Data Protection Policy

SHERBURN IN ELMET COMMUNITY TRUST
DATA PROTECTION POLICY

Data Protection Act 1998

The Data Protection Act protects any individual on whom data is held from unlawful processing of data, and gives right of access to that data. The definition of data is not restricted to automatically processed information but also includes manual records and paper documents.

Sherburn in Elmet Community Trust is concerned with the protection of personal and/or confidential information in three areas:-

  • Data about our volunteers
  • Data about our library/hub users held on North Yorkshire County Council (NYCC) systems for which we act as Data Processors
  • Data we receive from users of our services not held on NYCC systems for which we are the Data Controller

Volunteer Information

The only personal information about our Volunteers that will be collected and kept will be that which has been voluntarily given by themselves in completing an application form.
This data will be kept securely and never divulged to any third party.

Library/Hub Data

  • Library volunteers processing personal information to provide library services on behalf of North Yorkshire County Council (NYCC) will be doing so using Library Management Systems provided by NYCC.
  • NYCC will retain ownership of the data and of data subsequently produced by the systems. NYCC will be the data controller and as such will be responsible for deciding the reasons for sharing any personal data and for deciding how that data can be processed.
  • Library Volunteers will be required to sign the Acceptable Use Agreement which details their responsibilities.The Trust delegates to the Library Steering (Management) Group the responsibility to:
  • Ensure that Volunteers understand their responsibilities for Data Protection and undertake any mandatory training which NYCC will specify and make available.
  • Prevent unauthorised access to buildings or equipment and to keep computers and documents secure at all times.
  • Ensure that nothing is connected to the IT equipment provided by NYCC without approval by NYCC ICT services.

Service User Data

Personal information recorded about service users will be stored and maintained with appropriate safeguards for confidentiality and the Data Protection Act.
As Data Controller we have determined that there is no requirement for the Trust to be registered with the Information Commissioners Office. This will be reviewed on an annual basis.

Monitoring and Review

The Library Steering (Management) Group will appoint one of its members to monitor conformance with the provisions of the Data Protection Act, liaise with NYCC and report to the Trustees where there are threats to the system.