PCT Scotland: Data Protection Policy
It is the policy of PCT Scotland to process personal data only in strict accordance with the requirements of the Data Protection Act 1998 (“the Act”). We aim to do this by ensuring that the systems that we have in place for data processing are consistent with the Act’s Data Protection Principles.
For the purposes of the Act, “to process personal data” means to obtain, maintain, store, use and pass on personal information about an individual.
What personal data does PCT Scotland process?
PCT Scotland holds a limited amount of personal data for all members and individuals who apply for membership of the association. This data is obtained from the application and renewal processes.
We hold these details in 3 categories:
- Online: contact details held in the “directory of members” which is located in the members section of the website and is accessible to all members;
- Online: further details obtained in the application/renewal process (e.g. membership number of professional organisation), which are only accessible to the secretary and the website administrator; and
- Paper: the signed application (including, as required, copies of diplomas, full membership confirmation statements, and sponsorship statements) or renewal form, held by the secretary.
This policy does not include the online “Directory of Counsellors” as personal data processed by PCT Scotland. This is a public database and it is the responsibility of members themselves to set up their own entry in the public area of the website in the knowledge that the information is accessed by the public.
How does PCT Scotland store personal data?
Personal data held in the online "directory of members" in the members section of the website is accessible to other members only while membership is current. Access to this data is protected by security measures which are regularly reviewed by PCT Scotland's website group. The secretary and website administrator can access the personal data of a lapsed member in the "directory of members" for two years after the membership has ended.
The personal data held on paper records is stored by the secretary in a secure manner, which he or she regularly reviews. Paper application and renewal forms are held by the secretary for one year beyond the end of the membership year, then shredded.
Why does PCT Scotland process personal data?
PCT Scotland processes personal data for the purposes of creating and administering membership, and also to provide members with information that fits with the purposes of PCT Scotland, as outlined in the constitution.
In particular, PCT Scotland shares the contact details of members with the membership of PCT Scotland. Members may use this data to make contact with other members, provided that the reason for contact fits with the purposes of PCT Scotland, as outlined in the constitution. Members can opt out of sharing their contact details with members, other than the secretary and website administrator.
PCT Scotland will not provide the personal data of any member to any third party without first obtaining the specific consent of the individual member.
What responsibilities do members have?
Members have two main responsibilities in connection with the processing of personal data by PCT Scotland.
- Firstly, all members are asked to confirm during the application and renewal processes that “I understand that it is a condition of my membership of PCT Scotland that I use the data shared with me in the Directory of Members to contact other members only for reasons that fit with the purposes of PCT Scotland, as outlined in the constitution, and will not give this data to any third party without first obtaining the specific consent of the individual member.”
- Secondly, it is the responsibility of each individual member to ensure that any personal data that he or she provides to PCT Scotland is accurate and kept up-to-date.
Consent to Data Processing
All new applicants and renewing members are asked to give consent to the processing of their personal data in line with this Data Protection Policy at the time of application or renewal. PCT Scotland cannot proceed with the application or renewal without this consent.
Access to Personal Data
All applicants and members of PCT Scotland have the right to request a copy of the personal data held by PCT Scotland at the time of the request. A request for access to personal data should be made in writing to the secretary of PCT Scotland and shall be responded to within 28 days.
Notification under the Data Protection Act 1998
PCT Scotland is exempt from the need to notify the Information Commissioner under the Act as PCT Scotland is a not-for-profit organisation that processes personal data only for the purposes of establishing and maintaining membership and for providing and administering activities for individuals who are members of the association. [“Notification Exemptions: A self-Assessment Guide”, Information Commissioner, April 2001]
How does PCT Scotland meet the requirements of the Data Protection Principles?
The Data Protection Principles are that personal data:
- Shall be processed fairly and lawfully
- All new applicants are asked to consent to their personal data being processed as outlined in this Data Protection Policy.
- From 1 June 2007 all members will be asked, when renewing their membership, to consent to their personal data being processed as outlined in this Data Protection Policy.
- Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose(s)
- PCT Scotland has outlined the purposes for which it processes personal data (see above).
- Shall be “adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed”.
- The Coordinating Group (CG) has reviewed the current systems for data processing and confirm that they meet this principle (24/3/2007).
- The secretary will advise the CG when future changes in the systems may require the CG to carry out a further review in relation to this principle.
- Shall be accurate and, where necessary, kept up to date.
- It is the responsibility of members to ensure that their personal data is accurate and up-to-date. Members have the opportunity to confirm their personal data annually through renewal process.
- Processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- A member’s personal data held in the “directory of members” in the members section of the website is accessible to other members only while membership is current.
- The secretary and website administrator can access the personal data of a lapsed member in the “directory of members” for two years after the membership has ended.
- Paper application and renewal forms are held by the secretary for one year beyond the end of the membership year, then shredded.
- Personal data shall be processed in accordance with the rights of data subjects under this Act
- This Data Protection Policy was agreed by the CG on [date] in order to ensure that the Association processes personal data as required.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Access to the personal data held in the “directory of members” is protected by security measures which are regularly reviewed by PCT Scotland’s website group.
- The personal data held on paper records is stored by the secretary in a secure manner, which he or she regularly reviews.
- Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data
- All members of PCT Scotland live within the European Economic Area.
- PCT Scotland’s website group regularly reviews the security measures which protect the website for unauthorised access.