Privacy Policy
Nith District Salmon Fishery Board
Privacy Notice
The Nith District Salmon Fishery Board holds certain personal data for the purpose of fulfilling its statutory responsibilities under the Salmon and Freshwater Fisheries (Consolidation) (Scotland) Act 2003, which includes the protection of salmon fisheries within its district. We will only pass personal data to third parties without the consent of the data subject where it is necessary for us to do so in support of our statutory responsibilities. Data is held subject to our Data Handling Policy. The Board’s responsible officer for data is Jim Henderson and any queries regarding this Privacy Notice should be directed at him.
Contact details:
Nith District Salmon Fishery Board
37 George Street, Dumfries, DG1 1EB
01387 740 043
board@river-nith.com
www.river-nith.com
Data Handling Policy
1. The Board has rights and duties under the Salmon and Freshwater Fisheries (Consolidation) (Scotland) Act 2003 which necessitates the processing of data. The Board accepts that it is a data controller for the purposes of the General Data Protection Regulations and that it must comply with the following six principles for the handling of personal data: –
· fairly and lawfully processed
· processed for limited purposes
· adequate and relevant and limited to what is necessary
· accurate and where necessary up to date
· not kept in a way that people can be identified from it for longer than is necessary
· processed in a way that ensures appropriate security
2. The Board’s officer responsible for compliance with GDPR is Jim Henderson. He will maintain the Board’s databases in compliance with GDPR. The Board will hold four separate databases:
· A Public Task database of data held necessary to uphold the Board’s statutory duties
· A Contract database with information required in fulfilment of those contracts
· A Legitimate Interests database held subject to satisfaction of a ‘legitimate interests’ assessment[1]’ (LIA assessment);
· Consent database, all data held under consent of the data subjects.
3. The Board will audit its information annually to ensure that its data bases are compliant with the six principles of GDPR. In particular, the audit will ensure:
· that data is held in compliance with the act
· data held is accurate
· that no more data is held that is necessary
· that data will be held only for so long as it is needed.
After each annual audit the responsible officer will note that the audit has taken place and that he certifies the Board’s databases as being compliant with GDPR.
5. The Board will ensure that all the data held is securely stored. This will apply to physical copies of data as well as computer-based data.
6. The Board will respond within 28 days to any written request (including by e-mail) by a data subject for details of information held by the Board on them.
7. The Board will publish a Privacy Notice on its website
[1] The LIA assessment requires that the information officer before entering the data on the Legitimate Interests database satisfies him/herself that the Board is pursuing a legitimate interest in so doing, that processing the data is necessary for that purpose and that he/she has considered whether there are any balancing personal issues that override the right of the Board to process that data (for example where that individual has particular vulnerabilities).