English
T H E   O R D E R   O F   T H E   K N I G H T S   O F   S T   C O L U M B A
English
Serve God by Serving Others

DATA PROTECTION & PRIVACY POLICY
the formal written approval of the Knights of St. Columba Data Protection Officer (Ray Pealing) and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary; and 
e) No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Organisation where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Organisation that all suitable technical and organisational measures have been taken). 
 
Data Security - Disposal 

When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed) it will be securely deleted and disposed of. For further information on the deletion and disposal of personal data, please refer to the Organisation's Data Retention Policy. 
 
 
Data Security - Use of Personal Data 

I. The Organisation shall ensure that the following measures are taken with respect to the use of personal data: 
a) No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Organisation requires access to any personal data that they do not already have access to, such access should be formally requested from the Responsible Officer (Ray Pealing); 
b) No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Organisation or not, without the authorisation of the Responsible Officer (Ray Pealing); 
c) Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors, or other parties at any time; 
d) If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it; and 
e) Where personal data held by the Organisation is used for any type of membership or marketing purposes, it shall be the responsibility of the Supreme Director for that Department to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS. 
 
Where the Organisation is acting as data processor for and on behalf of a third-party data processor in the provision of services to that controller, personal data belonging to the data controller may not be used for any purpose or to any end that is inconsistent with the purpose for which it was originally provided or which is outside the terms of the contract under which the processor has agreed to provide the services to the controller.