Privacy Policy

Data Protection Policy Statement

The Great Yarmouth Preservation Trust (GYPT) is committed to a policy of protecting the rights and privacy of members in accordance with The Data Protection Act 1998.  Any breach of The Data Protection Act 1998 is considered to be an offence and will incur appropriate penalties.

Managing Data Protection

GYPT is a not-for profit organisation and does not need to register with the Information Commissioner;  however, in order to ensure best practice GYPT will endeavour to adhere to the Data Protection Principles. 

Data Protection Principles

To meet the requirements of the Data Protection Act 1998, GYPT fully endorses the eight principles stated therein, and all will adhere to them at all times.

These principles are as follows. 

  • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
  • Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • Personal data shall be processed in accordance with the rights of data subjects under the Act.

The GYPT trustees will take responsibility for data protection in the Trust and will ensure the requirements of the Act are enforced. 

Purpose of GYPT  Data

In terms of the Data Protection Act 1998, the GYPT Committee is the ‘data controller’, and as such determines the purpose for which, and the manner in which, any personal data is processed. 

Administration • Accounts & Records • Advertising, Marketing & Public Relations

Data will be:

  1. Processed for Limited purpose

    The Data Controller will not use data for a purpose other than those agreed by GYPT trustees. If the data held is requested by external organisations for any reason, this will only be passed on if GYPT members agree. External organisations must state the purpose of processing, agree not to copy the data for further use and sign a contract agreeing to abide by The Data Protection Act 1998 and the GYPT Data Protection Policy.

  2. Adequate, relevant and not excessive
    The Data Controller will monitor the data held ensuring there is neither too much nor too little data in respect of the individuals about whom the data is held. If data given or obtained is excessive for such purpose, it will be immediately deleted or destroyed.

  3. Accurate and up-to-date
    GYPT members should notify the Data Controller of any changes, to enable personnel records to be updated accordingly and members have the right to review their data at any time. The Data Controller will invite members to review their data once a year to ensure it is accurate and up-to-date. Any amendments will be made immediately and data no longer required will be deleted or destroyed. Completion of an appropriate form (provided by The Data Controller) will be taken as an indication that the data contained is accurate.

  4. Not kept longer than necessary
    Data will not be retained for longer than it is required. All personal data will be deleted or destroyed after one year of non-membership has elapsed.

  5. Secure
    Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data. 

Monitoring and Review

Reviewed April 2018

The GYPT Trustees will review this policy every two years