Made In Midlothian (MIM) is committed to ensuring any personal data given will be held and managed in line with the Data Protection Act 1998 and the European General Data Protection Regulation 2018. The aim of this policy is to ensure that everyone handling personal data on behalf of MIM is fully aware of the requirements.
(MIM) holds and maintains the following personal data:
We will only hold data we are given consent to hold. This could be consent that is given by an individual to share personal data via a third party (for example, an affiliate like Gorebridge Community Trust or One Dalkeith).
In order to meet our responsibilities MIM will:
You can request to access your data by emailing firstname.lastname@example.org. Queries about handling personal information will be answered within 10 working days.
MIM will take steps to ensure that personal data is kept secure at all times. The following measures have been taken: password protection on all MIM data. Unauthorised disclosure of any personal data to a third party by a Team Member will result in them being asked to leave the Made in Midlothian group.
MIM will share personal information with Team Members only where necessary to conduct group business such as, but not limited to, organising events. MIM will not share any personal information for any other purpose. MIM may also share personal information with law enforcement agencies where legally required to do so.
Anyone whose personal information MIM handles has the right to know:
Personal data will be immediately deleted/destroyed upon request. All personal data held will be reviewed annually and deleted/destroyed as necessary (for example, an individual no longer has a relationship with MIM; all data relating to that individual will be deleted).
This policy will be reviewed annually to ensure it remains up-to-date and is compliant with the law.