- IDXtra holds three types of information which are covered by this policy
- organisational information – publicly available information about organisations and some confidential information
- personal information – information about individuals such as names, addresses, job titles
- sensitive personal information – in general this kind of information is only held about employees.
Information about organisations is not covered by the Data Protection Act. However there is sometimes ambiguity about whether certain information is personal or organisational. Also IDXtra should strive for best practice as regards organisational information. For these reasons organisational information is covered by this policy.
The organisations and people about which IDXtra holds information are referred to in this policy as data subjects.
- IDXtra will not hold information about individuals without their knowledge and consent.
- IDXtra will only hold information for specific purposes. It will inform data subjects what those purposes are. It will also inform them if those purposes change.
- Information will not be retained once it is no longer required for its stated purpose.
- IDXtra will seek to maintain accurate information by creating ways in which data subjects can update the information held.
- Data subjects will be given the option not to receive marketing mailings from IDXtra or other organisations (but see 3 above).
- Data subjects will be entitled to have access to information held about them by IDXtra.
- Information about data subjects will not be disclosed to other organisations or to individuals who are not members of IDXtra staff except in circumstances where this is a legal requirement, where there is explicit or implied consent or where the information is publicly available elsewhere.
- IDXtra has procedures for ensuring the security of all personal data. Paper records containing confidential personnel data are disposed of in a secure way.
- IDXtra has a set of procedures covering all areas of its work which it follows to ensure that it achieves the aims set out above.
- The Company Secretary has been designated as the Data Protection Compliance Officer for IDXtra.
- At the beginning of any new project or type of activity the member of staff managing it will consult the Company Secretary about any data protection implications.
- There may be situations where IDXtra works in partnership with other organisations on projects which require data sharing. IDXtra will clarify which organisation is to be the Data Controller and will ensure that the Data Controller deals correctly with any data which IDXtra has collected.
- All new staff will be given training on the data protection policy and procedures.
- IDXtra will carry out an annual review of its data protection policy and procedures.