The Lovelace Foundation is committed to meeting its obligations under the Data Protection Act of 1998. The Lovelace Foundation will strive to observe the law in all collection and processing of subject data and will meet any subject access request in compliance with the law. The Lovelace Foundation will only use data in ways relevant to carrying out its legitimate purposes and functions as a charity in a way that is not prejudicial to the interests of individuals. The Lovelace Foundation will take due care in the collection and storage of any sensitive data. The Lovelace Foundation staff will do their utmost to keep all data accurate, timely and secure.
As a non-governmental organization, the Lovelace Foundation will share its data with Lovelace Foundation staff and partners overseas but will work to ensure that all staff understand they are required to observe international data protection laws when handling data transferred overseas.
All Lovelace Foundation staff, whether permanent or temporary, and voluntary workers, must be aware of the requirements of the Data Protection Act when they collect or handle data about an individual. The Lovelace Foundation staff must not disclose data except where there is subject consent, or legal requirement. Data sent to outside agencies must always be protected by a written contract. All collection and processing must be done in good faith.
The Lovelace Foundation will inform subjects of any processing, disclosure or overseas transfer that does not fall within The Lovelace Foundation’s purpose in a way that any individual supplying could be expected to understand. The Lovelace Foundation will keep registration (now called notification) up to date.
Principles of data protection outlined in the Data Protection Act
Anyone processing personal data must comply with the eight enforceable principles of good practice. These state that data must be:
• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate
• Not kept longer than necessary
• Processed in accordance with the data subject’s rights
• Secure
• Not transferred to countries without adequate protection.
The Data Protection Desk (based in the Chief Executive’s Office) will keep records of all complaints by data subjects and the follow up. It will also keep a record of all data access requests. There will be a repository of all Lovelace Foundation statements of Data Protection Law compliance and information about any contacts made with the Data Protection Registrar. This information will be available to staff and data subjects on request.