The Association of Northern Mediators (ANM) is a ‘not for profit’ company limited by guarantee and is committed to protecting the privacy of all the personal information or data provided by those that are either members or otherwise use our services. Personal information and data is described as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”. This policy explains how we collect, use and store the personal information provided to us.
ANM commits to abide by the Data Protection Act 1998 (DPA) and the General Data Protection Regulation 2017 (GDPR) in all areas of its operation. This policy applies to everyone who works on its behalf and they are expected to work within the legislation. This policy sets out in detail the procedures in place to ensure that personal data relating to our members users and those that enquire about our services are treated in the appropriate way.
ANM acknowledge that individuals have the right to expect that appropriate and reasonable safeguards will be operated by ANM and any third parties engaged to protect the confidentiality, integrity and security of their personal and sensitive personal data. Where third parties process data on our behalf we will ensure though a legal agreement that the third party also operates in accordance with the DPA and the GDPR.
The DPA and the GDPR require that organisations process personal data in accordance with the eight Data Protection Principles and ANM has adopted those principles, which are:
ANM will never share or sell your data to other third party organisations for their marketing purposes, unless required by law (for example by public bodies in respect of the prevention and detection of crime).
We may allow our employees, volunteers or consultants and / or external providers acting on our behalf to access and use your information for the purposes for which it is intended (for example for transmission to potential mediators, online analytics or processing payments). We ensure that they are provided with the relevant data and ensure the information is treated with the same level of care we would do so ourselves.
Our website has links to websites owned and operated by third parties. These third parties have their own privacy policies, and will control the information you provide them with in accordance with their respective policies.
ANM has adopted this policy. The core requirements relate to the collection, storage, processing, records, confidentiality, security, incident management, retention and deletion, management, availability, integrity, and secure disposal of our donors and commercial agents personal and sensitive data.
We will only collect and process personal and sensitive data that has been obtained fairly and lawfully and for a specific set of purposes connected with the charity’s activities or where we have a legitimate purpose under law to do so. Data will be adequate and relevant and only used for the purposes collected. It will be maintained, kept accurate, and not retained for any longer than is necessary. We will before collecting any information consider:
ANM may use your personal information for a number of reasons. These include:
We will endeavour to contact you insofar as you are happy for us to do so, and in the event you change your preferences we shall act swiftly to ensure that our contact and information is adjusted as appropriate.
We will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
We will ensure that anyone whose personal information we process has the right to know:
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block, or erase information regarded as wrong or if consent is withdrawn.
Individuals have the right under the DPA and the GDPR to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the Data Compliance Officer Anthony Glaister by email email@example.com
The following information will be required before access is granted:
Queries about handling personal information will be dealt with swiftly and politely. ABCD aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the 40 days required by the DPA and the GDPR.
For further current information see https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Version 1 : November 2017 Review date : annually