1 – Introduction
The Knowle Park Trust (the “Trust”) is committed to protecting the privacy and security of personal data. This policy describes how we collect and use personal data in accordance with the General Data Protection Regulation (GDPR) and any other national implementing laws, regulations, and secondary legislation.
2 – Scope
This policy applies to all personal data processed by the Trust, including data collected through our CCTV system, used for the purpose of crime prevention and detection.
3 – Data Protection Principles
The Trust will comply with data protection law, which says that the personal data we hold must be:
-Used lawfully, fairly, and transparently.
-Collected only for valid purposes that we have clearly explained and not used in any way that is incompatible with those purposes.
-Relevant to the purposes we have told you about and limited only to those purposes.
-Accurate and kept up to date.
-Kept only as long as necessary for the purposes we have told you about.
-Kept securely.
4 – Data Processing Activities
The Trust collects and processes personal data for a range of purposes, including:
-Ensuring the security and safety of the parkland and event space, including through the use of CCTV systems.
-Managing car park usage and operations.
-Organising and managing events.
-Responding to enquiries and complaints.
-Complying with our legal obligations.
5 – Data Subject Rights
Under GDPR, individuals have the right to:
-Be informed about the processing of their personal data.
-Access their personal data.
-Rectify inaccuracies in their personal data.
-Erase their personal data in certain circumstances.
-Restrict processing of their personal data in certain circumstances.
-Object to the processing of their personal data in certain circumstances.
-Data portability for their personal data.
Individuals may exercise these rights by contacting the Trust’s data protection officer.
6 – Data Retention
The Trust will retain personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. CCTV footage will be kept for a maximum of 30 days, unless it is being used for an ongoing investigation.
7 – Data Security
The Trust has put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.
8 – Data Breaches
In the event of a data breach, the Trust will promptly notify the relevant supervisory authority and any affected individuals, in compliance with the GDPR.
9 – Data Protection Officer
The Trust has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this policy. If you have any questions about this policy, or you would like to exercise your rights in relation to your personal data, please contact the DPO.
10 – Changes to this Policy
The Trust may update this policy from time to time. We will notify you of any changes by posting the new policy on our website.
This policy was last updated on 17th May 2023.