On the 31st December 2020, the Brexit transition period ended. After Brexit, the UK is no longer regulated domestically by the European General Data Protection Regulation (GDPR), which governs processing of personal data from individuals inside the EU. Instead, the UK now has its own version known as the UK-GDPR (United Kingdom General Data Protection Regulation). The new UK-GDPR took effect on January 31, 2020.
Motherwell Boys Brigade Battalion takes your privacy seriously and never shares data with anyone outside of the Boys Brigade Organisation. We utilise 3 main systems for managing your information, these are email, e-commerce software and accounts software. We have completed a privacy impact assessment to identify the personal data we hold. As a BB Officer, Parent of a BB boy or someone involved in the local BB community we consider you as someone who has a legitimate interest in the Battalions activities. Under the General Data Protection Regulations, you have the right to ask for the data we hold and to be forgotten. This can be done by contacting us.
Data Processor or Controller
We are a data controller, meaning we determine the purposes and means of the processing of personal data, such as name, address and email address for the purposes of sending information about your orders.
To comply with the General Data Protection Regulations, we have used the following six principles to guide our handling of personal data:
1. Lawfulness, fairness and transparency
Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)]. Fair: What is processed must match with how it has been described. Transparency: Tell the subject what data processing will be done.
- We process personal data we collect in a fair, lawful and transparent manner; and in accordance with individuals’ rights.
2. Purpose limitations
Personal data can only be obtained for “specified, explicit and legitimate purposes” [article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
- We will only collect personal data for specified, explicit and legitimate purposes. Data we collect will not be used for any other purposes other than what you as the data subject(s) have been made aware of.
3. Data minimisation
Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” [article 5, clause 1(c)]. i.e. No more than the minimum amount of data should be kept for specific processing.
- We will only collect personal data that is needed, adequate and relevant for the specific purpose.
Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)]. Data holders should build rectification processes into data management / archiving activities for subject data.
- We will ensure that personal data we collect is accurate, kept up to date and correct. You are responsible for ensuring that the data we hold is accurate and kept up to date by notifying us of changes or using the tools provide to update yourself e.g. email address.
5. Storage limitations
Regulator expects personal data is “kept in a form which permits identification of data subjects for no longer than necessary” [article 5, clause 1(e)]. Data no longer required should be removed.
- We will only keep personal data we collect for as long as it is needed, and you have the right to request your individual data is permanently deleted.
6. Integrity and confidentiality
Requires processors to handle data “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage” [article 5, clause 1(f)].
- We will process all personal data we collect in a manner that protects it against unwanted modification, disclosure or unlawful processing.
- We will use a risk-based approach to ensure our systems have the appropriate technical and organisational controls to safeguard the integrity and confidentiality of the personal data you give us.