SERC Highland is committed to protecting the rights and privacy of individuals in accordance with the Data Protection Act 1998 (UK). SERC Highland processes information (know as ‘data’ within the law) about its members, contacts other individuals and organisations it has dealings with for a range of administrative purposes (e.g. to distribute information to members and other contacts, administer rides and other events). In order to comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.
All "processing" of personal data (includes collection, holding, retention, destruction and use of personal data) are governed by the Data Protection Act 1998. The Act applies to all personal data - whether held on a computer or similar automatic system or whether held as part of a manual file. Personal data is defined as information relating to an identifiable living individual and can be held in any format, electronic (including websites and emails), paper-based, photographic etc. from which the individual's information can be readily extracted.
Under the 1998 Act, all organisations that process personal information are required to notify the Information Commissioner's Office. SERC Highland through SERC central has been registered. Registration number: ????????. This includes registration for the various types of processing of personal information and defines the persons or bodies to which the information may be disclosed.
It is an offence to process personal data except in strict accordance with the eight principles of data protection and rights of data subjects. Further information on the Data Protection Act can be found at http://www.dataprotection.gov.uk/. Failure to comply with the Data Protection Act could result in the prosecution not only of SERC Highland but also of any individual concerned.
You are specifically cautioned thatSERC Highland does not authorise any officer or member of SERC Highland or any other individual or organisation that may have access to any personal data held and processed by SERC Highland to hold or process that data on its behalf except where specifically stated and for the specific purpose as specified only.
In cases of doubt or difficulty contact SERC's Data Protection Officer, ????? on ??????????
REMEMBER - TREAT PERSONAL DATA WITH CARE. DON'T PASS ON PERSONAL INFORMATION TO UNAUTHORISED PERSONS
Eight Data Protection Principles
- Data should be processed fairly and lawfully.
- Data should be obtained for one or more specified lawful purposes.
- Data shall be adequate, relevant and not excessive.
- Data shall be accurate and where necessary kept up to date.
- Data is not kept longer than is necessary for its purpose.
- Data shall be processed in accordance with subject rights under the Act.
- Appropriate technical and organisational measures shall be taken against unauthorised/unlawful processing, loss, destruction, damage to personal data.
- Data shall not be transferred outside EEA unless that country/territory ensures adequate level of protection for rights and freedoms of data subjects in relation to the processing of personal data.
Data Subject Rights
- To make subject access requests regarding the nature of information held and to whom it has been disclosed.
- To prevent processing likely to cause damage or distress
- To prevent processing for purposes of direct marketing
- To be informed about mechanics of automated decision taking process that will significantly affect them
- Not to have significant decisions that will affect them taken solely by automated process
- To take action for compensation if they suffer damage by any contravention of the Act
- To take action to rectify, block, erase or destroy inaccurate data
- To request the Commissioner to assess whether any provision of the Act has been contravened.