Data Protection and Privacy Policy

Who we are

Findochty Community Council

Our website address is: http://findochty-cc.org

Personal Data & Privacy

Policy Statement
Findochty Community Council (“the Community Council”) is committed to safeguarding personal information in compliance with the Data Protection Act 2018 and relevant professional guidelines. The Community Council ensures that all personal data is handled securely and confidentially.

Responsibilities

• While not required to appoint a Data Controller, the Community Council determines the purpose and methods of data processing.
• The Community Council Secretary oversees policy compliance, member awareness, and data security.
• This policy applies to all personal information held by the Community Council, which may include:
  • Names
  • Addresses
  • Telephone numbers
  • Email addresses

The Community Council will review this policy periodically to ensure legal compliance and register with the Information Commissioner’s Office (ICO) as a data processor.

Data Processing

Lawful, Fair, and Transparent Processing
The Community Council processes personal data to serve and represent the interests of the local community.
To ensure lawful and transparent data processing, the Community Council maintains a Data Register detailing:

• What data is collected and stored.
• The lawful purpose for processing.
• Risks associated with data breaches.

The Data Register will be reviewed annually.

Individuals have the right to access, update, or delete their personal information, as outlined by ICO guidelines.

Lawful Purpose
Personal data is processed to achieve the Community Council’s mission to serve the community.

• The purpose of data processing is documented in the Data Register.
• Consent is obtained and recorded where required, and systems are in place for revoking consent.

All communications include clear data protection information, and requests for updates or deletions are handled promptly.

Consent
Consent is required for processing personal data and is obtained through:

• Verbal communication, followed by written confirmation when possible.
• Written consent via emails, forms, or surveys.
• Explicit opt-in consent for photographs, videos, or any media intended for publicity or online use.
• Parental or guardian consent for individuals under 16 years old.

Data Management

Data Minimisation
The Community Council ensures personal data is adequate, relevant, and limited to necessary purposes.

Accuracy
Reasonable steps are taken to ensure all personal data is accurate and up-to-date, including:

• Annual reviews of stored data.
• Recording and promptly rectifying inaccuracies.

Archiving and Deletion
The Community Council stores personal data only as long as necessary, following documented archiving and retention rules.

• Secure deletion ensures data is irretrievable.
• All deletions are recorded in the Data Register.

Security and Confidentiality
The Community Council ensures all personal data is securely stored:

• Paper records are kept in locked cabinets.
• Digital files are stored on secure systems with strong, frequently changed passwords and updated antivirus software.
• Data sharing is restricted to secure systems, and USB devices must have equivalent security measures.

Third-party service providers must comply with GDPR or Privacy Shield requirements.

Breach Management
In the event of a data breach, a group of at least three Community Council members, including the Secretary, will assess the situation and determine:

• The level of risk to individuals.
• Whether to report the breach to the ICO.

If individuals’ rights are at high risk, they will be notified immediately.
Recommendations for policy improvement will be presented at the next Council meeting.

Rights of Individuals

The Community Council recognises the following rights under GDPR:

• The right to withdraw consent at any time.
• The “right to be forgotten” – individuals can request data deletion.
• The right to access, update, or delete personal data freely.
• Explicit consent for sensitive data processing.
• Broader rights to claim compensation for breaches.

Complaints

Any dissatisfaction regarding the handling of personal data by the Community Council will be addressed through the complaint process.

• The Secretary will respond to complaints.
• If the issue remains unresolved, the complaint can be escalated to the Information Commissioner’s Office (ICO).

Contact Us
For questions or concerns regarding this policy, contact the Community Council Secretary at:
secfinechtycommunitycouncil@gmail.com

This policy is subject to periodic review to ensure compliance with legal and regulatory standards.