In relation to the General Data Protection Regulation (GDPR)
A change in data protection legislation came into effect on 25th May 2018. Compliance is compulsory. The purpose of the legislation is to ensure that personal data is processed securely, it is updated regularly and accurately, is limited to what is needed, is used for the purpose for which it is collected if the individual has given consent. This imposes a number of responsibilities upon the Society, particularly as breach of the legislation can lead to heavy financial penalties. The primary issue to be addressed by the Society is to ensure that data is kept securely for limited purposes and that members are informed of the bodies or organisations to whom data will be transferred. Members must consent to the transfer in order for transfer to take place. Data is defined to include name, e-mail address and postal address.
The following documentation has been supplied:
Sheffield Autistic Society Privacy Statement
(See below or download here: Sheffield Autistic Society Privacy Statement & Policy Updated 4 Nov 2021 )
Sheffield Autistic Society Instructions to SAS volunteers, committee members, event and trip organisers and facilitators (See below or download here: SASOC GDPR facilitator etc instructions
Sheffield Autistic Society Privacy Statement
Sheffield Autistic Society (SAS) has issued this statement to set out its commitment to protecting your privacy and processing your personal data in accordance with the Data Protection Act (DPA) 1998 up to 24 May 2018 and the General Protection Regulation (GDPR) from 25 May 2018.
1. Your data will be lawfully and fairly processed
2. Your data is collected on the grounds of explicitly and legitimate purposes only
3. SAS will only ask for your data when necessary, explain if data will be shared and how long it will be kept.
4. Your data will be accurate, kept up to date and erased without delay should your data no longer be required for the purposes to be processed.
5. Your data will only be retained as long as necessary.
6. Your data will be secure
1. Rights of SAS members
– 1. The right to be informed
– 2. The right of access
– 3. The right to erasure
– 4. The right to restrict processing. “Processing” includes obtaining, recording or holding information or data.
2. If at any time you wish to withdraw consent for us or any associated organisation to processing your personal data, you should contact the SAS Secretary.
3. You may be reassured that SAS will treat all personal data as confidential and will not process it other than for a legitimate purpose associated with SAS activities. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than necessary.
4. Measures will be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data.
5. You are entitled to have access to your personal data that is held by SAS. You will not be charged for SAS supplying you with such data. SAS will respond to your request as soon as possible and within the maximum time frame of one month.
6. Right to Complain. Where you believe that your data has been wrongfully processed, stored or handled, you have the right to raise a concern with the Information Commissioner’s Office (ICO). Details on how to do this can be found here: https://ico.org.uk/for -the-public/raising-concerns/.
SAS is committed to protecting your privacy and processing your personal data in accordance with the Data Protection Act 1988 and from 25th May 2018 with the General Data Protection Regulation (GDPR) 2018. This policy explains how the information we collect about you is used and kept securely. It also explains your privacy choices when using our website as well as your right to access your information under Data Protection Legislation.
The Information We Collect About You
We may collect the following information about you:
1. SAS Playscheme
The playscheme has not run in 2020 and 2021 and we will be updating this information as appropriate
2. SAS membership
SAS holder of the data: Ian Spencer
Names and DOBs of those with ASC
List of proxy votes for the AGM
3. SAS website
SAS holder of the data: (facilitators)
Rob Hindle, Lazer Technik Limited, (Website hosting)
Email addresses and photographs of committee members
The SASOC website sometimes publishes (as opposed to just ‘holds’) the names, email addresses and/or the telephone numbers of individuals. The names, website addresses and contact details of organisations that they represent are sometimes also given. These inclusions will normally be at the explicit request of the individuals and/or organisations concerned.
The Contact page, Useful Links page, Groups for Adults with Aspergers page and Other Events page contain the names of a number of people working to provide services in some way to autistic people and their families. In some cases their email addresses and / or telephone numbers are given.
The Partnership pages and sub-pages contain links to documents and minutes (belonging to Sheffield City Council, rather than to Sheffield Autistic Society) which can be downloaded. These contain the names and organisations of individuals working in the Autism Partnership Board and the former Employment and Training sub-groups.
5. Information provided as part of the support at the following:
Bi Monthly Adult Aspergers Group held online via Zoom
Monthly lunchtime meeting at the Circle, Sheffield
SAS holder of the data: Liz Friend
E-mail addresses for people who are on the circulation list for the Adult Asperger Group
Personal email addresses used to provide advice and information
Postal addresses of two people who wish for notifications to be sent to them by postal mail
Telephone callers provide email addresses used to provide advice, guidance and signposting
6. Newsletter distribution
SAS holder of the data: Liz Friend and Graham Nield
Email addresses for those in SAS who wish to receive the Newsletter electronically
The Information Provided to Us
We are not aware of any information which is provided to SAS.
How we use your information
We may use your personal information for a number of purposes including:
To deal with your requests and enquiries
To contact you for reasons related to your enquiry
To notify you about SAS related events
To notify you about items of externally provided to SAS
To facilitate membership of SAS
Our legal bases for processing your information
We will process your data on the basis of the following legitimate interests:
Providing relevant and necessary information via email, text, post to you about matters including, but not limited to, changes to SAS, information about SAS events including training and social events
Where you have opted in to additional communications in your preferences we will process your data on the basis of consent
SAS may also share your personal information with the police and other law enforcement agencies for the purposes of crime prevention or detection. If we disclose your information, we ask the organisation to demonstrate that the data will assist in the prevention or detection of crime, or that SAS is obliged to disclose it. This is done on a strictly case by case basis and through a tightly controlled process to ensure that we comply with Data Protection Legislation.
Protecting Your Information
Finding out what information SAS holds about you
Under the Data Protection Legislation, you can ask to see any personal information that we hold about you. Such requests are called subject access requests. If you would like to make a subject access request please contact the Secretary using the SAS website.
Any data that we collect from you will be deleted should you cease to be a member of SAS.
Instructions to SAS volunteers, SAS committee members, event and trip organisers and SAS facilitators.
In relation to the General Data Protection Regulation New stringent regulations have been introduced to safeguard member’s privacy. Very large fines can be imposed in the event of breaches of the new rules.
In the course of your activities for SAS you may need to have access to data that is protected by legislation. “Data” includes name, DOB, postal address, e-mail address, medical notes, details of the behaviours.
It is essential that you access data only if it has been agreed by a Sheffield Autistic Society Trustee to ensure it meets our GDPR requirements.
- If you are in possession of data it is essential that it is kept securely and not passed on to anyone else other than on a need to know basis and certainly not to anyone outside SAS or an organisation in which SAS members are participating.
- Once you have concluded the activity for which the data was required you must delete it permanently from any device upon which it is held.
- Data should not be stored on an electronic device which is not password protected.
- Any electronic device must be stored securely.
- In the event of a suspected Data Protection breach this must be communicated straight away to the SAS secretary and in any event in 24 hours.
The SAS Secretary must within 72 hours report any suspected breach to the Information Commissioner. Basically, use your common sense and be careful not to lose devices that hold what you may consider to be innocuous information but which is in fact data and remember to delete any information that you have acquired immediately after a course or event has concluded.