We acknowledge and agree that all personal data handled by the Society will be processed in accordance with current data protection law.
The Society may update this policy from time to time to ensure good practice with data management. Any updates will be published at socenv.org.uk /privacy
Type of information processed
The Society for the Environment processes the following personal information: names, personal addresses, Licenced Body membership number, email address and date of birth of Chartered Environmentalists and Registered Environmental Technicians.
Personal information is kept in the following forms: cloud based servers.
Only specific staff within the organisation who will process personal information will have access to personal information.
The needs we have for processing personal data are recorded on the public register maintained by the Information Commissioner. We notify and renew our notification on an annual basis as the law requires.
If there are any interim changes, these will be notified to the Information Commissioner within 28 days.
Under the Data Protection Guardianship Code, overall responsibility for personal data in a not for profit organisation rests with the governing body. In the case of the Society for the Environment, all staff, trustees and volunteers have responsibilities to abide by the policy.
All employed staff who process personal information must ensure they not only understand but also act in line with this policy and the data protection principles.
Breach of this policy will result in disciplinary proceedings.
To meet our responsibilities staff will:
• Ensure any personal data is collected in a fair and lawful way;
• Explain why it is needed at the start;
• Ensure that only the minimum amount of information needed is collected and used;
• Ensure the information used is up to date and accurate;
• Review the length of time information is held;
• Ensure it is kept safely;
• Ensure the rights people have in relation to their personal data can be exercised
We will ensure that:
• Everyone managing and handling personal information is trained to do so.
• Anyone wanting to make enquiries about handling personal information, whether a member of staff, volunteer or service user, knows what to do;
• Any disclosure of personal data will be in line with our procedures.
• Queries about handling personal information will be dealt with swiftly and politely.
Training and awareness raising about the Data Protection Act and how it is followed in this organisation will take the following forms:
General training/ awareness raising: processes will be reviewed every six months and all staff informed of changes and updates, reminders of the policy will be made biannually where no changes are made.
What do we do with the personal data we gather
This data provided to the Society by your Licenced Body will be used in the following ways.
- To maintain the registers of environmental professionals.
- To ensure effective governance of the Society in accordance with the Royal Charter and Bylaws.
- To enable appropriate communication of the Society’s relevant activities to registrants, Licenced Body staff and volunteers.
- Provide details of our activities and events by email to those individuals who have opted to receive updates.
- To support the representatives of Society’s Committees and Reviews that may include discussions about, or the provision of anonymous data.
We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us develop the website (www.socenv.org.uk) and our service and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
The organisation will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures are taken: computer systems are password restricted, all files on Microsoft SharePoint are routinely backed up.
Any unauthorised disclosure of personal data to a third party by an employee may result in disciplinary proceedings or termination.
Data stored externally
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, we do not have any control over other websites and cannot be responsible for the protection and privacy of any data which you provide whilst visiting sites not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Subject Access Requests
Anyone whose personal information we process has the right to know:
• What information we hold and process on them
• How to gain access to this information
• How to keep it up to date
• What we are doing to comply with the Act.
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.
Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing or via email to Elaine Rutherford.
The following information will be required before access is granted: Full name and contact details of the person making the request, their relationship with the organisation and any other relevant information pertinent to the request. For Chartered Environmentalists or Registered Environmental Technicians seeking to access records, their registrant number and their professional body membership.
Queries about handling personal information will be dealt with swiftly and politely. We will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the 40 days required by the Act from receiving the written request.