Certificated Enforcement Agents Association Data Protection Act Policy
This policy is intended to cover the Data Protection responsibilities of the Certificated Enforcement Agents Association (CEAA) towards our members and those who work for and with us.
Details of the Association’s Data Protection Officer are provided at the end of the policy.
Background - The Data Protection Act 1998 regulates the processing of information relating to individuals. This includes the obtaining, holding, using or disclosing of this information, and covers computerised records as well as paper filing systems.
Data users must comply with the data protection principles of good practice which underpin the Act. Personal data must be:
obtained and processed fairly and lawfully
held only for specified purposes
adequate, relevant and not excessive
accurate and up to date
not kept longer than necessary
processed in accordance with the Act
kept secure and protected
not transferred to countries without adequate data protection.
It is the policy of the CEAA that all personal data will be held in accordance with the principles and requirements of data protection and other relevant legislation, and that procedures will be put in place to ensure the fair processing of data subjects. The CEAA Executive Council and all our members who process, or use personal data must ensure that they abide by these principles at all times.
The CEAA is the data controller under the Act and is therefore ultimately responsible for implementation. However day to day matters, notification, contact with the Information Commissioner, ensuring that this data protection policy and compliance is reviewed at appropriate intervals and the handling of subject access requests will be dealt with by the Data Protection Officer.
Relevant data protection issues will be included in all induction and training for anyone given access to the dashboard part of the system.
Information held by the Association
Information held by the CEAA relates to organisations and individuals (including external consultants) who support, assist, provide services to work within or alongside the CEAA.
The CEAA will ensure that individuals know enough about how information held about them is used or disclosed. Information held about individuals will only be collected and recorded with good reason. It will be stored securely and for only as long as required.
Relevant data protection issues will be included in all induction and training, and an internal audit of data protection compliance will be carried out by the Data Protection Officer at appropriate intervals.
The CEAA will not give out information about any individual over the telephone or by e-mail unless it is satisfied that the individual knows that this type of disclosure may be made and/or the information is already in the public domain (or that there is a legal reason for the disclosure such as a request by the Courts, Police or the Ministry of Justice etc.)
No details of individuals will be passed to other organisations for marketing, fundraising or circulating information unless consent has been obtained and the individual given the opportunity to opt-in or opt-out.
The CEAA web site will not contain any personal data that is not absolutely necessary. Where information is captured on the web site, a clear policy statement will be provided, and no personal data will be captured without the knowledge of the data subject.
Any databases containing contact information about members MUST be password protected. Computer files containing sensitive information about individuals will be password protected, accessible only by the General Secretary/Membership Secretary and those I.T. staff and system developer necessary to run and operate the system.
Information no longer required will be disposed of appropriately.
No manual files containing sensitive information about individuals will be kept.
The names and posts held by Executive Council members within the CEAA are considered to be in the public domain and may be made freely available in any format to anyone.
Contact details of Executive Council Members will be made available to each other and to members only with their consent only for the purpose of making contact in furtherance of the CEAA.
All material in respect of all applicants for membership (other than successful applicants) is confidential and shall be retained for twelve months after the effective application date or sooner, at which point it shall be destroyed.
Information can be made available for matters connected with the individual’s membership of the CEAA for help with references the Association might write in future at the individual’s request.
Information about age and geographical location of members is kept for the purposes of security and Regional Meetings.
Contact details for members will be given to Executive Council Members or those association members delegated to organising Regional Meetings.
Data about individuals shall be deleted on the request of the individual when the data is no longer used or required by the CEAA for legal, financial or contractual reasons.
Data about individuals shall only be used by the CEAA for:
Circulating publications and other information about our work
Direct marketing of training, events or services
Providing contact details for a specified organisation when requested or when it is considered that another organisation offers a service of benefit to users
Circulating information or direct marketing on behalf of another body on the grounds that it will potentially be of benefit to users
Any other reason which has been specifically agreed with individuals in advance.
CEAA Data Protection Officer
Mr David Rayner
Agreed by the Executive Council on the 15 December 2016 for immediate implementation
Review Date: 23 August 2017
The Certificated Enforcement Agents Association Data Protection Statement
The information you have provided will be kept on file by the CEAA and used by the CEAA to contact you about relevant activities and opportunities and for internal monitoring processes.
If you have any query about how the CEAA uses the data we hold, please contact the Data Protection Officer by e-mailing firstname.lastname@example.org.
Access to information
Data Subject Access requests should be made in writing and signed by the individual and addressed to the Data Protection Officer at the Association.
In response to a Data Subject Access request, the Association aims to disclose as much information as possible within 40 days, while respecting the right of any third party to maintain confidentiality wherever reasonable.
No charge will be made for Data Subject Access request from members.
A charge may be made for a Data Subject Access request from external organisations.
Any queries relating to this policy should be referred to the CEAA Data Protection Officer