This policy applies to The Burma Star Association’s (BSA) Trustees, President, Vice-presidents, Council members, employees, consultants, associates, temporary workers, volunteers, contractors,
suppliers and partners. All these groups are to be made fully aware of this policy and of their duties and responsibilities under the General Data Protection Regulation 2016 and any other relevant
In carrying out its work, the BSA collects and uses information about a variety of people. These may include current, past and prospective employees, trustees, volunteers, consultants, contractors,
temporary workers, clients, beneficiaries and suppliers. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in
computer records or recorded by any other means. The BSA regards the lawful and correct treatment of personal information as very important to its successful operation and to maintaining confidence
between it and whom it aims to help and those with whom it carries out business.
Handling of Personal Data
The BSA will, through appropriate management and the use of strict criteria and controls:
- Observe fully conditions regarding the fair collection and use of personal information, including obtaining and recording consent where needed;
- Meet the legal obligations to specify the purpose for which information is used;
- Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- Ensure information is accurate and kept up to date;
- Ensure information is not kept for longer than is necessary for the intended purpose;
- Ensure information is processed in accordance with the rights of data subjects under current legislation;
- Ensure information is kept secure i.e. protected by an appropriate degree of security;
- Ensure methods of handling personal information are regularly assessed and evaluated.
- All staff must take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that.
- Paper files and other records or documents containing personal data are kept in a secure environment;
- Personal data held on computers and other information communications technology (ICT) systems is protected in accordance with the BSA’s Information Security Policy and its associated security
- All Trustees, the President, Vice-Presidents, Council members, volunteers, contractors, consultants, associates and partners, must:
- Ensure that they and all of their staff, where relevant, who have access to personal data held or processed for or on behalf of the BSA, are aware of this policy and are fully aware of their
duties and responsibilities, ensuring that they apply the same standards for the handling of such data;
- Follow other supplementary data protection policies or procedures specific to their role;
- Allow data protection audits by the BSA of data held on its behalf (if requested);
- If they fail to follow BSA policies and procedures, indemnify the BSA against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.
- All contractors, suppliers and partners who are users of personal information supplied by the BSA will be required to confirm that they will abide by the requirements of data protection
legislation with regard to information supplied by us, either through the contract between the two parties and in a data sharing agreement.
- All trustees, presidents, vice-presidents, Council members, employees, volunteers, consultants, associates, temporary workers, contractors and suppliers shall:
- Take all reasonable steps to prevent any personal data they process, access or transfer in the course of their employment or association with the BSA from being disclosed to or accessed by any
- Comply with the General Data Protection Regulation 2016 and any relevant data protection legislation when processing any personal data in the course of their employment or association with the
- Take all reasonable steps to ensure that any third party to whom they transfer or give access any personal data not only complies with relevant data protection legislation but also prevents it
from being disclosed to or accessed by any unauthorised person;
- Report immediately on becoming aware of any actual or suspected breach of data protection legislation in accordance with the BSA’s Data Security