Data Protection Principles. Each User and/or ITM is a separate business project. Dreamport treats each User and/or ITM as an independent contractor – legal persons. Data provided by Users and/or ITMs means “personal data which concerns legal persons” (B2B relationships) and is necessary to access the Platform. As a result, Dreamport uses best practices originated from provisions of data protection laws and guides, at the same time, Dreamport as a party in B2B relationships may derogate from those laws and guides.
Data Protection Principles. Anyone processing personal data must comply with the seven Data Protection Principles set out in Article 5 of the UK GDPR, which in summary are:
Data Protection Principles. We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
Data Protection Principles.
4.1. The school will obtain consent from pupils and parents at the beginning of each academic year using the Images and Videos Parental Consent Form, which will confirm whether or not consent is given for posting images and videos of a pupil on social media platforms. The consent will be valid for the entire academic year.
4.2. A record of consent is maintained throughout the academic year, which details the pupils for whom consent has been provided. The DPO is responsible for ensuring this consent record remains up-to-date.
4.3. For the purpose of section 4.1, where a pupil is assessed by the school to have the competence to understand what they are consenting to, the school will obtain consent directly from that pupil; otherwise, consent is obtained from whoever holds parental responsibility for the child.
4.4. Parents and pupils are able to withdraw or amend their consent at any time. To do so, parents and pupils must inform the school in writing.
4.5. Consent can be provided for certain principles only, for example only images of a pupil are permitted to be posted, and not videos. This will be made explicitly clear on the consent from provided.
4.6. Where parents or pupils withdraw or amend their consent, it will not affect the processing of any images or videos prior to when consent was withdrawn or amended. Processing will cease in line with parents’ and pupils’ requirements following this.
4.7. In line with section 4.5, wherever it is reasonably practicable to do so, the school will take measures to remove any posts before consent was withdrawn or amended, such as removing an image from a social media site.
4.8. The school will only post images and videos of pupils for whom consent has been received.
4.9. Only school-owned devices will be used to take images and videos of the school community, which have been pre-approved by the school for use.
4.10. When posting images and videos of pupils, the school will apply data minimisation techniques, such as pseudonymisation (blurring a photograph), to reduce the risk of a pupil being identified.
4.11. The school will not post pupils’ personal details on social media platforms.
4.12. Pupils’ full names will never be used alongside any videos or images in which they are present.
4.13. Only appropriate images and videos of pupils will be posted in which they are suitably dressed, i.e. it would not be suitable to display an image of a pupil in swimwear.
4.14. When posting on social media, the school will use...
Data Protection Principles. The employer will comply with data protection law. This says that the personal information the employer holds about the employee must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that the employer has clearly explained to the employee and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes the employer has told the employee about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes the employer has told the employee about.
6. Kept securely.
Data Protection Principles. 4.1 Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:
(a) Processed fairly and lawfully.
(b) Processed for limited purposes and in an appropriate way.
(c) Adequate, relevant and not excessive for the purpose.
(d) Accurate.
(e) Not kept longer than necessary for the purpose.
(f) Processed in line with data subjects' rights.
Data Protection Principles. 7.1 What do I need to know to help me decide whether or not to share?
7.1.1 Whether the data sharing is systematic / routine data sharing or one off data sharing, there are supporting principles applicable to both. Understanding these principles will help you to decide whether or not to share personal data and complete any necessary documentation – e.g. a DPIA, a Data Sharing Agreement or a Data Sharing Decision Form.
Data Protection Principles. Processed fairly, lawfully and transparently (e.g. Privacy Notices/Statements). • Collected for specific purposes and not used for incompatible purposes. • Adequate, relevant and limited to what is necessary. • Accurate and, where necessary, kept up to date. • Retained no longer than necessary (e.g. Retention & Destruction Schedules). • Kept securely (e.g. ICT Security Policies). More detail on each of the data protection principles is attached as Appendix C or from the ICO. See links on the contents page of this document.
Data Protection Principles. Data Protection Act 1998 Rights of the Individual
Data Protection Principles. Under Data Protection Legislation, there are six data protection principles that Xxxxxx Hospice must comply with. These provide that the personal information we hold about you must be:
