• Skip Navigation
• Accessibility
• Site Map
• High Contrast Site

• Home
• Business Ideas
• Business Planning
• RED Consultancy
• Case Studies
• About Us
• Join RED
• News & Events
• Links

Privacy

What is the Data Protection Act?

A Data Protection Act is in place to protect individuals by regulating the way in which 'data controllers' collect, retain and use personal data.

What is a Data Controller?

The data controller is the person who decides why and how personal data is used within the organisation. In this instance Rapid Enterprise Development is the data controller.

What is Personal Data?

Personal data is any information we hold that relates to a living individual who can be identified either by the data alone or together with other information which is in the possession or likely to come into the possession of the data controller (Rapid Enterprise Development).

Does it matter in what format the data is held?

At the moment not all types of personal data are subject to the Act, though the types of data not covered are very limited. All data held in electronic form, as are most manually-held data so it is therefore a fundamental part of our organization that data collected meets the eight principles of the data protection act.

What are the 8 Principles?

A process of good information-handling. By following these Principles, data controllers can be confident that they are likely to be processing personal data correctly and in accordance with the Act.

In line with good practice and to ensure compliance with the DATA Protection Act 1998 Rapid Enterprise Development have implemented procedures to meet all of the eight protocols outlined by the DPA and ISO 17799guidelines and these are listed below:

The First Data Protection Principle:

Personal Data must be processed fairly and lawfully and shall not be processed unless certain conditions are met.

Social Enterprise Tyneside will clearly state on the website how we intent to use our membership information, especially with regards to: Why we hold the members’ Data?

Before any entry is made on to our Database the express permission will be gained from the Data subjects using the Internet Interactive Membership Form. If the Data subject wishes to discuss how the database is used and controlled this can be done via email or telephone. The information held will be controlled by using the same principles regarding confidentiality.

The Second Data Projection Principle:

Data must be obtained only for specified and lawful purposes and must not be processed in any way that is incompatible with the purpose.

Rapid Enterprise Development’s database is created to further the objects of the organisation, which are:

The promotion and development of social enterprises, social licences, social auditing and accounting

The creation of this Database will allow:

The promotion and development of social enterprise networks.

The purpose of this Database is to help bring people together swiftly and safely by using modern technology, supported by experience which can offer help and support via various means of modern communication.

The Third Data Protection Principle:

Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed.

By designing an Electronic Membership Form (EMF) Rapid Enterprise Development considers the information gathered from subject data is the minimum details needed to create a viable safe database and is not excessive to the point of being obtrusive. If people wish to offer more detailed information this is by choice. Any additional information submitted will be offered the same protection as the detailed fields on the EMF.

Fourth Data Protection Principle:

Personal Data shall be accurate and kept up-to-date.

Rapid Enterprise Development will apply strict adhering to the collection and entering of data on to the database will be required if the system is to be effective. On the Membership Information Form there will always be a second check to ensure that inaccurate entries are avoided. Annually members will be contacted and asked to up date any changes in their personal details.

The Fifth Data Protection Principle:

Personal Data processed for any purposes shall not be kept longer than is necessary for those purposes.

Rapid Enterprise Development will remove any data held from the Database between 3 and 6 months after work has ceased or immediately if a member indicates a change of mind regarding their openness of information. In such instances the information will be removed from the database outright at the time of the request.

The Six Data Protection Principle:

Personal data shall be processed in accordance with the rights of the data subjects under this act.

Permission will be gained from the data subjects that information is being processed about them to further the objects of Rapid Enterprise Development. Only information offered by the subject will be held on the database and by transmitting information agree to all the principles outlined. Annually members will be invited to update their details by completing a new membership data. This information will be checked against data held and to ensure records maintained are up to date and correct in content by submitting this updated information an understanding that continuation of consent is agreed. Quality control systems will be in place so this system is audited for errors. Any recurring non-conformities will be investigated and solved by various means.

The Seventh Data Protection Principle:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidentals loss or destruction of, or damage to, personal data.

Rapid Enterprise Development will afford all security possible to protect the identities and misuse of information held on the database. All computers have passwords that are changed at specific intervals. This is an auditable occurrence. Only authorised staff will have access to the database. A duplicate database will be held to prevent the loss of information and stowed safely. The doors to all offices where information may be stowed are locked at the end of the working day.

The Eight Data Protection Principle:

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Information regarding subjects living in this country will only be shared after consultation with the member whose data we retain and full discussion and permission obtained. The Database will never be linked directly to the Internet, as it is possible that access may be gained by non-authorised persons outside of the EU.

Aligned to good practice our procedures are intended to give assurance and protection to members who entrust Rapid Enterprise Development with their information and subsequent handling of such is granted the highest quality assurance.

If you have a complaint about how your data has been handled

In the first instance, put your complaint in writing to the Directors, Rapid Enterprise Development who will carry out a full internal investigation. If you are still unhappy you may complain to the Information Commissioner at the Data Protection Register who will decide whether the data has been processed in accordance with the Act. If it has not, the Information Commissioner can enforce the Act by issuing a Notice requiring the data controller to take steps to comply and within what time frame.