It is the policy of PCT Scotland to process personal data only in strict accordance with the requirements of the Data Protection Act 1998 (“the Act”). We aim to do this by ensuring that the systems that we have in place for data processing are consistent with the Act’s Data Protection Principles.
For the purposes of the Act, “to process personal data” means to obtain, maintain, store, use and pass on personal information about an individual.
PCT Scotland holds a limited amount of personal data for all members and individuals who apply for membership of the association. This data is obtained from the application and renewal processes.
We hold these details in 3 categories:
This policy does not include the online
“Directory of Counsellors” as personal data processed by PCT
Personal data held in the online "directory of members" in the members section of the website is accessible to other members only while membership is current. Access to this data is protected by security measures which are regularly reviewed by PCT Scotland's website group. The secretary and website administrator can access the personal data of a lapsed member in the "directory of members" for two years after the membership has ended.
The personal data held on paper records is stored by the secretary in a secure manner, which he or she regularly reviews. Paper application and renewal forms are held by the secretary for one year beyond the end of the membership year, then shredded.
PCT Scotland processes personal data for the purposes of creating and administering membership, and also to provide members with information that fits with the purposes of PCT Scotland, as outlined in the constitution.
In particular, PCT Scotland shares the contact details of members with the membership of PCT Scotland. Members may use this data to make contact with other members, provided that the reason for contact fits with the purposes of PCT Scotland, as outlined in the constitution. Members can opt out of sharing their contact details with members, other than the secretary and website administrator.
PCT Scotland will not provide the personal data of any member to any third party without first obtaining the specific consent of the individual member.
All new applicants and renewing members are asked to give consent to the processing of their personal data in line with this Data Protection Policy at the time of application or renewal. PCT Scotland cannot proceed with the application or renewal without this consent.
All applicants and members of PCT Scotland have the right to request a copy of the personal data held by PCT Scotland at the time of the request. A request for access to personal data should be made in writing to the secretary of PCT Scotland and shall be responded to within 28 days.
PCT Scotland is exempt from the need to notify the Information Commissioner under the Act as PCT Scotland is a not-for-profit organisation that processes personal data only for the purposes of establishing and maintaining membership and for providing and administering activities for individuals who are members of the association. [“Notification Exemptions: A self-Assessment Guide”, Information Commissioner, April 2001]
The Data Protection Principles are that personal data:
1. Shall be processed fairly and lawfully
· All new applicants are asked to consent to their personal data being processed as outlined in this Data Protection Policy.
· From
2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose(s)
·
PCT
3. Shall be “adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”.
·
The
Coordinating Group (CG) has reviewed the current systems for data processing
and confirm that they meet this principle (
· The secretary will advise the CG when future changes in the systems may require the CG to carry out a further review in relation to this principle.
4. Shall be accurate and, where necessary, kept up to date.
· It is the responsibility of members to ensure that their personal data is accurate and up-to-date. Members have the opportunity to confirm their personal data annually through renewal process.
5. Processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
· A member’s personal data held in the “directory of members” in the members section of the website is accessible to other members only while membership is current.
· The secretary and website administrator can access the personal data of a lapsed member in the “directory of members” for two years after the membership has ended.
· Paper application and renewal forms are held by the secretary for one year beyond the end of the membership year, then shredded.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act
· This Data Protection Policy was agreed by the CG on [date] in order to ensure that the Association processes personal data as required.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
· Access to the personal data held in the
“directory of members” is protected by security measures which are regularly
reviewed by PCT
· The personal data held on paper records is stored by the secretary in a secure manner, which he or she regularly reviews.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data
·
All members of PCT
·
PCT