This Privacy Notice is provided to you by the Coordinating Committee of The Highams Park Planning Group (HPPG) which is the data controller for your personal data.
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be directly using the data itself or by combining it with other information which helps to identify a living individual. The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.
The Highams Park Planning Group (HPPG) collects and uses information about people with whom it communicates.
This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the GDPR.
HPPG regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain the confidence of those with whom it deals.
To this end HPPG fully endorses and adheres to the Principles of Data Protection, as set out in the GDPR.
The purpose of this policy is to ensure that the members of HPPG are clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place which are consistently followed.
Failure to adhere to GDPR is unlawful and could result in legal action being taken against the HPPG or its volunteers handling data.
GDPR regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
Data users must comply with the data protection principles of good practice which underpin GDPR. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
The right to access personal data we hold on you
At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within one month.
There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
The right to correct and update the personal data we hold on you
If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
The right to have your personal data erased
If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
When we receive your request we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it to comply with a legal obligation).
The right to object to the processing of your personal data or to restrict it to certain purposes only.
You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
The right to data portability
You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).
Other data controllers HPPG works with:
- Contractors (consultants who we may use from time to time to assist with preparation of the Highams Park Plan)
- Waltham Forest Council
We may need to share your personal data we hold with them so they can assist us with our work on the Highams Park Plan but in most instances personal information is redacted. If we and the other data controllers listed above are processing your data jointly for the same purposes, then the council and the other data controllers may be “joint data controllers” which mean we are all collectively responsible to you for your data. Where each of the parties listed above are processing your data for their own independent purposes then each of us will be independently responsible to you and if you have any questions, wish to exercise any of your rights (see below) or wish to raise a complaint, you should do so directly to the relevant data controller.
The right to lodge a complaint with the Information Commissioner’s Office.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Transfer of Data Abroad
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. [Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas].
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to this notice
We keep this Privacy Notice under regular review and we will place any updates on this web page: http://highamsparkplan.org/data-protection-policy . This Notice was last updated in May 2018.
Please contact us if you have any questions about this Privacy Notice or the personal data we hold about you or to exercise all relevant rights, queries or complaints at:
The Data Controller
The Highams Park Planning Group
HPPG as a body is a DATA CONTROLLER under the Act, and the Coordinating Committee is ultimately responsible for this policy’s implementation.
The following procedures have been developed in order to ensure that the HPPG meets its responsibilities in terms of Data Protection.
Data records Purposes
HPPG obtains personal data (such as names, addresses, phone numbers and email addresses) from members and others. This data is obtained, stored and processed solely to assist personnel in the efficient running of the HPPG. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on the HPPG’s database.
HPPG will process some or all of the following personal data where necessary to perform its tasks:
- Contact details such as names, telephone numbers, addresses, and email addresses;
- Where they are relevant to HPPG fulfilling the aims in its constitution;
- Information submitted by you in response to surveys or questionnaires that HPPG may prepare and circulate from time to time.
- To send you emails with information about activities, and events and projects arranged by HPPG and other parties.
Written consent is not requested on the basis that HPPG has a legitimate interest as it is assumed that the consent has been granted when an individual freely gives their own details.
Personal data will not be passed on to anyone outside the HPPG without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case the Secretary will discuss and agree disclosure with the Chair.
Only the HPPG’s volunteers involved in the running of HPPG or one of its subgroups (known as topic working groups) will normally have access to personal data.
All such volunteers are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.
Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the running of the HPPG or its sub-groups.
Information will not be passed on to anyone outside the HPPG without their explicit consent, excluding statutory bodies e.g. the Inland Revenue.
Individuals will be supplied with a copy of any of their personal data held by the HPPG if a request is made.
All confidential post must be opened by the addressee only.
HPPG will take reasonable steps to keep personal data up to date and accurate.
Personal data will be stored for as long as the individual continues to be a member and normally longer. Where an individual ceases to be a member and it is not deemed appropriate to keep their records, their records will be destroyed. However, unless we are specifically asked by an individual to destroy their details, we will normally keep them on file for future reference.
If a request is received from a member to destroy their records, we will remove their details from the database and request that all personnel holding paper or electronic details for the member destroy them. This work will be carried out by the Secretary, Chair or Deputy Chair of HPPG who act as Information Officers.
This procedure applies if HPPG is informed that a member has passed away.
Personal data may be kept in paper-based systems and on a password-protected computer system. Paper- based data are stored in organised and secure systems.
Use of Photographs
Where practicable, the HPPG will seek consent of members / individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), the HPPG will remove any photograph if a complaint is received. This policy also applies to photographs published on the HPPG’s website updates, circular emails and similar.
Responsibilities of volunteers
During the course of their duties with the HPPG, volunteer members will be dealing with information such as names/addresses/phone numbers/e-mail addresses of members. They may be told or overhear sensitive information while working for HPPG. The GDPR gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Personnel