Data Retention Policy
1. Introduction
This policy sets out how Bakewell Silver Band will approach data retention and establishes processes to ensure we do not hold data for longer than is necessary.
It forms part of Bakewell Silver Band Data Retention Policy.
1.1 Roles and Responsibilities
Bakewell Silver Band is the Data Controller and will determine what data is collected, retained and how it is used. The Data Protection Officer for Bakewell Silver Band is Stephen Grant. They, together with the band’s committee, are responsible for the secure, fair and transparent collection and use of data by Bakewell Silver Band. Any questions relating to the collection or use of data should be directed to the Data Protection Officer.
2. Regular Data Review
A regular review of all data will take place to establish if Bakewell Silver Band still has good reason to keep and use the data held at the time of the review.
As a general rule a data review will be held every 2 years and no more than 27 calendar months after the last review. The first review will take place on 24th May 2018.
2.1 Data to Be Reviewed
-
Bakewell Silver Band stores data on digital documents (e.g. spreadsheets) stored on personal devices held by committee members.
-
Data stored on third party online services (e.g. Google Drive, Mail Chimp).
-
Physical data stored at the homes of committee members.
2.2 Who the Review Will be Conducted By
The review will be conducted by the Data Protection Officer with other committee members to be decided on at the time of the review.
2.3 How Data Will be Deleted
-
Physical data will be destroyed safely and securely, including shredding.
-
All reasonable and practical efforts will be made to remove data stored digitally.
-
Priority will be given to any instances where data is stored in active lists (e.g. where it could be used) and to sensitive data.
-
Where deleting the data would mean deleting other data that we have a valid lawful reason to keep (e.g. on old emails) then the data may be retained safely and securely but not used.
-
2.4 Criteria
The following criteria will be used to make a decision about what data to keep and what to delete.
-
Is the data stored securely?
-
Yes - No action necessary
-
No - Update storage protocol in line with Data Protection policy
-
-
Does the original reason for having the data still apply?
-
Yes - Continue to use
-
No - Delete or remove data
-
-
Is the data being used for its original intention?
-
Yes - Continue to use
-
No - Either delete/remove or record lawful basis for use and get consent if necessary
-
-
Is there a statutory requirement to keep the data?
-
Yes - Keep the data at least until the statutory minimum no longer applies
-
No - Delete or remove the data unless we have reason to keep the data under other criteria.
-
-
Is the data accurate?
-
Yes - Continue to use
-
No - Ask the subject to confirm/update details
-
-
Where appropriate do we have consent to use the data. This consent could be implied by previous use and engagement by the individual
-
Yes - Continue to use
-
No - Get consent
-
-
Can the data be anonymised
-
Yes - Anonymise data
-
No - Continue to use
-
2.5 Statutory Requirements
Date stored by Bakewell Silver Band may be retained based in statutory requirements for storing data other than data protection regulations. This might include but is not limited to:
-
Gift Aid declarations records
-
Details of payments made and received (e.g. in bank statements and accounting records)
-
Committee meeting minutes
-
Contracts and agreements with suppliers/customers
-
Insurance details
-
Tax and employment records
3. Other Data Retention Procedures
3.1 Member Data
-
When a member leaves Bakewell Band and all administrative tasks relating to their membership have been completed any potentially sensitive data held on them will be deleted – this might include bank details or medical data.
-
Unless consent has been given data will be removed from all email mailing lists.
-
All other data will be stored safely and securely and reviewed as part of the next two-year review.
3.2 Mailing List Data
-
If an individual opts out of a mailing list their data will be removed as soon as is practically possible.
-
All other data will be stored safely and securely and reviewed as part of the next two-year review.
3.3 Volunteer and Freelancer Data
-
When a volunteer or freelancer stops working with Bakewell Silver Band and all administrative tasks relating to their work have been completed any potentially sensitive data held on them will be deleted – this might include bank details or medical data.
-
Unless consent has been given data will be removed from all email mailing lists .
-
All other data will be stored safely and securely and reviewed as part of the next two-year review.
3.4 Other Data
-
All other data will be included in a regular two year review.
4. Changes to this Data Retention Policy
We reserve the right to make changes to this Data Retention Policy at any time. Any changes will be posted in this Data Retention Policy and material changes will be prominently notified on the respective website or application this Data Retention Policy applies to or will be otherwise communicated to you prior to the change becoming effective. We encourage you to regularly review this Data Retention Policy to make sure you are aware of any changes and how your information may be used.
4.1 Updates
This Data Retention Policy was last updated on 24th May 2018
5. Contacting Us
If you any questions or comments about this Data Retention Policy, please contact us:
Bakewell Silver Band
Bakewell Scout Brigade Hall
Bath Street
Bakewell
DE45 1DY
Website: http://www.bakewellband.co.uk/contact
You can contact the Information Commissioners Office:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113