The GDPR rules apply to the processing of personal data by all companies, charities etc after 25th May 2018.
So how does the new law apply to information processed by Clarke Foley?
Clarke Foley processes the personal data of its clients and those who use its premises to enable it to hire rooms to individuals and groups and to operate classes on its premises.
The handling of personal data is subject to the GDPR.
1. What is personal data?
Personal data is information that ‘relates to’ an identified or identifiable individual. Where the individual is identifiable from the information we have processed, the data will be personal where it concerns the individual.
‘Relating to’ the individual
A range of factors determine whether the data is personal. These include the content of the information, the purpose or purposes for which we are processing it and the likely impact or effect of that processing on you, the individual.
2. Our processing of your data
Personal data is processed lawfully, fairly and in a transparent manner in compliance with the principles of the GDPR.
3. Sharing your personal data
All personal data held by us is confidential. It will not be shared with a third party unless we have your specific consent.
4. Our purposes in processing your information
We need your specific consent to hold your personal data. Your personal data is processed by us solely for the purpose of recording:
i. Membership details of persons attending Clarke Foley classes, specifically with respect to names, addresses and email addresses.
ii. Class leaders’ names, addresses and emails for non-Clarke Foley classes, held for contact and invoicing purposes only
iii. Our volunteers, names, addresses and email addresses for the purpose of our contact with you
iv. To carry out our legal obligations in relation to employment and social security law
5. Use of personal data for another purpose
We will use your personal data only for the use as authorised by you. We will seek your permission to use the data for any other purpose
6. Limits on storage of data
We comply with the GDPR principle that data must be kept ‘no longer than is necessary for the purposes for which the personal data [is] processed’. We destroy all data when it is not needed.
Specifically, any records which satisfy Revenue, requirements are stored by us for 6 years
7. Access right to personal data
There is a subject access right to personal data. Individuals are entitled to confirmation by us that we are processing their personal data, together with a copy of their personal data. We must also provide you with the following information:
i. the purposes of our processing;
ii. the categories of personal data concerned;
iii. the recipients or categories of recipient we have disclosed your personal data to;
iv. our retention period for storing the personal data;
v. the existence of your right to request rectification, erasure or restriction or to object to such processing
8. Contact details
ii. The Information Commissioner’s Office helpline no is 0303 123 1113, the web address is ico.org.uk.
The postal address of the ICO is:
Information Commissioner’s Office