Data Protection PolicyFebruary 2010
The International Association of Infant Massage UK Chapter is a limited non- profit making organisation (Registered Number; 6832002).
The International Association of Infant Massage UK Chapter is fully committed to compliance with the requirements of the Data Protection Act 1998 which came into force on 24 October 2001 and the EC directive regulations 2003 that come into effect on 24 October 2007
IAIM UK will therefore follow procedures that aim to ensure that all employees, elected members, consultants or other servants of the IAIM UK who have access to any personal data held by or on behalf of the IAIM UK, are fully aware of and abide by their duties under the Data Protection Act 1998.
Statement of policy
In order to operate efficiently, IAIM UK has to collect and use information about its members and others. This may include members, current and past, prospective employees and suppliers.
IAIM UK regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between its members, employees and those with whom it carries out business. The IAIM UK will ensure that it treats personal information lawfully and correctly.
To this end the IAIM UK fully endorses and adheres to the principles of Data Protection as set out in the Data Protection Act 1998 and Privacy and Electronic Communications (EC Directive) Regulations 2003.
The principles of data protection
In order to comply with the Act, anyone processing personal data must comply with the following eight principles of good practice.
These Principles are legally enforceable.
- The data should be processed fairly and lawfully and may not be processed unless the data controller can satisfy one of the conditions for processing set out in the Act.
- Data should be obtained only for specified and lawful purposes.
- Data should be adequate, relevant and not excessive.
- Data should be accurate and, where necessary, kept up to date.
- Data should not be kept longer than is necessary for the purposes for which it is processed.
- Data should be processed in accordance with the rights of the data subject under the Act.
- Appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Personal data is defined as, data relating to a living individual who can be identified from:
- That data;
- That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
Personal data can be used by the IAIM UK if one or more of the following applies:
1. The data subject (i.e. the person who is the subject of the personal data) has consented.
2. It is necessary for the entering into or performance of a contract with the data subject.
3. It is necessary for compliance with any legal obligation to which you are subject (other than one imposed by contract).
4. The processing is necessary to protect the vital interests of the data subject (where vital means a matter of life or death).
5. It is necessary for compliance with any statutory duty.
6. It is necessary for the purpose of your legitimate interests, except where the processing is unwarranted because it prejudices the rights of the data subject.
The IAIM does not need further consent to mail our own marketing material to our data base as long as an opt out clause is available..
Handling of personal/sensitive information
IAIM UK will, through appropriate management and the use of strict criteria and controls:-
- Observe fully conditions regarding the transparent collection and use of personal information;
- Meet its legal obligations to specify the purpose for which information is used;
- Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- Ensure the quality of information used;
- Apply regular checks to determine the length of time information is held;
- Take appropriate technical and organisational security measures to safeguard personal information;
- Ensure that personal information is not transferred abroad without suitable safeguards;
- Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
- The right to be informed that processing is being undertaken;
- The right of access to one's personal information within the statutory 40 days;
- The right to prevent processing in certain circumstances;
- The right to correct, rectify, block or erase information regarded as wrong information.
In addition, IAIM UK will ensure that:
- There is someone with specific responsibility for data protection in the organisation;
- Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
- Everyone managing and handling personal information is appropriately trained to do so;
- Everyone managing and handling personal information is appropriately supervised;
- Queries about handling personal information are promptly and courteously dealt with;
- Methods of handling personal information are regularly assessed and evaluated;
- Performance with handling personal information is regularly assessed and evaluated;
- Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures.
All elected members are to be made fully aware of this policy and of their duties and responsibilities under the Act.
All staff will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:
- Paper files and other records or documents containing personal/sensitive data are kept in a secure environment;
- Personal data held on computers and computer systems is protected by the use of secure passwords, which where possible have forced changes periodically;
- Individual passwords should be such that they are not easily compromised.
The IAIM UK will ensure a continuous appointment of a designated consultant/web manager to ensure the data is secure.
Implementation will be led and monitored by the UK Chapter president or other named appointed person from the executive committee and have overall responsibility:
- For the development of best practice guidelines.
- For carrying out compliance checks to ensure adherence, throughout the authority, with the Data Protection Act.
On all membership applications the following will be inserted.
The International Association of Infant Massage UK Chapter complies with the Data Protection Act and EC directive regulations 2003. Our supporting policy can be viewed on our web site. Personal data is held securely and your details will not be passed to any 3rd party.
- 'By submitting this membership/renewal form, you will be indicating your consent to all the benefits of IAIM membership including newsletters and receiving email marketing messages from us, including study days/courses/educational conferences linked to our curriculum, unless you have indicated an objection to receiving such messages by ticking the above box'.
On all emails the following will be inserted:
You are receiving this communication as a present or past subscriber to the IAIM UK Chapter. If you no longer wish to receive communication from us please tick box to unsubscribe and pressing the reply button. □
Notification to the Information Commissioner
The IAIM is exempt from registering with the Information Commissioner, see notification exemptions. The notification exemption form was completed by the IAIM UK executive committee on ………………………………….