Privacy Policy

Nith Catchment Fishery Trust

Data Privacy Notice

The Nith Catchment Fishery Trust holds certain personal data for the purpose of fulfilling its charitable objects as set out in its constitution, which includes the conservation and enhancement all species of freshwater fish and their environments for public benefit within its district and to advance the education of a wide range of people and organisations.  We will only pass personal data to third parties without the consent of the data subject where it is necessary for us to do so in support of the fulfilment of our charitable objects. Data is held subject to our Data Handling Policy. The Trust’s responsible officer for data is Debbie Parke and any queries regarding this Privacy Notice should be directed at her.

Contact details are:

Nith Catchment Fishery Trust

37 George Street

Dumfries

DG1 1EB

01387 740 043

trust@river-nith.com

www.river-nith.com

Charity no.  SC040908

Company no.  SC366067

Data Handling Policy

1. The Trust in pursuance of its charitable objects which includes the conservation and enhancement all species of freshwater fish and their environments for public benefit within its district and to advance the education of a wide range of people and organisations needs to process personal data. The Trust accepts that it is a data controller for the purposes of the General Data Protection Regulations and that it must comply with the following six principles for the handling of personal data:

·         fairly and lawfully processed

·         processed for limited purposes

·         adequate and relevant and limited to what is necessary

·         accurate and where necessary up to date

·         not kept in a way that people can be identified from it for longer than is necessary

·         processed in a way that ensures appropriate security

2. The Trust’s officer responsible for compliance with GDPR is Debbie Parke. She will maintain the Trust’s databases in compliance with GDPR. The Trust will hold four separate databases:

·         A Contract database with information required in fulfilment of those contracts

·         A Legitimate Interests database held subject to satisfaction of a ‘legitimate interests’ assessment[1]’ (LIA assessment);

·         Consent database, all data held under consent of the data subjects.

3. The Trust will audit its information annually to ensure that its data bases are compliant with the six principles of GDPR. In particular, the audit will ensure:

·         that data is held in compliance with the act

·         data held is accurate

·         that no more data is held than is necessary

·         that data will be held only for so long as it is needed.

After each annual audit the responsible officer will note that the audit has taken place and that he/she certifies the Trust’s databases as being compliant with GDPR.

4. The Trust will ensure that all the data held is securely stored. This will apply to physical copies of data as well as computer-based data.

5. The Trust will respond within 28 days to any written request (including by e-mail) by a data subject for details of information held by the Trust on them.

6. The Trust will publish a Privacy Notice on its website.

[1] The LIA assessment requires that the information officer before entering the data on the Legitimate Interests database satisfies him/herself that the Trust is pursuing a legitimate interest in so doing, that processing the data is necessary for that purpose and that he/she has considered whether there are any balancing personal issues that override the right of the Trust to process that data (for example where that individual has particular vulnerabilities).