Data Protection Act Overview
Data Protection Legislation
The new General Data Protection Regulations (GDPR) and the Data Protection Act 2018 came into effect on 25 May 2018. Together they form the New Data Protection Legislation and replace the Data Protection Act 1998.
The Cotswolds Conservation Board collect, hold and use data about people and organisations with whom we work and in order to provide our services. This may include members of the public, current, past and prospective Board members, officers and volunteers, fund raisers, contractors, partners and suppliers.
We must abide by the 7 principles of the Data Protection Legislation which make sure that personal information is:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and where necessary kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed
- Processed in a manner that ensures appropriate security of the personal data
- The accountability principle requires us to take responsibility for what we do with personal data and how we comply with the above principles and we must be a be able to demonstrate this to data subjects and the Information Commissioners Office
The Cotswolds Conversation Board has a Data Protection (GDPR) Policy in place. This Policy describes requirements to comply with the Data Protection Legislation.
Our Privacy Notice tells you what we do with your personal information when you make contact with us or use one of our services.
Accessing information we hold about you
You can access the information we hold about you by making a Subject Access Request. This request can be made in writing, by email or using the Subject Access Request application form. Please provide as much detail as possible about the information you require, mark your request Subject Access Requests, and send it to the address provided.
Proof of Identity
To help establish your identity your application must be accompanied by TWO official documents that between them clearly show your name, date of birth and current address.
Acceptable forms of ID are:
- photocopy of your passport or driving licence
- an electricity bill (the original bill, not a copy)*
- a gas bill (the original bill, not a copy)*
- a council tax bill (the original bill, not a copy)*
- any other bill in your full name (the original bill, not a copy)*
Any bill you send must be less than 6 months old.
Correcting data we hold
If you believe the data we hold about you is incorrect or that there is information that we have not supplied, you must contact us within 21 days of receiving our response to your request.
You can also appeal to the Information Commissioner’s Office if we do not correct the data you ask us to.
Monitoring the Cotswolds Conservation Board’s compliance with the law
All organisations that handle personal information need to be registered with the Information Commissioner based at Wilmslow in Cheshire. The Commissioner is responsible for enforcing the Data Protection Legislation and providing guidance. The Register of Data Controllers is a public document and provides information about the classes of data held, the classes of data subjects and whom the data is disclosed to or shared with.
Registrations are renewed each year and updated during the year as required and the Register of Data Controllers can be inspected at any time on the Information Commissioner’s Office website. Our entry in the Data Protection Public Register is available via this link: https://ico.org.uk/esdwebpages/search
The Data Protection Public Register. Enter ZA438403, which is the Cotswolds Conservation Board Data Protection Registration number.
Summary of the Conservation Board’s data processing procedures
The Cotswolds Conservation Board is committed to complying not only with the letter but also the spirit of Data Protection Legislation. The accuracy and security of your personal information is a key responsibility and is recognised as an overriding factor in securing your trust and confidence. We will only use the information it holds about you for the purpose you provided it or as permitted by law. It will also only collect the minimum information necessary to fulfil that purpose.
By law we must maintain a record of the data processing activities we are responsible for. This is contained in our Record of Processing Activities.