Data Protection Policy & Guidelines

YOUTH EUROPA

1. organisational information – publicly available information about organisations and some confidential information
2. personal information – information about individuals such as names, addresses, …

• We will not hold information about individuals without their knowledge and consent. It is a legal requirement that people know what we are doing with their information and who it will be shared with.
• We will only hold information for specific purposes. We will inform data subjects what those purposes are. We will also inform them if those purposes change.
• If we buy in a mailing list we cannot use it for any other purpose than the original Data Controller specified – we must check original use.

• We will seek to maintain accurate information by creating ways in which data subjects can update the information held.
• Information about Data Subjects will not be disclosed to other organisations or to individuals who are not members of our organisation, staff or trustees except in circumstances where this is a legal requirement, where there is explicit or implied consent or where information is publicly available elsewhere.
• Data Subjects have the option not to receive marketing mailings from us or other organisations.
• Data Subjects will be entitled to have access to information held about them by us and for what purpose within 40 days or submitting a request.
• Subject to any rules of the organisation awarding the funding, information will not be retained once no longer required for its stated purpose, we will not keep more than a project requires or surplus information ‘just in case’. We will establish retention periods and a process to delete personal information when no longer required.
• At the beginning of any new project or type of activity the member of staff managing it will consult the Data Controller about any data protection implications.

• We have procedures for ensuring the security of all electronic personal data. Paper records containing confidential personnel data are disposed of in a secure way. Project documents and staff records are all kept in a locked filing cabinet, IT equipment containing personal information is kept in a looked room or cupboard when not in use.
• We will make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.