The Amber Trust is committed to meeting its obligations under the Data Protection Act of 1998. The Trustees will strive to observe the law in all collection and processing of subject data and will meet any subject access request in compliance with the law.
The Amber Trust will only use data in ways relevant to carrying out its legitimate purposes and functions as a charity in a way that is not prejudicial to the interests of individuals. The Amber Trust will take due care in the collection and storage of any sensitive data. The Amber Trust representatives will do their utmost to keep all data accurate, timely and secure.
All Amber Trust representatives will be aware of the requirements of the Data Protection Act when they collect or handle data about an individual. Amber Trust representatives will not disclose data except where there is subject consent or legal requirement. Data sent to outside agencies will always be protected by a written contract. All collection and processing will be done in good faith. Paper records will be destroyed when no longer required.
Principles of data protection outlined in the Data Protection Act
All Amber Trust representatives processing personal data will comply with the principles of good practice, which state that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Not kept longer than necessary
- Processed in accordance with the data subject’s rights
- Held securely
This policy is reviewed regularly and updated as required.
Adopted: 21 January 2010
Last reviewed: 1 February 2017