The Portico Library and Newsroom Ltd (“the Library”) needs to collect and use certain types of information (“personal data”) about its members, staff, volunteers, supporters and sponsors (“the data subjects”) in order to carry on its activities. Personal data must be collected and dealt with in accordance with the General Data Protection Regulation (EU Regulation 2016/679) and the Data Protection Act 2018.
2 Collection, processing and use
(a) The Library will take all necessary measures to ensure that it will be able to adhere to the Principles in Article 5 of the Regulation and the six data protection principles in sections 86 to 91 of the Act.
(b) When collecting personal data, the Library will tell the data subject what the data will be used for.
(c) The Library will ensure that personal data will be stored securely; accessible only to authorised staff and authorised volunteers; kept up to date; corrected if requested by the data subject; retained for only as long as either it is –
· needed for the purpose for which the data was collected or a purpose to which the data subject has since consented, or
· required or permitted by law to be retained; disposed of in accordance with the Regulation and the Act.
(d) The Library will maintain a procedure for responding to a request from a data subject for access to personal data held by the Library. Requests for personal data held by the Library should be made in writing to the Librarian (by post or email or hand-delivered to the Library) and will be fulfilled within 24 Library opening days.
· The Library will not disclose personal data to another person unless the data subject consents, or
· the law requires or permits disclosure without consent.