The Association’s policy is to comply fully with the requirements of the Data Protection Act 1998 and 2003.

The Association will operate procedures in accordance with the Data Protection Act 1998, i.e. personal data held by the Association’s shall:-

(i) Be obtained and processed fairly and lawfully.

(ii) Be obtained only for one or more specified and lawful purposes and shall not be processed in any manner incompatible with that purpose or those purposes.

(iii) Be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.

(iv) Be accurate and, where necessary, kept up to date.

(v) Be held no longer than is necessary for the purpose(s).

(vi) Be processed in accordance with the rights of the data subjects under the Acts.

(vii) Be surrounded by proper security.

The Association and all members and others who process or use any personal information must ensure that they follow these principles at all times.