ISTC is registered as the Data Controller with the Information Commissioners Office.
Data protection policy: The General Data Protection Regulation sets out a framework for the handling of personal data and is supported by eight data protection principles as follows.
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
ISTC is committed to respecting and protecting the privacy and rights of its Members, students, affiliates and other contacts in accordance with the General Data Protection Regulation. This information sets out how ISTC seeks to apply the requirements of the General Data Protection Regulation.
APPENDIX
Key definitions as defined by the Data Protection Act.
Data means information which is being processed by means of equipment operating automatically in response to instructions given for that purpose; is recorded with the intention that it should be processed by means of such equipment; is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system.
The Act refers to a relevant filing system as any paper or manual filing system which is structured in such a way as to make that information about an individual readily accessible.
Personal data is data relating to a living individual who can be identified from that data or information which is in the possession of, or is likely to come into the possession of, the data controller. This includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Data controller means any person (or organisation) that determines the purposes for which and the manner in which any personal data are, or are to be, processed. The data controller has a responsibility to ensure all files relating to individuals are kept securely, are accurate, are up-to-date and are used only for the purposes specified.
A data controller must be a “person” recognised in law; this would be individuals, organisations and other corporate or unincorporated bodies of persons. The ISTC is a data controller.
Processing in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operations on the information or data i.e.: viewing, amending, copying, extracting storing, disclosing, destroying, deleting etc.
Third party means any individual and or organisation other than the data subject, the data controller (ISTC) or its agents/branches.