Data Protection Legislation means all applicable laws and regulations relating to the processing of Personal Data and privacy including the Data Protection Act 1998, the General Data Protection Regulation 2016/679, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any statutory instrument, order, rule or regulation madet, extended, re-enacted or consolidated. The terms “Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. “Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.
The Professional Speaking Association acknowledges that control of an individual’s Personal Data ultimately rests with the individual, and the retention of these data will be subject to the conditions of this policy, as set out below.
1. In compliance with Data Protection Legislation, Personal Data will not be retained any longer than is necessary for achieving the purposes for which it was collected, or in compliance with other legislation.
2. Individual Data Subjects have the right to request the erasure of their Personal Data where:
- The original purpose for which it was collected has expired;
- Consent for processing has been withdrawn;
- Personal Data has otherwise been processed unlawfully;
- Erasure is required to comply with a legal obligation;
- It is not subject to the Professional Speaking Association’s ‘legitimate interest’ for continued processing.
We will always consider requests or the exercising of a right by individuals throughout our handling of their Personal Data.
3. Our lawful bases for the retention of Personal Data, and their corresponding retention periods, are:
|Reason for Retention||Retention Period|
|The exercise or defence of legal claims||Up to six (6) years from possible cause of action – in accordance with Section 5 Limitation Act 1980.|
|The suppression of rejected marketing||Indefinite, although minimised to an individual’s email address.|
|To facilitate your re-joining the Professional Speaking Association after a period of absence, if required||Twelve (12) months from your leaving the Professional Speaking Association.|
4. ‘Legitimate interests’ will only become the foundation for our continued processing after the expiry or withdrawal of consent so long as said processing does not pose a greater threat to the individual Data Subject than the likely benefit to be gained. This decision process is referred to as a Legitimate Interests Assessment (“LIA”).
5. LIAs involve determining other methods to achieve the same outcome with minimal use of Personal Data and considering the risk that the exposure of that Personal Data presents.
6. Stronger reasons will be required by the Data Protection Lead for greater amounts of, sensitive or children’s Personal Data when performing an LIA.
7. The Data Protection Lead will always act fairly in performing an LIA, balancing the needs of the individual and the interests of the Professional Speaking Association.
8. Where retention of Personal Data would be in the reasonable expectations of individuals, certain risks might be deemed accepted by the individual for the purposes of an LIA.
11. The Data Protection Lead is responsible for keeping this policy up-to-date and amending it as the reasons and purposes for Personal Data retention change.