Our Data Protection Principles
1. Personal data shall be processed fairly and lawfully and shall not be processed unless certain conditions are met.
There are two parts to meeting the requirements of this principle. The first relates to fair obtaining which requires that certain information be made available at the time of obtaining information; and the second to the conditions for legitimate processing, at least one of which must be met. These include:
2. Personal data should be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes. Personal data obtained for one purpose may not be used for a completely different one without prior reference to the individual.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose. It shall be accurate and where necessary, kept up to date. We regard information quality and reliability as critical factors in effective data protection.
4. Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes.
5. Personal data (data relating to a living individual who can be identified) shall be processed in accordance with the rights of data subjects under extant legislation. These include the rights to:
6. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 'Processing' includes operations from collecting and acquiring through to disposal.
7. Personal data shall not be transferred to a country or territory outside the European Economic Area (the EU member States plus Iceland, Liechtenstein, Norway or Switzerland) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The StringsReunited database is held on servers in Germany, with the web hosts '1and1.com'
Personal data should not be disclosed to anyone outside the Company (except with authorisation). The sending of personal data by email, a conference network, the Internet or file transfer constitutes a disclosure to the addressee and the company must ensure that such disclosures have been previously notified and that such disclosures are compatible with the data protection principles. Disclosures with the consent of the data subject are always permissible.
An individual is entitled to be supplied with all the personal data held about them, subject to conditions.
© StringsReunited.com 2006-8.