Lene Ryden Ceramics Privacy Statement

Statement of Intent

I will send out emails to my mailing list when I have updates that I feel you would be interested in.

I intend to meet all the requirements of the Data Protection Act 1998 (the Act) and the General Data Protection Regulations (GDPR) 2018 when collecting, storing, and destroying personal data.

To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, Lene Ryden Ceramics will comply with the Data Protection Principles which are set out in the Data Protection Act 1998. In summary these state that personal data must be:

• obtained and processed fairly and lawfully;

• obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose;

• adequate, relevant, and not excessive for that purpose;

• accurate and kept up to date;

• not kept for longer than is necessary;

• processed in accordance with the data subject's rights;

• kept safe from unauthorised access, accidental loss, or destruction;

• not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data. All Lene Ryden Ceramics staff and volunteers who process or use any Personal Information must ensure that they follow these principles at all times. In order to ensure that this happens, the organisation has adopted this Data Protection Policy. Prior permission will be obtained to hold personal details from all the followers and customers who sign up to be on my mailing list.

The Data Control Overseer and the Designated Data Controller

The Organisation’s designated Data Controller is Lene Ryden

Notification of Data Held and Processed

All customers have the right to:

• know what information the organisation holds and processes about them and why;

• know how to gain access to it;

• know how to keep it up to date;

• know what the organisation is doing to comply with its obligations under the Act.

Personal Information

Personal Information is defined as any details relating to a living, identifiable individual.

I will ensure that the information gained from each individual is kept securely and to the appropriate level of confidentiality.

Processing of Personal Information

All staff and volunteers who process or use any Personal Information are responsible for ensuring that:

• Any Personal Information which they hold is kept securely;

• Personal Information is not disclosed either orally or in writing or otherwise to any unauthorised third party.

Staff and volunteers should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases.

Personal information will be:

• kept in a secured computer environment

Conversations and Meetings

Information of a personal or confidential nature should not be discussed in a public area, in front of anyone that is not an employee of the organisation. Lene Ryden employees should be aware of confidentiality at all times when discussions are taking place, either distancing themselves from the conversation if it does not concern them, or, ensuring that their discussion is not overheard by others. All staff should respect the confidential nature of any information inadvertently overheard.

When meetings are being recorded it is important that only relevant information is written down. This must be carried out using the correct forms provided by Lene Ryden.

Collecting Information

Whenever information is collected about people, they should be informed why the information is being collected, who will be able to access it and to what purposes it will be put. The individual concerned must agree that he or she understands and gives permission for the declared processing to take place, or it must be necessary for the legitimate business of the organisation.

No Sensitive Information is held

Sensitive information is defined by the Act as that relating to ethnicity, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, criminal proceedings or convictions. The person about whom this data is being kept must give express consent to the processing of such data, except where the data processing is required by law for employment purposes or to protect the vital interests of the person or a third party.

Disposal of Confidential Material

Sensitive material should be deleted as soon as it is no longer needed; following retention guidelines and statutory requirements.

Staff Responsibilities

All staff are responsible for checking that any information that they provide to the organisation in connection with their employment is accurate and up to date. Staff have the right to access any personal data that is being kept about them digitally. Staff should be aware of and follow this policy and seek further guidance where necessary. Staff will not store personal data at home. Files will always be password protected.

Retention of Data

Lene Ryden Ceramics takes care to only store personal information that is mentioned above.

Personal information is kept for the period of time requested following guidelines from Direct Gov. These retention periods are either recommended or statutory. Stored information is stored in a password protected database. Once the request to be taken off the mailing list, data will be destroyed.

Prepared by Lene Ryden 8th July 2020