Data Protection: Policy & Guidelines
Dreamstore supports and promotes activities which benefit education, social inclusion, and conservation through one of the nation’s favourite pastimes, fishing. Any personal data gathered is for no other purpose. Dreamstore has no interest in retaining data for any other reason that keeping in touch with people who share its ambition. Dreamstore will treat information with the respect it would expect from others. Information is retained solely to support Dreamstore activities and shared only as absolutely necessary with, for example, SQA (for Dreamstore Academy) and with MailChimp for occasional direct mailings to update on Dreamstore Activity.
The Data Protection Principles
1 Dreamstore (Dreamstore UK, including Dreamstore Academy) may process personal data where:
- When it has obtained a person’s consent
- Where processing is necessary for the performance of a contract to which a person is party eg. registration of participant on Dreamstore Academy course with Scottish Qualifications Authority (SQA).
- When it is necessary to comply with a legal obligation or standard accounting practice.
2 Any personal data will be obtained for purposes as specifically notified by:
- Memo or email
- Leaflet or flyer or notice
- Web registration
3 Dreamstore will ensure that the information gathered isn’t excessive for the specific purpose (of which prior notice has been given) without a clear explanation being given.
4 Dreamstore will take reasonable steps to monitor and review the accuracy of information provided, even where the individual has supplied it.
5 Dreamstore will keep personal data for no longer than necessary, depending on the purpose for which the information was provided. In respect of Dreamstore Academy, registration and relevant course data will be retained in line with requirements of SQA
6 Dreamstore will take all reasonable steps to guard against loss, destruction, as well as any unauthorised processing of personal data. Electronic data will always be retained on password protected devices.
7 Dreamstore will not transfer data out of the UK, unless:
- Adequate protection is available in such territories
- It is necessary for reasons of substantial public interest, or the transfer of legal proceedings
“Personal information” is data that Dreamstore is able to process from existing records (files and or computers and databases). This includes video recording, voice recording, photographs, telephone calls, and information obtained in the course of incoming or outgoing communications through the internet and downloading from the internet.
Dreamstore will process personal data “fairly” as follows:
- Personal data will be processed by Dreamstore at all times; however, if ever a third party were to process data, the individual will be notified – for example, with registration on the SQA database.
- If there was ever to be the need for third party processing the individual will be informed, appropriately.
- Dreamstore will always explain the purpose of collecting data. As a matter of course, Dreamstore will not provide any data collected to any third party without appropriate permissions.
Individual rights under data protection laws are outlined by the Data Commissioner’s Office:
Dreamstore is not registered with the ICO as it is a not-for-profit organisation using personal data only for communications relating solely to Dreamstore activities.
“Sensitive personal data” covers information in the following categories:
- Racial or ethnic origin
- Political Opinions
- Religious Beliefs
- Trade union membership
- Physical or mental health
- Sexual Life
- Criminal Offences or charges
As a matter of course Dreamstore will not process or disclose personal sensitive data unless it is legally required.
Right of Access
Dreamstore provides the right to access personal data (including manual files) subject to a written request. The information supplied will be in an intelligible manner (physical file or PDF) unless it would involve inordinate time and expense, in which case it will be in some other intelligible manner:
- Individuals have a right to request and be told the purpose of processing personal data and who has access to such information
- A right to request and be told the source of the data.
- Individuals have the right to rectification, erasure, data portability, and to object.
Dreamstore will only hold personal information for which consent has been given to allow the holding and processing of necessary personal information and data. Individuals may unsubscribe or have their data erased by informing Dreamstore directly, or by unsubscribing from any mailing originated through Mailchimp.
Issues Arising From these Guidelines
If any person has any concerns or queries with these guidelines, please contact Dreamstore immediately using our contact form on dreamstore.org
This policy in line with, and will be updated when required by;
- The General Data Protection Regulation (EU) 2016/679 (GDPR) and any related legislation which applies in the UK, including any legislation derived from the Data Protection Act 2018.
- The Privacy and Electronic Communications Regulations (2003) and any successor or related legislation, including the E-Privacy Regulation 2017/0003.
- All other applicable laws and regulations relating to the processing of personal information and privacy, including statutory instruments and, where applicable, the guidance and codes of practice issued by the Information Commissioner’s Office or any other supervisory authority.