDPR).
Destination Chesterfield regards the lawful and correct treatment of personal information as very important to successful operations, and to maintaining confidence between those with whom we deal and ourselves. We ensure that our organisation treats personal information lawfully and correctly.
To this end we fully endorse and adhere to the principles of data protection, as outlined in the Data Protection Act 1998, and GDPR. Specifically, the principles require that personal information shall be:
- a) processed lawfully, fairly and in a transparent manner in relation to individuals;
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Therefore, Destination Chesterfield will, through appropriate management and strict application of criteria and controls:
- Observe fully the conditions regarding the fair collection and use of information
- Meet its legal obligations to specify the purposes for which information is used
- Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
- Ensure the quality of information used
- Apply strict checks to determine the length of time information is held
- Ensure that the rights of data subjects under GDPR can be fully exercised (these include, but not exclusively: the right to be informed that processing is being undertaken, the right of access to one’s data, the rights to restrict or object to processing in certain circumstances, the right to request rectification of errors in personal data, the right of erasure or to be forgotten)
- Take appropriate technical and organisational security measures to safeguard personal information
- Ensure that personal information is not transferred abroad without suitable safeguards
Overall responsibility for Data Protection for Destination Chesterfield rests with the Chief Executive of East Midland Chamber (Derbyshire, Nottinghamshire, Leicestershire) This is due to Destination Chesterfield not being a statutory body.
East Midlands Chamber (Nottinghamshire, Derbyshire and Leicestershire) employ staff, host the organisation and provide I.T services and insurance for Destination Chesterfield under a service level agreement from Chesterfield Borough Council.
Destination Chesterfield operates independently to these organisation but all policies relating to employees including ‘The chambers’ data protection, human resources and IT policies are complied with by Destination Chesterfield. East Midlands Chamber (Nottinghamshire, Derbyshire and Leicestershire) does not direct what data should be collected, how it is used and where it is held by the Destination Chesterfield.
- All personnel managing and handling personal information understand that they are contractually responsible for following good data protection practice.
- Everyone managing and handling personal information is appropriately trained to do so
- Everyone managing and handling personal information is appropriately supervised
- Queries about handling personal information are promptly and courteously dealt with
- Methods of handling personal information are clearly described
- A regular review and audit is made of the way personal information is managed
- Methods of handling personal information are regularly assessed and evaluated
- Performance with handling personal information is regularly assessed and evaluated
How to obtain our Data Protection and Privacy Policies
To view full versions of all the following related policies, click the links below:
Alternatively, you can request a copy (as relevant) to be sent via email or post by contacting Destination Chesterfield on 01246 207207 or emailing firstname.lastname@example.org
Every effort will be made to process these requests within 48 hours of receipt.
Date: 21 May 2018
Author: Destination Chesterfield Manager