Data Protection Policy Purpose of the Data Protection Policy This policy is a statement of An Taisce's commitment to protect the rights and privacy of individuals in accordance with the Data Protection Act 1988 and the Data Protection (Amendment) Act 2003. Principles of the Acts An Taisce will administer its responsibilities under the legislation in accordance with the eight stated data protection principles outlined in the Act as follows: Obtain and process information fairly An Taisce will obtain and process personal data fairly and in accordance with the fulfilment of its functions. Keep it only for one or more specified, explicit and lawful purposes: An Taisce will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes. Use and disclose it only in ways compatible with these purposes: An Taisce will only disclose personal data that is necessary for the purpose/s or compatible with the purpose/s for which it collects and keeps the data. Keep it safe and secure: An Taisce will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. AT is aware that high standards of security are essential for all personal information. Keep it accurate, complete and up-to-date: AT will have procedures that are adequate to ensure high levels of data accuracy. AT will examine the general requirement to keep personal data up-to-date. AT will put in place appropriate procedures to assist staff in keeping data up-to-date. Ensure that it is adequate, relevant and not excessive: Personal data held by AT will be adequate, relevant and not excessive in relation to the purpose/s for which it is kept. Retain it for no longer than is necessary for the purpose or purposes: AT will have a policy on retention periods for personal data. Give a copy of his/her personal data to that individual, on request: AT will have procedures in place to ensure that data subjects can exercise their rights under the Data Protection legislation. Responsibility: AT has overall responsibility for ensuring compliance with the Data Protection legislation. However, all employees of AT who collect and/or control the contents and use of personal data are also responsible for compliance with the Data Protection legislation. Review This Policy will be reviewed regularly in light of any legislative or other relevant indicatiors. Notes We kindly acknowledge NUI Maynouth's data protection policy.